This Data Protection Policy sets out how Celestium Engineering (“we”, “us”) collects, uses, stores, and protects personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where relevant.
This policy applies to all personal data processed by Celestium Engineering, in any form (electronic or paper), and to all employees, contractors, and third parties who handle personal data on our behalf.
Personal data: Any information relating to an identified or identifiable natural person (e.g. name, email address, phone number, IP address).
Processing: Any operation performed on personal data, such as collection, recording, storage, use, disclosure, or deletion.
Data subject: The individual whose personal data is processed.
Data controller: The organisation that determines the purposes and means of the processing of personal data, i.e. Celestium Engineering.
We only process personal data when we have a valid legal basis, which may include:
- Performance of a contract with the data subject.
- Compliance with a legal obligation.
- Our legitimate interests, provided they are not overridden by the data subject’s rights.
- Consent, where required and obtained in a clear and explicit manner.
Depending on the relationship with the data subject, we may process:
- Identification data (name, title, company, job role).
- Contact data (postal address, email, phone number).
- Contract and billing data (purchase history, invoices, payment details – excluding full card numbers where not necessary).
- Technical data (IP address, device information, login data, usage logs) where relevant for our services.
We do not intentionally collect sensitive personal data unless strictly necessary and subject to appropriate safeguards.
We process personal data for purposes including:
- Providing and managing our products and services.
- Managing customer and supplier relationships.
- Fulfilling contractual and legal obligations.
- Managing accounts, invoicing, and payments.
- Ensuring the security and proper functioning of our IT systems.
- Communicating with clients and prospects (e.g. sending service information or, where permitted, marketing communications).
We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes described above.
Personal data is retained only for as long as necessary to fulfil those purposes or to comply with legal, accounting, or reporting obligations; after the retention period, data is securely deleted or anonymised.
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
These measures may include access controls and authentication, encryption and secure storage where appropriate, regular backups, and security policies and procedures for employees and contractors.
We may share personal data with:
Where personal data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through appropriate safeguards (such as standard contractual clauses or equivalent mechanisms), where required by applicable law.
Data subjects have the following rights, subject to conditions set out in applicable law:
- Right of access to their personal data.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) in certain circumstances.
- Right to restriction of processing.
- Right to data portability where applicable.
- Right to object to certain types of processing, including direct marketing.
- Where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
Requests to exercise these rights can be made using the contact details provided in section 12 below, and we will respond within the time limits set by law.
We maintain procedures to detect, investigate, and respond to personal data breaches.
Where required by law, we will notify the relevant supervisory authority and, when necessary, the affected data subjects without undue delay.
Overall responsibility for data protection lies with the Managing Director of Celestium Engineering (or any designated data protection lead).
All employees and contractors who handle personal data must comply with this policy and with any related procedures, instructions, or training provided.
We review this Data Protection Policy regularly and update it when necessary to reflect changes in legislation, our processing activities, or industry best practices.
The latest version of this policy is available at: [insert website link or internal document location].
For questions about this policy or about how we process personal data, please contact:
Celestium Engineering
info@celestium-engineering.com
contact@celestium-engineering.com