1. Introduction
Promus (hereinafter referred to as "the Company", "we", "us", or "our") is committed to protecting the privacy and personal data of all individuals who interact with our website and digital communications. This Privacy Policy describes how we collect, use, store, and protect personal information obtained through the use of our corporate website (the "Website"), and sets out your rights in relation to that information.
This Policy applies to all visitors, prospective clients, existing clients, partners, and other individuals who access or use the Website or who submit information to us through any digital channel. By using the Website, you acknowledge that you have read and understood this Privacy Policy.
Promus operates in compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK General Data Protection Regulation ("UK GDPR"), the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), and other applicable national and state-level privacy frameworks.
2. Data Controller Information
Promus acts as the data controller in respect of personal data collected through this Website. For the purposes of GDPR and equivalent legislation, the data controller responsible for your personal data is:
- Promus MEP Engineering
- Website: www.promusmep.com
- Contact: legal@promusmep.com
For any data protection enquiries, please contact us at the address above.
3. Information We Collect
We collect two categories of information through the Website: personal data provided directly by you, and technical data collected automatically through your use of the Website.
3.1 Personal Data
We may collect the following personal data when you complete a contact form, submit a project inquiry, request information, or otherwise interact with the Website:
- Full name and professional title
- Business email address
- Company or organisation name
- Telephone number (if voluntarily provided)
- Country and region of business operations
- Project details, scope descriptions, and technical requirements submitted via inquiry forms
- Any other information voluntarily included in free-text fields
3.2 Technical and Usage Data
When you visit the Website, we or our third-party service providers may automatically collect certain technical data, including:
- IP address and approximate geographic location derived therefrom
- Browser type, version, and operating system
- Device type and screen resolution
- Referring URL and exit pages
- Pages viewed, time spent on pages, and navigation paths
- Date and time of access
- Cookie identifiers and session data (see Section 8 below)
3.3 Business Contact Data
In the context of B2B communications, we may collect professional contact information shared by representatives of companies and organisations for the purpose of conducting commercial discussions, responding to tender submissions, or managing project-related correspondence.
4. Purpose and Legal Basis for Processing
We process personal data only where we have a lawful basis for doing so. The purposes for which we process your information, and the corresponding legal bases, are as follows:
4.1 Responding to Inquiries and Project Submissions
Legal Basis: Legitimate interests (Article 6(1)(f) GDPR) and, where applicable, pre-contractual measures (Article 6(1)(b) GDPR). We process contact and project information in order to evaluate, prepare, and respond to project inquiries, proposals, and requests for information.
4.2 Business Development and Client Relations
Legal Basis: Legitimate interests. We may use professional contact information to follow up on business discussions, provide relevant updates about our services, or maintain ongoing client and partner relationships. You may object to processing for this purpose at any time.
4.3 Website Analytics and Performance
Legal Basis: Legitimate interests or consent (where required by applicable law). We use technical data to analyse Website performance, improve user experience, and ensure the security and stability of our digital infrastructure.
4.4 Legal and Regulatory Compliance
Legal Basis: Legal obligation (Article 6(1)(c) GDPR). We may process and retain data where required by applicable law, professional regulations, or legal proceedings.
5. Data Sharing and Third Parties
Promus does not sell, rent, or trade personal data to third parties for commercial or marketing purposes. We may share personal data with third parties only in the following limited circumstances:
- Service Providers: We engage third-party service providers who assist us in operating the Website and conducting our business, including web hosting providers, email service platforms, analytics tools, and customer relationship management systems. These providers are contractually bound to process data only on our instructions and in compliance with applicable data protection laws.
- Professional Advisors: We may share information with our legal, financial, or technical advisors where necessary for the provision of professional services, subject to applicable confidentiality obligations.
- Project Partners and Collaborators: In the context of specific engineering projects, we may share relevant project inquiry data with subcontractors, specialist consultants, or international project partners, where this is necessary for the delivery of services and where appropriate safeguards are in place.
- Regulatory and Legal Authorities: We may disclose data to competent authorities, courts, or regulators where required by law, court order, or to protect the rights, property, or safety of Promus, its clients, or the public.
- Corporate Transactions: In the event of a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred to the relevant successor entity, subject to equivalent data protection obligations.
Where we engage third-party processors, we ensure appropriate data processing agreements are in place in accordance with applicable law.
6. International Data Transfers
Promus operates internationally, and personal data may be transferred to, stored in, or processed in countries outside the European Economic Area (EEA) or the United Kingdom. In particular, we may utilise cloud-based service providers and technology platforms that operate infrastructure in the United States, the United Kingdom, or other third countries.
