Legal

Privacy Policy

How The Critec Group Ltd collects, uses and protects your personal data.

Last updated · 11 June 2026

Critec works with operators of critical national infrastructure, and we hold ourselves to the same standard with your data that we ask of our clients with theirs: collect the minimum, secure it properly, and be straight about what we do with it.

01

Who we are

The Critec Group Ltd (company number 11700212, registered office 1 Bryning Avenue, Wrea Green, Preston, Lancashire PR4 2WL) is the data controller for personal data collected through this website and through your dealings with us. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For anything in this policy, contact us at info@critecgroup.com.

02

The data we collect

We collect only what we need:

  • Identity and contact data you give us — your name, organisation, job title, email address and phone number, typically when you enquire about our services by email, phone or LinkedIn.
  • Correspondence — the content of your enquiries and our exchanges with you.
  • Technical data collected automatically — IP address, browser type and pages visited, recorded in standard web-server logs used to operate and secure the site.
  • Publicly available business information — for example your role and organisation as published on your company's website or professional profiles, where relevant to working together.

We do not collect special-category data through this website, we do not buy marketing lists, and this site is not directed at children.

03

How and why we use it

We process personal data for the following purposes, on the following lawful bases:

PurposeData usedLawful basis (UK GDPR Art. 6)
Responding to your enquiry and discussing your requirementsIdentity, contact, correspondenceLegitimate interests; steps prior to entering a contract
Delivering services and managing client relationshipsIdentity, contact, correspondencePerformance of a contract
Keeping business and accounting recordsIdentity, contact, transaction recordsLegal obligation
Operating, securing and improving this websiteTechnical data (server logs)Legitimate interests (network and information security)
Sending marketing or newsletters (we do not currently do this)Identity, contactConsent — which you can withdraw at any time

Where we rely on legitimate interests, we have balanced those interests against your rights and concluded they are not overridden — for business-to-business contact about services you or your organisation have shown an interest in, this is the expected use of your details.

We do not sell personal data, and we do not make decisions about you based solely on automated processing.

04

Who we share it with

We share personal data only where necessary, with:

  • service providers who support our business — IT, website hosting, email and document management — acting as processors under contracts that require them to protect your data;
  • professional advisers (lawyers, accountants, insurers) where needed;
  • authorities, regulators or law-enforcement bodies where we are legally required to disclose.

We work only with providers able to demonstrate an adequate standard of data protection.

05

International transfers

Your data is stored and processed in the UK or the European Economic Area wherever possible. If a transfer outside the UK is ever necessary, we ensure an equivalent level of protection through a UK adequacy decision or appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses with the UK Addendum.

06

How long we keep it

We keep personal data only as long as we need it:

  • Enquiries that do not lead to an engagement — up to two years from our last contact, so we can pick the conversation back up if you return.
  • Client and contract records — for the duration of the engagement and then six years, in line with statutory limitation and accounting requirements.
  • Web-server logs — rotated on a short cycle measured in weeks, retained only as needed for security analysis.

When data is no longer needed it is deleted or irreversibly anonymised.

07

How we protect it

We apply proportionate technical and organisational measures: encrypted connections (HTTPS/TLS) across this site, access on a least-privilege basis, vetted suppliers, and security practices certified under the NCSC Cyber Essentials Plus scheme.

No system is perfectly secure. If a personal-data breach occurs that risks your rights or freedoms, we will notify the Information Commissioner's Office within 72 hours as required, and tell you directly where the risk to you is high.

08

Your rights

Under the UK GDPR you have the right to:

  • be informed about how your data is used (this policy);
  • access the personal data we hold about you, and receive a copy;
  • have inaccurate or incomplete data corrected;
  • have your data erased, in certain circumstances;
  • restrict our processing, in certain circumstances;
  • object to processing based on legitimate interests, and to any direct marketing at any time;
  • data portability — receive data you provided to us in a machine-readable format;
  • withdraw consent at any time, where consent is the basis we rely on.

To exercise any of these rights, email info@critecgroup.com. We will respond within one calendar month (extendable by up to two further months for complex requests, in which case we will tell you). We may ask you to verify your identity first. Exercising these rights is free of charge.

09

Complaints

If you are unhappy with how we have handled your data, please contact us first and we will do our best to put it right. You also have the right to lodge a complaint with the UK supervisory authority: the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF — ico.org.uk or 0303 123 1113.

10

Cookies

This website is built to work without cookies, and at present it sets none. See our Cookie Policy for the full position and what will happen if that ever changes.

11

Changes to this policy

We review this policy periodically and will post any revised version on this page with an updated date above. Material changes that affect how your data is used will be highlighted.

Questions about this privacy policy? Contact Critec Group (Company No. 11700212) at info@critecgroup.com.