Patterson and Co Defence Ltd

Website: www.pattersonand.co.uk Jurisdiction: United Kingdom Effective Date: [10/02/2026]

This policy explains how Patterson and Co Defence Ltd collects, uses, stores, and protects personal data in accordance with UK GDPR and the Data Protection Act 2018. It applies to visitors, prospective clients, and any individual who communicates with the company through the website or related channels.

Data Controller

Patterson and Co Defence Ltd acts as the data controller for information processed through the website. The company determines the purpose and means of processing personal data. Contact for privacy matters should be directed to the designated business email address. The controller maintains responsibility for ensuring that all processing is lawful, fair, transparent, and limited to stated purposes.

Categories of Personal Data

The website collects only operational contact and technical data required to respond to enquiries and maintain secure service delivery. This includes name, email address, optional telephone number, content of submitted messages, IP address, device type, browser information, and standard server log data. No biometric, health, financial, or other special category data is requested or intentionally retained.

Collection Methods

Information is obtained when a user completes a contact form, sends an email, or communicates directly with the company. Technical identifiers such as IP address and device characteristics are collected automatically through server logs and basic analytics tools used solely for performance monitoring and security oversight. No user account system or persistent profile tracking is implemented.

Purpose of Processing

Data is processed to respond to enquiries, provide information about services, maintain a record of business correspondence, detect misuse, maintain system integrity, and improve usability of the website. Processing is strictly limited to these operational purposes and is not used for behavioural advertising, resale, or unrelated marketing activity.

Legal Basis

Processing relies on legitimate interest in conducting normal business communication, consent where individuals voluntarily submit their information, and compliance with applicable legal obligations. Where consent is used, it may be withdrawn at any time without affecting prior lawful processing.

Data Sharing and Processors

Personal data may be processed by essential service providers such as hosting infrastructure, email delivery systems, and technical maintenance partners acting under contractual confidentiality and data protection terms. No data is sold, rented, or shared with advertising networks. Third parties process data only on documented instructions.

International Data Location

Systems are configured so that storage and processing occur within the United Kingdom or the European Economic Area. No routine transfers outside these regions occur. If this changes, appropriate safeguards such as adequacy decisions or standard contractual clauses would be applied.

Retention

Contact enquiries are retained only for the period required to manage communication history, resolve follow up matters, and meet legal or audit obligations. Server and security logs are retained for a limited diagnostic window and then rotated or anonymised. Data that is no longer required is securely deleted.

Individual Rights

Individuals may request access, rectification, erasure, restriction, objection, and where applicable portability of their data. Requests are handled within statutory timeframes. If concerns remain unresolved, individuals may lodge a complaint with the UK Information Commissioner’s Office.

Security Controls

Protective measures include restricted administrative access, secure hosting environments, routine patching, encrypted transport where supported, and monitoring for unauthorised activity. These controls aim to reduce the likelihood and impact of data loss, disclosure, or alteration.

Cookies and Analytics

The site uses a consent banner that allows visitors to accept or manage cookies. Only essential cookies and basic analytics cookies are deployed. Analytics is configured to measure aggregate usage patterns, page performance, and technical reliability without building personal marketing profiles.

Scope and Intended Audience

The website is intended for professional and business communication. It is not directed at children and does not knowingly solicit information from individuals under 13 years of age. The policy should be reviewed whenever new features, processors, or data uses are introduced.