CTRL Plus Dynamics Limited — Privacy Policy

Last updated: January 2026

Jurisdiction: England & Wales

This Privacy Policy explains how CTRL Plus Dynamics Limited ("we", "us", "our") collects, uses, stores, and processes personal data in connection with enquiries, engineering engagements, and supplier-client communication. We operate in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

CTRL Plus Dynamics Limited
Registered in the United Kingdom
Email: [email protected]

CTRL Plus Dynamics Limited is registered with the Information Commissioner's Office (ICO) for data protection compliance.

2. Personal Data We Collect

We may collect the following categories of personal data when you contact us or engage our services:

Identity & Contact Information

  • Name
  • Company
  • Role / Title
  • Email address
  • Telephone number
  • Company address (if provided)

Engagement & Project Information

  • Project context or technical requirements
  • Engineering scope details
  • Technologies or systems involved
  • Desired scheduling and availability information

Communication & Operational Data

  • Email correspondence
  • Call notes (where relevant)
  • Commercial documentation exchanged
  • Any data necessary for scoping or delivering the engagement

We do not collect special category data (e.g., health, ethnicity, religion) and we do not require such information for the provision of our services.

3. How We Collect Personal Data

Personal data is collected via:

  • Contact form submissions
  • Direct email contact
  • Telephone communication
  • LinkedIn or professional networking exchanges
  • Commercial discussions during engagement scoping

We do not collect data through unsolicited scraping, behavioural tracking, or third-party advertising systems.

4. Purpose and Legal Basis for Processing

We process personal data for legitimate business purposes, including:

(a) Responding to Enquiries

To assess and respond to engineering, contracting, or supplier requests.

(b) Engagement Scoping

To evaluate feasibility, define scope, and clarify requirements.

(c) Contract Delivery

To communicate during execution, commissioning, handover, and support phases.

(d) Administration & Record Management

To maintain accurate business records, correspondence history, and project documentation.

(e) Legal & Regulatory Compliance

To meet obligations relating to tax, insurance, contractual audits, and regulatory frameworks.

The legal bases for processing are:

  • Legitimate Interests (UK GDPR Art. 6(1)(f)) — responding to and managing professional enquiries.
  • Contractual Necessity (Art. 6(1)(b)) — when a contract is entered into or prepared.
  • Legal Obligation (Art. 6(1)(c)) — where required for statutory compliance.

We do not rely on consent for core communication, as enquiries are processed under legitimate interest.

5. Data Sharing and Disclosure

We do not sell, rent, or trade personal data.

Personal data may be shared only with:

  • Cloud service providers (e.g., email, hosting, file storage)
  • Professional advisors (e.g., accountants, legal counsel) where necessary
  • Regulatory bodies where legally required (e.g., HMRC, ICO)
  • Insurance providers for contract or claims administration (if relevant)

Any international transfers outside the UK/EU will only occur where adequate safeguards are in place (e.g., standard contractual clauses).

We do not share data with advertisers, marketing data brokers, or unrelated third parties.

6. Data Retention

Retention periods are determined by business, legal, and regulatory requirements.

Typical retention periods:

  • Initial enquiries: up to 12 months
  • Engagement correspondence: up to 7 years (aligned with accounting & contractual obligations)
  • Commercial contracts, technical records, and handover documentation: up to 10 years, depending on system lifecycle and warranty context

Data may be deleted earlier upon valid request unless legal obligations prevent this.

7. Data Security

Data is stored on secure servers using reputable UK/EU-based service providers with technical and organisational security measures, including:

  • Access controls
  • Encryption in transit
  • Controlled authentication
  • Secure email infrastructure
  • Backup and continuity protections

8. Your Rights

Under UK GDPR you may:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request erasure (in certain circumstances)
  • Request restriction of processing
  • Object to processing under legitimate interests
  • Request portability where applicable

To exercise your rights, contact:

[email protected]

You also have the right to lodge complaints with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies and Tracking

This website does not use behavioural advertising cookies, retargeting pixels, or third-party marketing trackers.

Analytics (if enabled) are limited to operational metrics such as traffic volumes and do not profile individual users.

10. Changes to This Policy

We may update this policy periodically to reflect operational, legal, or regulatory changes. The latest update date is shown at the top of this page.

Professional Summary

This policy is intentionally structured for industrial B2B environments, where supplier–client engagements require clarity, confidentiality, traceability, and GDPR alignment.