Privacy Notice 

Thanks for taking the time to read about how we use your information. 

This Privacy Notice explains how we collect, use, store and share your personal data and sets out your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). Please read it carefully. Depending on your interaction with us, AACE may act in different roles: 

When you contact us directly (for enquiries, job applications, or similar), we act as the Data Controller and determine the purposes and means of processing your data. 

When we provide Technical Engineering Consulting services (pan-domain Safety, Integrated Logistics Support and Technical Publications) on behalf of our client organisations, we act as a Data Processor. In these cases, our clients are the Data Controllers and decide how your data is processed. If you have questions about that processing, you should contact the relevant client. 

This Privacy Notice is not here to be signed, consented to, agreed to or otherwise and it does not form part of T&Cs. If you have any questions or you think something is unclear or missing, please let us know by getting in touch at security@aace.co.uk

Who we are 

We are AACE, registered with Companies House under registration 03377828, and under the ICO as insert ZA314145. Our registered address is: Broomwood, Lincombe Lane, Boars Hill, Oxford, OX1 5DX. 

Our role – Data Controller and Data Processor 

Direct Contact (Data Controller): 

When you contact us via our website, email, or other channels (for example, making enquiries or applying for a role), AACE is responsible for deciding why and how your personal data is processed. 

On Behalf of Our Clients (Data Processor): 

When we provide Technical Engineering Consulting services (pan-domain Safety, Integrated Logistics Support and Technical Publications) for our client organisations, we process your personal data strictly on their instructions. In such instances, your employer or the client organisation is the Data Controller and is responsible for the purposes and means of processing. For any issues about the overall processing, please approach your employer. 

What Personal Data We Collect 

As our client, we will hold the following information about you: 

  • Your name and contact information, along with that of the contacts within your organisation we need to work with. 
  • Information about your business activities. 
  • Information and documentation about your matters or enquiries, including communications with you. 
  • There will sometimes be a Teams meeting recording held on Microsoft Teams – but only if the session were recorded as mutually agreed. 
  • Billing and payment information. 

As a potential client, we will hold the following: 

  • Your name, and contact information. 
  • Information relating to any queries, including business information you have provided to allow us to discuss opportunities. 
  • Information and documentation relating to your business gathered from yourself, websites, Companies House, LinkedIn and the ICO. 

As an Associate Consultant, we hold the following: 

  • Your name, contact and billing information. 
  • Information about the type of project you prefer to work on. 
  • Your availability. 

As a potential employee we collect the following: 

  • Name. 
  • Address. 
  • Email. 
  • Telephone number. 
  • Job title. 
  • Work history. 
  • Recruitment information. 
  • Related HR records. 

Some of this data is provided directly by you (for example, when filling in a contact form or job application) while other information may be collected indirectly as part of our provision of Technical Engineering Consulting services (pan-domain Safety, Integrated Logistics Support and Technical Publications) on behalf of our clients. 

How we use your personal data 

We use your personal data for purposes including, but not limited to: 

  • When Acting as Data Controller: 
  • Responding to your enquiries or processing your job application. 
  • Managing contractual or service-related arrangements you have with us. 
  • Communicating with you regarding updates, services, or regulatory requirements. 
  • When Acting as Data Processor for Our Clients: 
  • Assisting in the delivery of Technical Engineering Consulting services (pan-domain Safety, Integrated Logistics Support and Technical Publications) as instructed by the client. 
  • Processing data strictly in line with our client’s requirements and any legal obligations. 

Lawful Bases for Processing 

We ensure that there is a valid legal basis for processing your personal data: 

  • For Data Collected Directly (when we are the Data Controller): 
  • Contract: Processing is necessary to perform our contractual obligations with you. 
  • Legal Obligation: Processing is required to comply with UK law. 
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights. 
  • Consent: In specific cases (particularly when processing sensitive data), we may rely on your explicit consent. 
  • For Data Processed on Behalf of Clients (as a Data Processor): 
  • We only process your data on the clear instructions of our client, who is the Data Controller, and who is responsible for establishing the lawful basis. 

Who We Share Your Personal Data With 

Your personal data may be shared with: 

  • Trusted Third Parties: 
  • Service providers and partners who help us operate our business and deliver our services. 
  • Legal and Regulatory Authorities: 
  • Where required by law, including fraud prevention and law enforcement agencies. 
  • Client Organisations: 
  • When we act as a Data Processor, data is shared with our clients solely for the purpose of delivering HR services. 

We ensure that all sharing of your data complies with the UK GDPR and other applicable data protection laws. 

International Data Transfers 

We do not routinely transfer your personal data outside the UK. If any international transfers become necessary, appropriate safeguards will be implemented to ensure that your data remains protected in line with UK data protection requirements. 

Data Retention 

Your personal data will be retained only for as long as is necessary to fulfil the purposes for which it was collected, including meeting any legal, contractual, or legitimate business needs. Once the data is no longer required, we will securely delete, archive, or anonymise it in accordance with our data retention policies. 

Data Security 

We take the security of your personal data very seriously. We have implemented robust technical and organisational measures to protect your data against unauthorised access, disclosure, alteration, or destruction. Access to your personal data is restricted to those with a legitimate need to know. 

Your Rights 

Under the UK GDPR, you have certain rights regarding your personal data. Please note the following distinctions: 

When AACE is the Data Controller (direct enquiries): 

  • Right to be Informed: You have the right to clear information about our processing of your data. 
  • Right of Access: You can request a copy of the personal data we hold about you. 
  • Right to Rectification: You may request corrections to any inaccurate or incomplete data. 
  • Right to Erasure: In certain circumstances, you can ask for your data to be deleted. 
  • Right to Restrict Processing: You can request limitations on how your data is processed. 
  • Right to Data Portability: You have the right to receive your data in a structured, commonly used format. 
  • Right to Object: You may object to certain types of processing, including direct marketing or processing based on legitimate interests. 
  • Right Regarding Automated Decision-Making: You are entitled to not be subject to decisions based solely on automated processing. 

When AACE Acts as a Data Processor (on behalf of a client) 

  • The overall purposes and means of processing are determined by the client (the Data Controller). For any issues regarding these aspects, please contact the client organisation directly. 
  • You may still contact us for information about how we process your data as a Processor. 

To exercise your rights, please contact us at the details provided below. If your query relates to processing carried out on behalf of a client, you will need to contact that organisation directly. 

Changes to This Privacy Notice 

We may update this Privacy Notice from time to time. Any changes will be communicated via our website, and the ‘Last Updated’ date at the top of this notice will be revised accordingly. We encourage you to review this notice periodically. 

Cookies 

Our website uses cookies to enhance your user experience, support essential site functions, and gather non-personal analytical data. You can manage your cookie preferences by accepting or rejecting non-essential cookies when you open our site. 

Complaints 

If you have any concerns about our handling of your personal data, please contact our Data Protection Lead, Ben Roberts, at security@aace.co.uk. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) via https://ico.org.uk

Contact Us 

If you have any questions about this Privacy Notice or our data protection practices, please contact: 

AACE 

Email: enquiries@aace.co.uk 

Telephone: 0117 370 7755 

Data Protection Lead: Ben Roberts