Privacy Policy

Last updated: April 2026  |  Version 1.0

Important notice: This Privacy Policy explains how FSL Projects Limited collects, uses, stores and protects your personal data when you visit our website or interact with us. Please read it carefully. By using our website, you acknowledge that you have read and understood this policy.

1. Who We Are and How to Contact Us

Data Controller: FSL Projects Limited
Registered Address: 13 The Courtyard, Timothy’s Bridge Road, Stratford-upon-Avon, CV37 9NP
Data Contact Email: [email protected]
Website: www.fsl-projects.co.uk

FSL Projects Limited is a construction consultancy registered in England and Wales. We are the data controller responsible for the personal data we collect through our website.

If you have any questions about how we handle your personal data, or wish to exercise any of your rights, please contact us using the details above.

We are not currently required to appoint a formal Data Protection Officer, but our designated data contact will respond to all data-related queries within one month.

2. What Personal Data We Collect

2.1 Contact form enquiries

When you submit an enquiry via our website contact form, we collect:

• Your name
• Your email address
• Your telephone number (if provided)
• Your company name (if provided)
• The content of your message
• Your IP address and browser information (collected automatically for security purposes)

2.2 Website usage data (Google Analytics)

We use Google Analytics to understand how visitors use our website. This may include:

• Pages visited and time spent on each page
• Your approximate geographic location (country/region level only)
• Device type, browser, and operating system
• How you arrived at our website (e.g. from a search engine or a link)
• Anonymised IP address

Google Analytics does not collect your name, email address, or any directly identifying information. Data is anonymised before transmission where possible.

2.3 Cookies and similar technologies

Our website uses cookies. Please see Section 6 (Cookie Policy) below for full details of what cookies we use and how to manage them.

2.4 Data you provide directly

If you email or call us directly, we will hold the personal data contained in that communication for the purposes of responding to and managing your enquiry.

3. Our Lawful Basis for Processing

UK GDPR requires us to have a valid legal basis for processing your personal data. The legal bases we rely on are:

Contact form enquiries — Legitimate Interests / Contract (Art. 6(1)(f) and 6(1)(b)): We process your contact form data to respond to your enquiry and, where applicable, to take steps to enter into a contract with you for construction consultancy services.

Website analytics — Consent (Art. 6(1)(a)): We only set Google Analytics cookies after you have given your consent via our cookie consent banner. You may withdraw consent at any time.

Security and fraud prevention — Legitimate Interests (Art. 6(1)(f)): We process IP addresses and browser information to protect our website against spam, abuse, and security threats.

Legal compliance — Legal Obligation (Art. 6(1)(c)): We may be required to retain or disclose certain data to comply with legal obligations, including tax, accounting, and regulatory requirements.

4. How We Use Your Personal Data

We use your personal data only for the purposes for which it was collected:

• To respond to your website enquiries and provide information about our construction consultancy services
• To enter into and perform a contract with you, if applicable
• To improve the performance and user experience of our website using anonymised analytics data
• To protect our website and users from spam, fraud, or abuse
• To comply with our legal and regulatory obligations

We will not use your personal data for any purpose incompatible with the purposes described in this policy without first informing you and, where necessary, obtaining your consent.

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:

5.1 Google Analytics (Google LLC)

We use Google Analytics, provided by Google LLC (USA), to analyse website traffic. Google processes anonymised usage data on our behalf as a data processor. Google LLC participates in the UK-US Data Privacy Framework, providing a lawful mechanism for international data transfers.

Google’s Privacy Policy: https://policies.google.com/privacy
Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

5.2 Website hosting (Heart Internet Limited)

Our website is hosted by Heart Internet Limited, a UK-based hosting provider. Heart Internet processes data on our behalf as a data processor under appropriate data processing terms and is required to maintain appropriate security measures. As a UK-based provider, no international data transfer is involved.

5.3 Legal and regulatory requirements

We may disclose your personal data where required to do so by law, court order, or at the request of a regulatory authority such as the Information Commissioner’s Office (ICO) or HMRC.

5.4 Business transfers

In the event of a merger, acquisition, or sale of part or all of our business, your personal data may be transferred as part of that transaction. We will notify you in advance if this occurs.

