top of page


Bradley Associates Ltd is committed to protecting the privacy and security of your personal information.  This privacy notice describes how we collect and use personal information about you, during and after your working relationship with us, in accordance with the General Data Protection Regulation 2018 (GDPR).  It applies to all clients and suppliers.

May 25, 2018

This policy sets out the following:-

What personal data we collect and process about you in connection with your relationship with us as a customer/supplier and through your use of our website.

Where we obtain the data from

What we do with your data

How we store your data

Who we transfer/disclose that data to.

How we deal with your data protection rights.

How we comply with the General Data Protection Regulation.

Transparency and purpose of information held.

Minimisation of the data held.

Data Controller

Bradley Associates Ltd (referred to as “we”, “us”, “our” or “Bradley Associates” in this policy) in this policy primarily refers to Bradley Associates Ltd where appropriate.

Bradley Associates Ltd is the “data controller” of all personal information that is collected and processed regarding our Clients for the purposes of the General Data Protection Regulation effective from 25th May 2018. Bradley Associates is registered at 31 Cardiff Road, Taffs Well, Cardiff,

CF15 7RB.

Personal Information We Collect

Personal data means any information relating to you which allows us to identify you, such as your name, address, email address, contact telephone details.

Specifically, we may also collect the following categories of information:

Name, business address, email address, telephone number, payment details.

The communications you exchange with us or direct to us via letters, emails, telephone calls, and social media.

Location, including your IP address to prevent fraud.

Your data may be used for the following purposes:

Providing the specific services you request: we use the information you give us to perform the services you have asked for in relation to Civil and Structural Engineering.

We require basic personal data in order to maintain the Client/Supplier relationship. To enable us to contact you/provide documentation/reporting/administer financial transactions- Issue Invoices, process payments.   

Legal Basis

We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons we have collected and need to use your personal data for.

In most cases we will need to process your personal data so we can enter into our contract of providing services to you.

It is in our legitimate interests in operating as a supplier (e.g. for administrative purposes).

How Long Do We Retain Your Information?

We will not retain your data for longer than is necessary to fulfil the purpose it is being processed for.

In order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.  To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data and the purposes for which we process it.

We are required under UK Tax Law to keep your basic personal data (name, address, contact details, invoice details) for a minimum of 7 years.

To comply with our Insurance requirements, we are required to keep all project information for a minimum of 6 years.  For Commercial Clients we are required to keep all documentation for 12 years if a warranty is in force.

When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.


We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is password protected and encrypted when necessary.

Sharing Your Information - Consent

We may be required to disclose your information to trusted third parties for the purposes set out in this Privacy Policy. However, we would not share your personal data without obtaining your verbal or written consent first. This would also only be required if it became necessary to instruct another party in order to complete our contract with you.   We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with British and EU law on GDPR and e-privacy.

Website - Cookies

Our website does not use cookies. We do not record or retain any information regarding your visit to our website.

Changes to Privacy Policy

Our Privacy Policy may change from time to time and any changes to the statement will be communicated to you by way of an e-mail or a notice on our website.

Under certain circumstances, by law you have the right to:

  • Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.

  • Request access to your personal information (commonly known as a "subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request erasure of your personal information. This enables you to ask us to remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).  Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.  Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.

  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically usable format and to be able to transfer your data to another party in an electronically usable format.

  • Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

If you wish to exercise any of these rights, by requesting a subject access request then please contact the compliance team below with the nature of the information you require, please be specific on your request.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Data Manager

We have appointed a data manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the data manager.

The contact details are:

Tel: 02920 813514.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website:

bottom of page