PART OF THE GILL GROUP

Contact Brochure
Contact Brochure

GDPR

Last updated: 9 February 2026

This GDPR Policy explains how Gill Civil Engineering Limited complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 when processing personal data.

This policy applies to personal data collected through gillcivi.com, including contact form submissions and website usage data.

1. Data controller

For the purposes of UK GDPR, Gill Civil Engineering Limited is the data controller responsible for deciding how and why personal data is processed.

2. Lawful basis for processing

We only process personal data where we have a lawful basis under Article 6 of the UK GDPR. These include:

  • Consent – where you voluntarily submit personal data via our contact form or accept non-essential cookies
  • Legitimate interests – to operate, secure, and improve our website, provided your rights do not override those interests
  • Legal obligation – where processing is required to comply with the law

3. Personal data we process

We may process the following categories of personal data:

  • Name and email address (via contact forms)
  • Message content submitted to us
  • IP address and approximate location
  • Device, browser, and usage data

We do not intentionally collect special category data (such as health, biometric, or political information).

4. How personal data is processed

Personal data is processed:

  • Via contact forms on our website
  • Through cookies and analytics tools
  • Via server logs maintained by our hosting provider
  • Within WordPress and its essential plugins

All processing is limited to what is necessary for the stated purposes.

5. Data minimisation and purpose limitation

We only collect personal data that is:

  • Adequate, relevant, and limited to what is necessary
  • Used only for specified, explicit purposes
  • Not retained longer than necessary

6. Data retention

Personal data is retained as follows:

  • Contact enquiries: retained only as long as needed to respond and for reasonable business records
  • Analytics data: retained according to Google Analytics retention settings
  • Server logs: retained according to hosting provider policies

Data is securely deleted when no longer required.

7. Data sharing and processors

We may share personal data with trusted third-party data processors who help us operate the website, including:

  • Website hosting providers
  • Google Analytics
  • WordPress plugin providers (where necessary)

All processors are required to process data securely and in accordance with UK GDPR.

8. International data transfers

Some third-party services (such as Google Analytics) may transfer personal data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses.

9. Data subject rights

Under UK GDPR, individuals have the following rights:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights relating to automated decision-making and profiling

Requests can be made by contacting us using the details below.

10. Data security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting environments
  • Access controls
  • Regular updates to WordPress and plugins

11. Data breaches

In the event of a personal data breach, we will assess the risk and, where required, notify the Information Commissioner’s Office (ICO) within 72 hours and affected individuals without undue delay.

12. Complaints

If you have concerns about how your data is handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

13. Contact details

For GDPR-related queries or to exercise your rights, please contact:

Email: mail@gillcivil.com