Last updated: March 2026
EHS Protect Limited ("we", "our", "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data when you use our website at ehsprotect.com.
Who We Are
EHS Protect Limited is a company registered in Scotland (company number SC849512) with its registered office at 5 South Charlotte Street, Edinburgh, EH2 4AN. We are the data controller for the personal data described in this policy.
Contact: hello@ehsprotect.com
What Data We Collect
We collect personal data in the following ways:
Information you provide to us
- When you fill in a contact form: your name, email address, phone number (if provided), and the content of your message.
- When you book a consultation via Microsoft Bookings: your name, email address, and any information you include in the booking.
- When you sign up for our newsletter or request access to EHS Genesis: your email address.
- When you download a resource (e.g. a guide or checklist): your email address.
Information collected automatically
- If you consent to analytics cookies: anonymised usage data via Google Analytics 4, including pages visited, time on site, approximate location (city level), device type, and traffic source. This data does not identify you personally.
- Server logs: your IP address, browser type, and pages requested. These are retained for security purposes and automatically deleted after 30 days.
How We Use Your Data
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Responding to enquiries | Name, email, message content | Legitimate interest |
| Scheduling consultations | Name, email, booking details | Contract performance |
| Sending marketing emails/newsletters | Email address | Consent |
| Providing access to gated resources | Email address | Consent |
| Website analytics | Anonymised usage data | Consent (via cookie banner) |
| Security and fraud prevention | Server logs, IP address | Legitimate interest |
Who We Share Your Data With
We do not sell your personal data. We share data only with:
- Google (Google Analytics 4) — anonymised website usage data.
- Microsoft (Microsoft Bookings / Microsoft 365) — consultation booking data.
- Email service provider — if you subscribe to our newsletter.
We may also disclose your data if required by law or to protect our legal rights.
International Transfers
Some third-party processors (Google, Microsoft) may transfer data outside the UK/EEA. Where this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
How Long We Keep Your Data
- Contact form submissions: 2 years from last contact.
- Newsletter subscribers: until you unsubscribe, then deleted within 30 days.
- Consultation bookings: retained in Microsoft 365 for 2 years.
- Analytics data: anonymised, retained by Google for 14 months.
- Server logs: 30 days.
Your Rights
Under UK GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your personal data in certain circumstances.
- Restriction — ask us to restrict processing of your data.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interest.
- Withdraw consent — withdraw consent at any time where processing is based on consent.
To exercise any right, contact us at hello@ehsprotect.com. We will respond within one month.
Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
Changes to This Policy
We may update this policy from time to time. The "last updated" date at the top of this page will be revised accordingly.