LEGAL

Privacy Policy

Last updated: June 2026

1. Who We Are

NOVTRIQ is the trading name of Novus Projects Ltd, a company registered in England and Wales (company registration number 13629950). We are an engineering consultancy providing services across energy, infrastructure, digital innovation, and sustainability sectors.

We are committed to protecting your privacy and ensuring transparent data practices in accordance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the Swiss Federal Act on Data Protection (FADP), and the EU Digital Services Act (DSA) where applicable.

Data Controller: Novus Projects Ltd (trading as NOVTRIQ)
Company Registration: 13629950 (England and Wales)
ICO Registration: ZB304701
Email: [email protected]
Data Protection Officer: [email protected]

2. Information We Collect

We collect information in several ways:

Direct Interactions

  • Contact forms, enquiry submissions, and website requests
  • Email correspondence and phone calls
  • Project consultations and service agreements
  • Newsletter subscriptions and marketing preferences

Automated Collection

  • Usage data including pages visited, time spent, and navigation patterns
  • Device information (browser type, operating system, device type)
  • IP address and approximate location data
  • Cookies and similar tracking technologies

Publicly Available Sources

For our B2B engineering consultancy activities, we may collect business contact information from publicly available sources such as company websites, professional directories, business registries, and public engineering tender platforms. This is processed on the basis of legitimate interest for B2B prospecting purposes, in accordance with UK GDPR Article 6(1)(f) and equivalent EU GDPR provisions.

Data Categories

  • Identity data: name, job title, company
  • Contact data: email, phone number, business address
  • Professional data: industry sector, role, interests in services
  • Technical data: IP address, browser data, device identifiers
  • Usage data: how you interact with our website and services
  • Communication data: records of correspondence and engagement history

3. How We Use Your Information

We process your personal data on the following legal bases under UK GDPR, EU GDPR, and Swiss FADP:

Contractual Necessity (Article 6(1)(b))

To provide engineering consultancy services, fulfill project requirements, send invoices, and manage client relationships.

Legitimate Business Interests (Article 6(1)(f))

  • Improving our website, services, and user experience
  • Analysing website traffic and performance
  • Preventing fraud and enhancing security
  • Understanding client needs and service delivery
  • B2B prospecting and direct marketing to corporate contacts (where lawful)
  • Building and maintaining our network of engineering partners and collaborators

Consent (Article 6(1)(a))

  • Marketing communications to individual contacts (newsletter, case studies, industry updates)
  • Non-essential cookies for analytics and personalisation
  • Email communications where PECR (Privacy and Electronic Communications Regulations) requires explicit opt-in

Legal Obligation (Article 6(1)(c))

Complying with UK tax, employment, professional engineering regulations, anti-money laundering laws, and data protection authorities' requests.

Automated Decision-Making

We use automated systems to analyse engineering opportunities and match them with our services. These systems may include AI-assisted tools for content analysis and prioritisation. All decisions affecting individuals are subject to human review before any direct outreach. You have the right not to be subject to solely automated decision-making (see Section 7).

AI Disclosure (EU AI Act Article 50)

Where we use artificial intelligence to generate content (such as personalised communications), we disclose this fact in accordance with applicable regulations. Any AI-generated content sent to you will be clearly identified as such.

4. Data Sharing and Third Parties

We do not sell your personal data. We may share information with the following categories of recipients, all bound by data processing agreements:

Service Providers (Data Processors)

We work with carefully selected third-party providers to deliver our services. These include:

  • Cloud infrastructure and hosting providers
  • Email and communication platforms
  • Analytics and website monitoring tools
  • Productivity and collaboration software
  • Workflow automation services

Professional Advisors

  • Legal counsel, accountants, and auditors where required
  • Insurance providers in case of claims
  • Data protection representatives (see Section 8)

Legal Requirements

We may disclose data if required by law, court order, regulatory authority, or to protect our legal rights, property, or safety, or that of others.

Business Transfers

If NOVTRIQ is sold, merged, or restructured, your data may be transferred as part of that transaction. We will provide notice of any such change.

All third-party processors are contractually bound by Data Processing Agreements requiring confidentiality, security measures, and data protection obligations equivalent to our own standards.

5. International Data Transfers

Your data is primarily processed within the United Kingdom and European Union. Where we transfer data internationally, we implement appropriate safeguards including:

  • Adequacy decisions recognised by the UK Government or European Commission
  • Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreement (IDTA)
  • Other appropriate safeguards under UK GDPR and EU GDPR
  • Your explicit consent where required

You may request information about safeguards in place for international transfers by contacting us at [email protected].

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes stated in this policy, in accordance with the principle of storage limitation under Article 5(1)(e) of GDPR:

  • Client data: Duration of engagement plus 6 years (UK tax requirements)
  • Enquiry data: 2 years or until opted out of communications
  • Prospect/lead data: 12 months from last interaction, then deleted or anonymised
  • Website analytics: 26 months (standard retention period)
  • Marketing preferences: Until withdrawn, plus 3 years for evidence of consent
  • Email communications: 7 years (commercial correspondence)
  • Cookie consent records: 12 months
  • Security and audit logs: 12 months

After the retention period, we securely delete or anonymise your data, unless legal obligations require longer retention. Our automated systems enforce these retention periods.

