Privacy Policy

Last updated: May 2025

Energised Project Solutions LTD is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store and protect personal information when delivering our consultancy and diagnostic services, responding to enquiries and operating our business. It applies to all individuals whose data we process, including clients, potential clients, subcontractors, associates and website users. We do not sell personal data and we only process information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Energised Project Solutions LTD (EPS) is a private company registered in the UK.
Data Controller: Energised Project Solutions LTD
Data Protection Officer: Benjamin Jacobs
Email: ben@energisedproject.co.uk
Registered contact email for data rights: info@energisedproject.co.uk

2. Personal Data We Collect

We collect and process personal data only where necessary for our business activities. The information we handle may include names, email addresses, phone numbers, job titles, business names and business-related information. We also process data entered into our diagnostic tools, project documents and reports, together with meeting notes, transcripts and recordings where these form part of our service. When users submit an enquiry through the website contact form at https://www.energisedproject.co.uk/, we collect an email address and a written response (free-text) and ask ‘How did you hear about EPS’ with a . We do not collect data relating to individuals under the age of 18. Users under 18 are not permitted to send data to EPS.

We may also receive personal data about you from third parties, for example from your employer or colleagues when they involve you in a project or diagnostic exercise. In these cases we typically receive your name, role, business contact details and information relating to your involvement in the project.

3. How We Use Personal Data

We use personal data for the legitimate purposes of delivering consultancy, mentoring and diagnostic services, managing contracts and communicating with clients. Information may be used to prepare reports, schedule meetings, maintain project records and ensure service accuracy, including through the use of transcripts and recordings where agreed. Personal data is also processed to administer invoicing and financial records in line with legal obligations. We do not carry out direct marketing and do not operate newsletters or promotional mailing lists. Any data provided through our website is used solely to respond to enquiries and is not used for unrelated purposes.

4. Lawful Bases for Processing

We rely on several lawful bases under UK GDPR depending on the activity involved. Most processing is carried out because it is necessary for the performance of a contract or to take steps at the request of the individual before entering into a contract. In some cases, we process data to comply with legal obligations, including financial record-keeping requirements. Where processing is necessary for our legitimate business interests, such as service delivery, quality assurance or security, we ensure that these interests do not override the rights and freedoms of individuals. We will obtain explicit consent only where required and consent may be withdrawn at any time by contacting info@energisedproject.co.uk.

Where we need personal data to enter into or perform a contract (for example, your name and contact details so we can deliver our consultancy services), we will make this clear when we collect it. If you do not provide this information, we may be unable to provide the requested services.

5. Sharing Personal Data

We do not share personal data with third parties except where necessary for business operations or where legally required. Personal data may be processed by trusted service providers acting on our instructions, including AWS, Microsoft 365, Google Workspace, OpenAI, PointerPro and QuickBooks. These providers supply cloud storage, productivity tools, diagnostic hosting and invoicing systems, and they are contractually required to protect data and may not use it for their own purposes. We may share relevant information with subcontractors or associates involved in service delivery, subject to confidentiality obligations. Personal data will only be disclosed to regulatory or enforcement bodies where required by law.

6. International Data Transfers

Some of our trusted providers may store or process data outside the UK. Where this occurs, data is usually held within the European Union and safeguarded in accordance with UK adequacy regulations. If data is transferred to countries without adequacy status, it is protected using appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses. Further details can be requested by contacting info@energisedproject.co.uk.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Client project files, diagnostic tool inputs, reports and associated meeting notes, transcripts and recordings are retained for five years after project completion, unless a longer period is required for legal or regulatory purposes. Financial and invoicing records are retained for six years after the end of the relevant tax year, in line with HMRC requirements. Website enquiry data is held only for as long as needed to respond to the enquiry and is not stored longer than necessary. At the end of the retention period, data is securely deleted or anonymised.

8. Data Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse or unauthorised access. Security controls include password protection, multi-factor authentication, role-based access restrictions and standard encryption across laptops, mobile devices and cloud platforms. Access to personal data is limited to staff and associates who require it for their roles, and all personnel receive training on confidentiality and data protection. Energised Project Solutions maintains an Information Security Policy that is reviewed regularly to ensure continued effectiveness.

9. Data Breach Response

We maintain a documented incident response process to manage any suspected data breaches. Any suspected breach, malware infection or password compromise must be reported to the Managing Director immediately, with a target response window of two hours. A Security Incident Register is maintained, recording incident type, date, actions and resolution, and post-incident reviews are carried out to update controls where necessary. The Data Protection Officer will assess the severity of any breach and, where legally required, notify the Information Commissioner’s Office and affected individuals.

10. Your Data Protection Rights

Individuals have rights under UK GDPR, including the right to access their personal data, request correction, request deletion, object to processing, restrict processing and request data portability. Requests can be made at any time by contacting info@energisedproject.co.uk, and we will respond within the statutory timeframe. We may need to verify identity before responding to a request and may decline a request where UK GDPR permits us to do so, providing a clear explanation in such cases.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our processing activities or legal requirements. The most recent version will always be available on our website at https://www.energisedproject.co.uk/. This policy will be reviewed annually or sooner if our processing activities change. Continued use of our services following any update will constitute acknowledgment of the revised policy.

12. Contact Us

For questions about this Privacy Policy or how we handle personal data, please contact:
Email: info@energisedproject.co.uk
Designated Data Protection Officer: Benjamin Jacobs – ben@energisedproject.co.uk

If you have concerns about how we handle your personal data, please contact us first using the details above.
You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.