Privacy Policy

What This Policy Covers

This policy applies to all personal data we collect, whether through our website, email communications, phone calls, or other interactions. It does not cover third-party websites or services linked to our site, and we encourage you to review their privacy policies.

Personal Data We Collect

We may collect the following types of personal data to provide and improve our services:

• Contact Information: Your name, email address, phone number, and postal address.
• Service-Related Data: Details about your enquiry, specific project requirements, contracts, and service history.
• Payment Information: Billing details and transaction history. Please note, actual payment processing is handled securely by trusted third-party payment providers.
• Website Usage Data: Your IP address, browser type, operating system, pages visited, referral sources, and information collected via cookies (please see our dedicated Cookies Policy for more details).

How We Use Your Data

We use your personal data exclusively for the following legitimate purposes:

• To **provide and manage** our comprehensive electrical and engineering services.
• To effectively **respond to your enquiries** and specific requests.
• To **process payments** securely and issue accurate invoices.
• To **improve and optimize** our website functionality and service offerings.
• To **comply with legal obligations**, such as tax reporting, health and safety regulations, and industry standards.

Lawful Bases (UK GDPR)

We rely on one or more of the following lawful bases to process your data, ensuring full compliance with UK GDPR:

• Contractual Necessity: To fulfill our direct contractual obligations when you engage our services.
• Legitimate Interests: For our operational purposes, such as enhancing our services, conducting marketing (where balanced against your rights), or preventing fraud.
• Legal Obligation: To adhere to applicable laws, regulatory requirements, or respond to lawful requests from public authorities.
• Consent: Where you have explicitly provided your clear agreement for specific processing activities (e.g., non-essential cookies or direct marketing emails). You have the right to withdraw consent at any time.

Sharing Your Data

We share your data only with carefully selected, trusted service providers who act strictly on our instructions and are bound by confidentiality agreements. These may include:

• **Website Hosting Platforms** and cloud infrastructure providers.
• **IT Support Providers** for system maintenance and security.
• **Payment Processors** (e.g., banks or third-party payment gateways) for secure transaction handling.
• **Professional Advisors**, such as accountants or legal counsel, where necessary.

Where required, we implement robust data processing agreements and apply appropriate safeguards to ensure your data remains protected.

International Transfers

Should we transfer personal data outside the UK or European Economic Area (EEA), we ensure it receives adequate protection by utilizing mechanisms such as the **UK Addendum to the EU Standard Contractual Clauses** or other approved, legally compliant safeguards.

Data Retention

We retain your personal data only for as long as is strictly necessary to fulfill the purposes outlined in this policy, and in compliance with our legal and regulatory obligations. Typical retention periods include:

• Enquiry Records: Up to 24 months from the last interaction.
• Client Project Records: For the duration of the contract plus up to 7 years post-completion for legal, accounting, tax, and compliance purposes.
• Other data may be retained for shorter or longer periods based on its nature and purpose.

Security Measures

We implement robust technical and organizational measures to safeguard your data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Strict **access controls** and, where supported, **encryption** for data at rest and in transit.
• Regular and thorough **reviews of our security practices** and policies.
• Application of **least-privilege permissions** for staff handling personal data.
• Comprehensive training for our team on data protection best practices.

While we take every reasonable precaution, no system is entirely impregnable. In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we commit to notifying you and the relevant supervisory authorities without undue delay.

Cookies & Similar Technologies

We utilize cookies and similar technologies to enhance your browsing experience on our website, analyze site traffic, and understand user behavior. For comprehensive information on how we use these technologies, your choices, and how to manage your preferences, please refer to our dedicated Cookies Policy.

Analytics & Marketing

We may employ analytics tools (e.g., Google Analytics) to gather anonymous data on website traffic and user interaction, which helps us improve our content and user experience. If we use remarketing or advertising platforms, we do so in strict accordance with their terms of service and applicable data protection laws. You retain the right to opt out of marketing communications at any time by utilizing the unsubscribe link provided in our emails or by contacting us directly.

Payments

All payments made through our website or associated invoicing systems are processed by secure, reputable **third-party payment providers**. These providers are independent data controllers for your payment-related data and operate under their own distinct privacy policies. We strongly recommend reviewing their terms and policies for full transparency regarding your financial information.

Children's Privacy

Our services are not designed for, nor directed at, children under the age of 13. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately, and we will take prompt steps to delete that information from our records.

Your Data Protection Rights (UK GDPR)

Under the UK GDPR, you are afforded significant rights regarding your personal data. These include:

• Right to Access & Portability: You can request a copy of the personal data we hold about you and, where technically feasible, request its transfer to another service provider.
• Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal information we maintain.
• Right to Erasure ('Right to be Forgotten'): You can request the deletion of your personal data where there is no lawful reason for us to continue processing it, subject to any overriding legal obligations we may have.
• Right to Object & Restrict: You have the right to object to certain processing activities or to request restrictions on how we use your data in specific circumstances.
• Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please email us directly at privacy@jacelectricalservices.co.uk. We may need to verify your identity to ensure the security of your data before fulfilling your request.

Complaints

If you have any concerns or feel that we have not adequately addressed your data privacy queries, please do not hesitate to contact us first at privacy@jacelectricalservices.co.uk. We are committed to resolving any issues.

You also have the right to lodge a complaint directly with the UK's supervisory authority for data protection, the **Information Commissioner’s Office (ICO)**:

https://ico.org.uk/make-a-complaint/

Changes to This Policy

We may periodically update this Privacy Policy to reflect changes in legal requirements, technological advancements, or our operational practices. Any updates will be posted on this page with a revised “Effective Date.” We encourage you to review this policy periodically.

Effective Date: [Insert Effective Date]