This Privacy Policy explains how ODEIS Limited collects, uses, shares, and protects personal data relating to website visitors, clients, job applicants, suppliers, and other business contacts. Please read it carefully. If you have any questions, contact us at hello@odeis.co.uk.
Who We Are
ODEIS Limited (“ODEIS”, “we”, “us”, or “our”) is a data analysis and environmental consultancy registered in England and Wales (Company No. 15749949). We collect, use, share, and protect personal data in connection with our website at www.odeis.co.uk, our consultancy and data analysis services, our recruitment activities, and our relationships with suppliers and other business contacts.
ODEIS is committed to processing personal data fairly, lawfully, and transparently, in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”).
ODEIS is registered with the Information Commissioner’s Office (the “ICO”). If you have a concern about how we handle your data, you have the right to complain to the ICO at any time (see Section 10).
Scope of This Policy
This Policy applies to personal data that ODEIS collects and uses as a Data Controller, including data relating to:
- Visitors to our Website
- Individuals who contact us directly
- Current, former, and prospective clients and their staff
- Job applicants
- Suppliers, contractors, and other business contacts
In the course of providing consultancy and data analysis services, ODEIS may also process personal data on behalf of, and strictly on the instructions of, a client — acting as a Data Processor rather than a Data Controller. This Policy does not apply to that processing. Where ODEIS acts as a processor, the relevant client (as Data Controller) is responsible for providing its own privacy notice to the individuals concerned.
This Policy should be read alongside our Terms of Business, which governs use of the Website and the provision of our Services.
Definitions
| Term | Definition |
|---|---|
| Personal Data | Any information relating to an identified or identifiable living individual. |
| Special Category Data | Personal data revealing health, racial or ethnic origin, religious beliefs, sexual orientation, trade union membership, genetic or biometric data, and similar categories defined in Article 9 UK GDPR. |
| Data Controller | The organisation that determines the purposes and means of processing personal data. |
| Data Processor | An organisation that processes personal data on behalf of, and under the instructions of, a Data Controller. |
| Cookies | Small text files placed on your device when you visit a website, used to make websites work or work more efficiently. |
Information We Collect and Why
4.1 Visitors to Our Website
When you visit our Website, we may automatically collect technical information including your device and browser type, IP address, approximate location, pages visited, and timestamps via cookies. We do not collect personal data through a contact form or newsletter sign-up on our Website without your knowledge. If this changes, we will update this Policy accordingly.
4.2 People Who Contact Us Directly
If you contact us by email, telephone, or post, we will collect your name, contact details, and the content of your message, in order to respond to your enquiry.
4.3 Clients and Client Contacts
Where an organisation engages ODEIS to provide Services, we collect business contact details of relevant individuals at that organisation (such as name, job title, employer, email address, and telephone number). We use this information to perform our contract with the client, manage the engagement, issue invoices, and comply with our legal and accounting obligations.
4.4 Job Applicants
If you apply for a role with ODEIS, we collect information you provide in your application, CV, and covering letter, together with interview notes, references, and right-to-work documentation. We use this information to assess your suitability for a role, to administer the recruitment process, and to comply with our legal obligations. If your application is unsuccessful, we will normally retain your application data for 6 months after the recruitment process ends, after which it will be securely deleted.
4.5 Suppliers, Contractors and Other Business Contacts
Where we engage suppliers, subcontractors, associates, or other business contacts, we collect business contact details and, where necessary, bank details to manage the relationship and process payments.
Cookies and Similar Technologies
Our Website uses cookies and similar technologies to make the Website work properly and to help us understand how visitors use it.
| Category | Purpose | Can be disabled? |
|---|---|---|
| Strictly Necessary | Required for the Website to function correctly — security, load balancing, session management. | No — these are essential. |
| Analytics / Performance | Help us understand how visitors interact with the Website, such as pages visited and time spent on site. | Yes — via cookie settings or our cookie banner. |
| Functionality | Remember choices you make on the Website to provide enhanced, personalised features. | Yes — via cookie settings. |
Where required by law, we will ask for your consent before setting non-essential cookies via the cookie banner displayed on your first visit. Most web browsers allow you to control cookies through their settings. Further guidance is available at www.aboutcookies.org.
Lawful Basis for Processing
We rely on the following lawful bases under the UK GDPR to process your personal data:
For non-essential cookies, or to retain an unsuccessful job applicant’s details beyond our standard retention period.
To provide our Services to clients, manage supplier relationships, and take steps towards entering into an employment contract.
For example, to retain accounting and tax records, or to carry out right-to-work checks as required by law.
To respond to enquiries, maintain and improve our Website, and assess job applications, where these interests are not overridden by your fundamental rights and freedoms.
Data Security and Retention
We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include encrypted data storage, access controls, and secure communication channels.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for satisfying legal, regulatory, or tax requirements. When data is no longer required, it is securely deleted or anonymised.
If you have a concern about the security of your data or believe there has been a breach, please contact us immediately at hello@odeis.co.uk. We are obligated to report certain types of data breach to the ICO within 72 hours of becoming aware of them.
International Data Transfers
We may transfer, store, or process your personal data outside of the United Kingdom, typically where we utilise cloud-hosting platforms or software providers based abroad.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by:
- Implementing approved Standard Contractual Clauses (SCCs) or UK Addendum equivalents; or
- Transferring to countries with a UK adequacy decision in place; or
- Relying on another lawful transfer mechanism approved by the ICO.
Your Data Subject Rights
Under the UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at hello@odeis.co.uk. We will respond within one calendar month.
Request a copy of the personal data we hold about you via a Data Subject Access Request (DSAR).
Ask us to correct incomplete or inaccurate data we hold about you.
Ask us to delete or remove personal data where there is no good reason for us to continue processing it.
Object to our processing where we rely on a legitimate interest, or if your data is used for direct marketing.
Ask us to suspend the processing of your personal data in certain scenarios defined under UK GDPR.
Request the transfer of your personal data to you or a third party in a structured, machine-readable format.
How to Complain
If you have any concerns or complaints about how we handle your personal data, please contact us directly so we can try to resolve the issue:
- Email: hello@odeis.co.uk
- Subject line: Data Protection Enquiry
You also have the right at any time to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues:
- Helpline: 0303 123 1113
- Website: www.ico.org.uk
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.
This Privacy Policy was last reviewed and updated on 25 June 2026. We reserve the right to update this Policy at any time. Material changes will be communicated via our Website.