Last updated: February 2020

Privacy Notice

ATB Project Solutions Ltd is committed to protecting your privacy. This privacy notice covers the processing of data for individuals and companies that we have a prospective or existing business relationship with and as a result we process their data to manage this relationship.

We are dedicated to being transparent and this privacy notice tells you what we do with the information that we collect about you.

We process your personal data in accordance with the relevant data protection legislation. We are the data controller for the data that we process about you and we will not collect any information from you that we do not need for the purpose of managing the business relationship.


Who are we?

We are ATB Project Solutions Ltd and are the controller for the personal and business information we process, unless stated otherwise. ATB Project Solutions Ltd is a limited company providing management consultancy services.

Our address:
ATB Project Solutions Ltd
Dyffryn Farm
Llandrindod Wells

You can contact us at the address above, by email at or by phone at +44(0)7702083964. Our website address is:


Data Protection contact

The contact person responsible for data protection is Alinda Tyler at the above address or by email at


Why we are processing your information and its purpose

The personal information we process is directly provided to us directly by you for one of the following reasons:

  • You have filled in a contact form on our website;
  • You have subscribed to our website blog;
  • When you provide your business contact details to us for potential business opportunities;
  • We may also use your data where there is not contractual relationship, and where we need to process your data for potential business opportunities. We can use your personal data in this way because it is in our legitimate interests to network and grow the business; and
  • We process your personal information to provide and improve our consultancy services that we offer our customers;

The personal information we collect include and are limited to your business contact details (business name, name, job title, business address, contact phone number and email address) needed to perform our service, contact you as per the contact form or send you our new blog.


Lawful basis

We collect personal information when this is necessary for performing a contract or to take steps at your request, before entering a contract.

We also collect personal information when you fill in the online contact form or subscribe to our website blog. We will collect personal data on this Website only if it is directly provided to us by you the user and our lawful basis is legitime interest. Normally you will only provide such details if you are making an enquiry about our services and wish to be contacted to discuss this in further detail or wish to sign up for our e-newsletter or other resources.

The website blog subscription requires a double opt-in consent, which is our lawful basis.



We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. By default, WordPress does not collect any personal data about website visitors and only collects the data shown on the User profile screen from registered users.

WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy policy.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here:  After approval of your comment, your profile picture is visible to the public in the context of your comment.

You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.


Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.


For more information on how our website provider, WordPress, uses cookies, please see Automattic’s cookie policy.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit or



When you have signed up for our newsletter/ blog, you will receive notifications when new blogs have been released. You can unsubscribe at any time by clicking the link in the email you receive and by following the instructions.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.


The retention periods

When providing contractual services, we will keep your basic personal or business information(business name, names, business addresses, contact details) for a minimum of 7 years after which time it will be destroyed.

Where there is no contractual relationship formed, we will retain your personal data for two years.

The retention period for your company or personal information after filling out our contact form online is 1 month after which it will be destroyed.

The retention period for your name and email address after subscribing to our website blog will be for the duration you are subscribed. From the moment you unsubscribe your data will be deleted after 1 month.

If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.


Sharing of your information

We do not sell our customers personal information.

In any circumstance, we will ensure that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.



We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed by unauthorised individuals.


storage of data

A transfer of your personal data may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with the DPA and GDPR.


International transfers

We do not transfer any personal information to other countries in or outside the EU.


Your rights

Under data protection law you have rights in relation to your personal data. The rights available are:


Your right of Access

You have the right to request a copy of your personal information as well as other supporting information. This is called a ‘subject access request’. You can make a subject access request to find out what data is held and how it is used.

You can make a subject access request verbally or in writing When a request is made verbally, we recommend this is followed up in writing.

We will respond to you without undue delay and within 1 month of the request being made. We will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.


Your right to Rectification

You have the right to have inaccurate personal information to be rectified when you think this is inaccurate. This also includes the right to ask us to complete information that you think is incomplete.

When making this request, please state clearly what you think is incorrect or incomplete, how we should correct it and where this is available provide us with evidence of the inaccuracies.

You can make a subject for rectification verbally or in writing. When a request is made verbally, we recommend this is followed up in writing.


Your right to Erasure

You have the right ‘to be forgotten’ or the right to be deleted. These are the circumstances you have the right to request erasure:

  • we no longer need your personal information for the purpose which it was collected for;
  • when consent was the lawful basis and you have exercised the right to withdraw consent;
  • you object to the use of your data;
  • we have obtained your information unlawfully;
  • we have a legal obligation to erase your data.

You can make a subject for erasure verbally or in writing. When a request is made verbally, we recommend this is followed up in writing.

When a request for erasure has been received and we are obliged to delete your data, we will do so in a secure manner, including any potential third parties your data has been shared with.

There are circumstances where we cannot delete your data. These include:

  • when we are legally obliged to hold your data;
  • When keeping your data is necessary for establishing, exercising or defending legal claims.

If these are the case, we will respond to your request in writing confirming the reasons why we cannot erase your data and your right to complain.


Your right to restriction of processing

This is a right which is closely associated with your rights to rectification and your right to object. This request can be made at the same time as raising another request or objection and is aimed at limiting the way we use your personal data if you are concerned about its accuracy or how it is being used.

When making this request, please confirm what data you want restricting and why. You can make a subject for restriction verbally or in writing. When a request is made verbally, we recommend this is followed up in writing.

When this request is received, we will store your restricted data securely and will not use the data unless we have your consent, the information is needed for a legal claim.


Your right to object

You have the right to object to the use of your personal data in certain situations. These include:

  • When your data is used in public interest;
  • For legitimate interests;
  • For scientific or historical research, or statistical purposed; or
  • For direct marketing.

At ATB Project Solutions Ltd we do not use your data for the majority of the above, with exception of legitimate interest.


Your right to data portability

You have the right to request we transfer the information you have given us to another organisation, or to give it to you.

When making this request, please confirm what you want. You can make a subject for data portability verbally or in writing. When a request is made verbally, we recommend this is followed up in writing.

Upon receipt of this request we will provide a copy of the requested data either to you or the other organisation. We may need to confirm your identity before carrying out this request.
If you also want to exercise your right to erasure, please state this in your request.


The right to lodge a complaint

If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated at

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office or write to them:

Information commissioner’s office
Wycliffe house
Water lane


Data Breaches

In the situation a data breach occurs, there is a reporting procedure in place.


Changes to this privacy notice

We ensure our privacy notice is accurate and up to date and will keep our privacy notice under regular review.