Last updated: November 26, 2025

Nicholson Associates UK (“we”, “our”, “us”) is committed to protecting your personal data and respecting your privacy.
This Privacy Policy explains:

• what personal data we collect

• how and why we use it

• how we store and protect it

• your rights under UK GDPR

• how to contact us about your data

We operate in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable UK data protection laws.

1. Who We Are

Nicholson Associates UK
Structural Engineering Consultancy
Email: enquiries@nicholsonassociatesuk.com

For data protection matters, Nicholson Associates UK acts as the Data Controller.

2. Personal Data We Collect

We collect personal data through:

A. Contact Form Submissions

When you submit an enquiry through our website, we collect:

• Full name

• Email address

• Phone number (if provided)

• Project address or location (if included)

• Details about your enquiry or project

• Any attachments you provide

This data is necessary for us to respond to your enquiry and provide structural engineering advice or quotations.

B. Website Usage Data (Analytics)

Through Google Analytics and Search Console, we automatically collect:

• IP address (anonymised where possible)

• Device type

• Browser type

• Geographic region

• Pages visited

• Time spent on site

• Traffic sources

• Search terms used

• Click behaviour

This data helps us:

• improve our website

• understand visitor behaviour

• monitor website performance

• identify technical issues

We do not use Analytics to identify you personally.

C. Cookies & Tracking Technologies

Our website uses cookies for:

• essential website functions

• Google Analytics reporting

• security and spam protection (e.g., reCAPTCHA)

You can accept or decline cookies via our Cookie Notice or browser settings.

D. Communication Records

If you communicate with us by form, email or phone, we may store:

• email exchanges

• project discussions

• documents you provide

• call notes

This ensures continuity in providing our services.

3. How We Use Your Data (Lawful Bases)

Under UK GDPR, we must have a legal basis for processing your personal data.
We process your data under the following bases:

A. Performance of Contract

(Article 6(1)(b) UK GDPR)
To:

• respond to your enquiry

• provide quotations

• deliver structural engineering services

• communicate about your project

B. Legitimate Interests

(Article 6(1)(f) UK GDPR)
To:

• improve website performance

• monitor usage trends

• keep records of client enquiries

• prevent spam and abuse

We ensure these interests do not override your rights.

C. Legal Obligations

(Article 6(1)(c) UK GDPR)
We may retain records to comply with:

• HMRC tax requirements

• Accounting obligations

• Regulatory engineering standards

D. Consent

(Article 6(1)(a) UK GDPR)
For:

• optional marketing communications

• non-essential cookies

You can withdraw consent at any time.

4. How We Store and Protect Your Data

We use secure digital storage solutions with:

• encryption

• strong access controls

• password protection

• regular backups

• professional security protocols

Access to your data is restricted to authorised personnel only.

We do not store payment information (if applicable) on our website.

5. How Long We Keep Your Data

We retain data only as long as necessary:

Contact Form Enquiries

Stored for 12–24 months depending on enquiry type.

Client Project Data

Stored for 6–10 years to comply with engineering and legal obligations.

Analytics Data

Google Analytics retains data for 14 months (or your chosen setting).

Email Records

Retained for up to 7 years for business and compliance purposes.

6. Sharing Your Data

We do not sell or rent your personal data.

We may share data only with:

Trusted service providers, such as:

• email hosting providers

• cloud storage providers

• website hosting/security providers

• Google (analytics & search console)

Regulatory bodies, if required by law (e.g., HMRC, legal authorities)

All third-party providers must comply with UK GDPR and are only permitted to process data on our instructions.

7. International Data Transfers

Some service providers (e.g., Google) may process data outside the UK.
Where this occurs, we ensure:

• Standard Contractual Clauses (SCCs),

• adequacy decisions,

• or equivalent GDPR safeguards

are in place to protect your data.

8. Your Rights Under UK GDPR

You have the following rights:

• Right to access your personal data

• Right to rectification of inaccurate data

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to object to processing

• Right to data portability

• Right to withdraw consent at any time

• Right to lodge a complaint with the ICO

To exercise any rights, email us at:

enquiries@nicholsonassociatesuk.com

9. Links to External Sites

Our website may contain links to third-party websites.
We are not responsible for their content or privacy practices.

10. Children’s Data

Our website and services are not intended for children under 16, and we do not knowingly collect data from minors.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically.
Any changes will be published on this page with an updated revision date.

12. Contact Us (Data Protection Enquiries)

If you have questions about this Privacy Policy or want to exercise your data rights, contact:

Nicholson Associates UK
Email: enquiries@nicholsonassociatesuk.com

You may also contact the UK Information Commissioner’s Office (ICO):
https://www.ico.org.uk