7. Your Rights Under UK GDPR, EU GDPR, and Swiss FADP

You have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you (Subject Access Request). We will provide this free of charge within 30 calendar days.

Right to Rectification

Correct inaccurate or incomplete personal data without undue delay.

Right to Erasure

Request deletion of your data in certain circumstances (the "right to be forgotten"), such as when the data is no longer necessary, you withdraw consent, or the processing was unlawful.

Right to Restrict Processing

Restrict how we use your data while we assess a complaint, verify information, or in other specified circumstances.

Right to Data Portability

Receive your data in a structured, commonly used, machine-readable format and transfer it to another controller, where the legal basis is consent or contract.

Right to Object

Object to processing based on legitimate interests, including profiling. We will cease processing for direct marketing immediately upon objection.

Rights Related to Automated Decision-Making

You have the right not to be subject to solely automated decision-making that produces legal or similarly significant effects. Our processes include human review where applicable.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal.

Right to Lodge a Complaint

You have the right to complain to a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (see Section 13).

To exercise any of these rights, please contact our Data Protection Officer at [email protected] or use our contact page. We will respond within 30 calendar days. For EU/EEA and Swiss residents, you may also contact our EU/EEA & Swiss Representative (see Section 8).

8. EU/EEA and Swiss Representative

In accordance with Article 27 of the EU GDPR and Article 14 of the Swiss FADP, and Article 13 of the EU Digital Services Act (DSA), we have appointed DataRep as our representative in the European Union/EEA, Switzerland, and for DSA purposes.

EU/EEA residents, Swiss residents, and EU regulatory authorities may contact our representative directly regarding any matter related to the processing of personal data or the DSA:

EU/EEA & Swiss Representative: DataRep (Data Protection Representative Limited)
Address: 3rd Floor, Kilmore House, Park Lane, Spencer Dock, Dublin 1, D01 YE64, Ireland
Online contact form: www.datarep.com/data-request
Email: [email protected]
Reference: Novus Projects Ltd (trading as NOVTRIQ)

DataRep maintains contact addresses in 30 EU/EEA member states and Switzerland. Please refer to www.datarep.com/locations for the contact address in your jurisdiction. All correspondence to local addresses must be addressed to 'DataRep' to reach us.

Digital Services Act (DSA): Our DSA point of contact and Member State of main establishment for DSA purposes is Ireland. EU users and authorities may contact DataRep regarding DSA matters using the details above.

9. Cookies and Tracking Technologies

We use cookies to improve your experience on our website. For comprehensive information about cookies we use and your preferences, please visit our Cookie Policy.

Cookie types include:

  • Essential: Required for website functionality (automatically placed)
  • Analytical: Help us understand user behaviour (requires consent)
  • Marketing: Enable targeted content recommendations (requires consent)

You can manage your cookie preferences at any time through our cookie consent banner or browser settings. Withdrawing consent will not affect the lawfulness of processing prior to withdrawal.

10. Security and Data Protection

We implement comprehensive technical and organisational measures to protect your personal data, in accordance with ISO 27001 principles:

  • HTTPS/TLS encryption for all data transmission
  • Encrypted data storage with role-based access controls
  • Multi-factor authentication for administrative access
  • Regular security assessments, vulnerability scans, and audits
  • Staff data protection training and confidentiality agreements
  • Documented incident response and breach notification procedures
  • Regular backups with offsite storage and tested recovery procedures
  • Data minimisation and pseudonymisation where appropriate

In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours where required, and affected individuals where the breach is likely to result in a high risk to their rights and freedoms.

While we strive to protect your data, no system is entirely secure. Please safeguard your login credentials and notify us immediately of any suspected security breaches at [email protected].

11. Children's Privacy

Our services are directed exclusively to professional and business audiences. We do not knowingly collect personal data from individuals under 16 years of age (UK GDPR) or under the equivalent age of consent in your jurisdiction. If we become aware that a child has provided us with personal data, we will delete it promptly. If you believe we may have inadvertently collected information from a child, please contact us at [email protected].

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Updating the "Last updated" date at the top of this policy
  • Posting a prominent notice on our website
  • Where appropriate, sending you a direct notification

Your continued use of our services after such changes constitutes acceptance of the updated policy. For material changes affecting your rights, we may require fresh consent where applicable.

13. Contact Us and Data Controller Information

If you have questions about this Privacy Policy, wish to exercise your rights, or want to report a data protection concern, please contact us:

Data Controller: Novus Projects Ltd (trading as NOVTRIQ)
Company Registration: 13629950 (England and Wales)
ICO Registration: ZB304701
Website: novtriq.com
General Email: [email protected]
Data Protection Officer: [email protected]
Privacy Requests: [email protected]
Unsubscribe: [email protected]
Contact Form: novtriq.com/contact

EU/EEA & Swiss Representative

DataRep (Data Protection Representative Limited), 3rd Floor, Kilmore House, Park Lane, Spencer Dock, Dublin 1, D01 YE64, Ireland. Online: www.datarep.com/data-request. See Section 8 for details.

Supervisory Authorities

If you believe we have breached your rights, you have the right to lodge a complaint with the supervisory authority in your jurisdiction:

Have Questions?

Our team is here to help with any privacy or data concerns.

Contact Us