Where such transfers occur, we implement appropriate safeguards to ensure the protection of personal data, including:
- Adequacy decisions issued by the European Commission or the UK Secretary of State;
- Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent UK mechanisms;
- Other supplementary measures as required under applicable data protection guidance.
You may request further information regarding the safeguards applicable to international transfers by contacting us at the details provided in Section 13 of this Policy.
7. Data Retention
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable legal, regulatory, accounting, or professional obligations.
In general terms:
- Inquiry and contact data is retained for a period of up to three (3) years from the date of last contact, to allow for follow-up on potential business opportunities and to maintain records of pre-contractual communications.
- Project-related data associated with active or completed engagements is retained for the duration of the project and for a period of up to ten (10) years thereafter, in accordance with standard professional liability and archiving obligations applicable to engineering consultancies.
- Technical and analytics data is retained for a period of up to twenty-six (26) months in line with standard analytics platform practices.
- Data retained for legal compliance purposes is held for such periods as prescribed by the relevant law or regulation.
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.
8. Cookies and Tracking Technologies
The Website uses cookies and similar tracking technologies to provide, secure, and improve our digital services. A cookie is a small text file stored on your device by your web browser when you visit a website.
8.1 Types of Cookies We Use
- Strictly Necessary Cookies: These cookies are required for the Website to function correctly and cannot be disabled. They are typically set in response to actions you take, such as setting privacy preferences or completing forms.
- Analytical/Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve Website performance. All information collected is aggregated and therefore anonymous.
- Functional Cookies: These cookies enable enhanced functionality and personalisation, such as remembering your preferences or settings between visits.
8.2 Cookie Management
You may manage or withdraw your consent to non-essential cookies at any time by adjusting your browser settings or through any cookie management tool made available on the Website. Please note that disabling certain cookies may affect the functionality and user experience of the Website.
We do not use third-party advertising cookies or deploy behavioural profiling or retargeting technologies on this Website.
9. Data Security
Promus implements appropriate technical and organisational security measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include, where applicable:
- Secure Sockets Layer (SSL/TLS) encryption for data in transit;
- Access controls and authentication mechanisms restricting data access to authorised personnel;
- Regular security assessments of our digital infrastructure and third-party service providers;
- Staff training on data protection obligations and information security practices.
Notwithstanding the above, no transmission of data over the internet or electronic storage system can be guaranteed as entirely secure. While we strive to protect your personal data, we cannot warrant the absolute security of information submitted to or through the Website.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with applicable law.
10. Your Rights
Subject to the applicable legal framework and any exemptions or restrictions provided therein, you may have the following rights in relation to your personal data:
- Right of Access: The right to request a copy of the personal data we hold about you.
- Right to Rectification: The right to request correction of inaccurate or incomplete data.
- Right to Erasure: The right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you have withdrawn consent and no other legal basis applies.
- Right to Restriction of Processing: The right to request that we restrict processing of your data in certain circumstances.
- Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format, where processing is based on consent or contract and carried out by automated means.
- Right to Object: The right to object to processing based on legitimate interests or carried out for direct marketing purposes.
- Right to Withdraw Consent: Where processing is based on your consent, the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
- Right Not to Be Subject to Automated Decision-Making: The right not to be subject to solely automated decisions that produce legal or similarly significant effects, except in limited circumstances.
California Residents: If you are a California resident, you may have additional rights under the CCPA/CPRA, including the right to know what personal information is collected and how it is used, the right to opt out of the sale or sharing of personal information (note: we do not sell personal information), the right to non-discrimination for exercising your privacy rights, and the right to correct inaccurate personal information.
To exercise any of your rights, please contact us using the details provided in Section 13. We will respond to requests within the timeframe required by applicable law (generally within one (1) month for GDPR-related requests). We may require verification of your identity before processing your request.
If you believe your data protection rights have been infringed, you have the right to lodge a complaint with a competent data protection supervisory authority in your country of residence or place of business.
11. Children's Privacy
The Website is directed solely at business professionals and is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information.
12. Changes to This Privacy Policy
We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal requirements, or business operations. The revised Policy will be posted on the Website with the date of the most recent revision indicated at the top of the document.
For material changes that may significantly affect your rights or our data processing activities, we will endeavour to provide reasonable advance notice, including by prominent notice on the Website. Your continued use of the Website following the posting of changes constitutes your acceptance of the updated Policy.
13. Contact Information
For all data protection-related enquiries, access requests, or complaints, please contact us at:
Data Protection Contact
- Promus MEP Engineering
- Email: legal@promusmep.com
- Website: www.promusmep.com
We are committed to resolving any concerns and will respond to all legitimate enquiries promptly and in accordance with applicable law.