6. Cookie Policy

Cookies are small text files stored on your device when you visit a website. We use cookies to make our website function correctly and to understand how it is used.

6.1 Strictly necessary cookies

These cookies are essential for the website to work and cannot be switched off. They do not require your consent.

• Session management cookies — to maintain your session as you browse
• Security cookies — to protect the site against cross-site request forgery (CSRF)
• Cookie consent cookie — to remember your cookie preferences

6.2 Analytics cookies (require your consent)

These cookies are only placed on your device after you have given your consent via our cookie banner.

• _ga, _ga_[ID] (Google Analytics) — used to distinguish users and sessions and to compile statistics on how visitors use the website. These cookies last up to 2 years. Data is anonymised before transmission where possible.

You can withdraw your consent for analytics cookies at any time by clicking the Cookie Settings link in our website footer, or by using the Google Analytics opt-out browser add-on.

6.3 Managing cookies in your browser

Most web browsers allow you to control cookies through their settings. You can refuse cookies, delete existing cookies, or be alerted when cookies are set. Please note that disabling strictly necessary cookies may affect the functionality of our website. For guidance visit www.aboutcookies.org.

7. How Long We Retain Your Data

We retain your personal data only for as long as necessary for the purposes set out in this policy, or as required by law:

• Contact form enquiries: 3 years from the date of your last interaction with us, after which data is securely deleted.
• Client and contractual records: 7 years from the end of the contractual relationship, in line with our legal and accounting obligations.
• Google Analytics data: Aggregated, anonymised data is retained for 26 months in accordance with Google’s data retention settings.
• Cookie consent records: 13 months.

When data is no longer required, it is securely deleted or anonymised.

8. International Data Transfers

Our website is hosted in the United Kingdom by Heart Internet Limited, so your data does not leave the UK through our hosting infrastructure. However, we do use Google Analytics, provided by Google LLC (USA). Transfers to Google are covered by Google’s participation in the UK-US Data Privacy Framework, which the UK Government recognises as providing adequate protection.

Under the Data (Use and Access) Act 2025, all international transfers are assessed against the standard that protection must not be materially lower than UK standards.

9. Your Rights Under UK GDPR

You have the following rights in relation to the personal data we hold about you. You can exercise these rights free of charge by contacting us at [email protected].

• Right of access: Request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one month following a reasonable and proportionate search.
• Right to rectification: Ask us to correct any inaccurate or incomplete personal data we hold about you.
• Right to erasure (‘right to be forgotten’): Request deletion of your personal data in certain circumstances. This does not apply where we are required to retain data for legal reasons.
• Right to restrict processing: Ask us to pause processing your data in certain circumstances, for example if you contest its accuracy.
• Right to data portability: Where processing is based on consent or contract and is automated, receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Rights related to automated decision-making: We do not carry out any automated decision-making or profiling that produces legal or significant effects on you.
• Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To make a request, please email [email protected] with the subject line “Data Rights Request”. Please include enough information for us to identify you. We will respond within one calendar month.

10. Your Right to Complain

If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve your concern.

You also have the right to complain to the UK’s supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you approach the ICO.

11. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:

• Transmission of data over encrypted HTTPS connections
• Access controls limiting who can access personal data within our organisation
• Regular review of our data handling practices and third-party processors

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours as required by UK GDPR Article 33. Where the breach poses a high risk to you, we will also notify you directly without undue delay.

12. Third-Party Websites

Our website may contain links to third-party websites. This privacy policy applies only to our website. We are not responsible for the privacy practices of third-party sites and encourage you to read their privacy policies before providing any personal data to them.

13. Children’s Data

Our website and services are directed at business clients and professionals in the construction industry. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data relating to a child, please contact us immediately at [email protected].

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our data practices, or the services we offer. The revised policy will be posted on our website with an updated “Last updated” date. We encourage you to review this policy periodically.

FSL Projects Limited  |  13 The Courtyard, Timothy’s Bridge Road, Stratford-upon-Avon, CV37 9NP  |  [email protected]  |  Version 1.0  |  April 2026