Privacy & Data Protection

Privacy Policy

This Privacy Policy explains how PAC CAD LTD collects, uses, stores, and protects your personal information when you interact with our website and when we provide our specialist CAD design, engineering analysis, project planning, prototyping, and consulting services.

Controller: PAC CAD LTD, Hemel Hempstead, United Kingdom

Website: https://pac-cad.site/

Contact (privacy enquiries): [email protected]

1. Privacy Policy Introduction

PAC CAD LTD ("PAC CAD", "we", "us", or "our") is a scientific and technical consultancy based in Hemel Hempstead, United Kingdom. We specialise in CAD design and drafting, engineering analysis, technical project planning, prototyping support, product development consulting, and professional scientific advisory services across multiple industries.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website at https://pac-cad.site/, when you interact with us via our enquiry or booking channels, and when we deliver our professional services. It also explains your rights under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website, submitting an enquiry, or engaging our services, you acknowledge that you have read and understood this Privacy Policy. We encourage you to review this Policy regularly, as we may update it from time to time to reflect legal, technical, or business developments.

2. Information We Collect

We collect a range of personal and technical information to enable us to respond to enquiries, provide our consultancy services, and operate our website effectively and securely.

2.1 Information you provide directly

When you choose to interact with us, you may provide the following types of personal information:

  • Contact details – such as your name, job title, company name, business address, email address, and telephone number when you submit an enquiry via our contact or booking forms, or when you contact us by email or phone.
  • Project and service information – details about your organisation, technical requirements, engineering challenges, CAD files, design specifications, prototype objectives, timelines, and any other information you choose to share to help us understand your project.
  • Contract and billing data – such as purchase order details, invoicing details, billing address, and records of services provided when you engage us as a client.
  • Communication records – including emails, call notes, and correspondence relating to your enquiries, proposals, and ongoing projects.

2.2 Information collected automatically

When you visit our website, certain technical information is collected automatically to support secure and reliable operation of the site and to help us understand usage patterns. This may include:

  • Device and usage data – such as your IP address, browser type and version, operating system, device identifiers, pages visited, time and date of visits, referring URLs, and other diagnostic data.
  • Cookie data – information collected through cookies and similar tracking technologies. For more detail, please see the section Cookies & Tracking Technologies below.

2.3 Information from third parties

We may receive limited personal information about you from third parties where this is necessary to deliver our services or manage our business, for example:

  • Business partners, referrers, or collaborators who introduce you to us or share your contact details with your consent.
  • Publicly available sources, such as professional directories or company websites, where we identify potential business contacts in a B2B context.

3. How We Use Your Information

We use the personal information we collect for specific, legitimate business purposes in connection with our scientific and technical consultancy activities. In particular, we may use your information to:

  • Respond to enquiries – to answer questions you submit via our contact channels, to provide information about our CAD, engineering, planning, prototyping, and consulting services, and to prepare proposals or quotations.
  • Deliver consultancy services – to perform our contractual obligations, manage technical project workflows, communicate with you and your team, review CAD and engineering data, and document project deliverables.
  • Process bookings and engagements – to schedule consultations, workshops, or design reviews, manage project timelines, and coordinate resources.
  • Administer our business relationship – including maintaining client records, issuing invoices, managing payments, and maintaining audit trails for regulatory or contractual purposes.
  • Improve and secure our website – to monitor technical performance, analyse usage patterns on an aggregated basis, troubleshoot issues, and protect against security threats or misuse.
  • Comply with legal obligations – such as responding to lawful requests from authorities, maintaining records for tax and accounting purposes, and enforcing or defending legal claims.

We process personal data on a number of legal bases, including: performance of a contract (or steps taken at your request prior to entering into a contract), our legitimate interests in operating and improving our business, compliance with legal obligations, and, where applicable, your consent.

4. Data Retention

We retain personal information only for as long as is necessary for the purposes set out in this Privacy Policy, and to satisfy any legal, regulatory, accounting, or reporting requirements.

In determining appropriate retention periods, we consider factors such as the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and applicable legal requirements.

  • Enquiry data – information you submit via our contact or booking channels may be retained for up to 24 months after our last interaction, in case you decide to proceed with a project or require follow-up support.
  • Client and project data – records relating to contracted services, including proposals, project files, technical documentation, and invoices, are typically retained for the duration of the project and for at least six years thereafter, in line with standard limitation periods and accounting requirements.
  • Technical logs and security data – website log files and related technical data may be retained for shorter periods, typically up to 12 months, unless a longer period is required for security investigations.

When personal data is no longer required, we will either securely delete or anonymise it, so that it can no longer be associated with an identifiable individual.

5. Cookies & Tracking Technologies

Our website may use cookies and similar tracking technologies to provide a reliable, secure, and user-friendly browsing experience, and to help us understand how the site is used so that we can improve its performance and content.

5.1 What are cookies?

Cookies are small text files stored on your device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site owners. Cookies can be "session" cookies (which expire when you close your browser) or "persistent" cookies (which remain on your device for a set period or until deleted).

5.2 Types of cookies we may use

  • Strictly necessary cookies – required for core website functionality, such as page navigation, secure connection handling, and basic form submissions. These cookies are essential and cannot be switched off in our systems.
  • Performance and analytics cookies – used to collect aggregated information about how visitors use our site (for example, which pages are visited most frequently). This helps us improve the structure, content, and usability of our website.
  • Functionality cookies – may be used to remember certain choices you make, such as preferred communication channels, to provide a more tailored experience.

Details of any specific cookies or third-party analytics tools in use may be explained in a separate cookie banner or settings interface presented when you first visit the site.

5.3 Your cookie choices

Where required by law, we will ask for your consent before placing non-essential cookies on your device. You may withdraw or modify your consent at any time using the controls provided on the website (if available) or by adjusting your browser settings to block or delete cookies.

Please note that if you disable certain cookies, some features of the website may not function as intended, and your user experience may be affected.

6. Third-Party Data Sharing

We do not sell your personal information. We may share personal data with carefully selected third parties where this is necessary for the operation of our business, the delivery of our services, or compliance with legal obligations.

6.1 Service providers

We may share information with trusted external providers who support our operations, such as:

  • IT hosting, cloud infrastructure, and data storage providers that enable us to run our website, manage technical project files, and store communication records.
  • Professional advisers (for example, accountants or legal advisers) who require access to certain records in the course of providing their services.
  • Selected vendors or subcontractors who assist us in providing specialist CAD, engineering, or project delivery capabilities, where such access to data is necessary and proportionate.

These third parties are required to handle personal data in accordance with appropriate contractual and legal safeguards and may not use your information for their own independent purposes.

6.2 Legal and regulatory disclosures

We may disclose your information where we are required or permitted to do so by law, such as:

  • To comply with applicable laws, regulations, or court orders.
  • To respond to lawful requests from government or regulatory authorities.
  • To protect the rights, property, or safety of PAC CAD LTD, our clients, or others, including for the prevention and detection of fraud or other security issues.

6.3 Business transfers

In the event of a reorganisation, merger, acquisition, or transfer of business operations, we may share or transfer relevant personal data to third parties involved, subject to continued protection of your rights and in accordance with applicable data protection laws.

7. Data Security Measures

We take the security of personal and technical information seriously and implement a combination of physical, technical, and organisational controls designed to protect data against loss, misuse, unauthorised access, disclosure, alteration, or destruction.

  • Access controls – limiting access to personal data to authorised personnel and contractors who need it for legitimate business purposes, and applying role-based permissions wherever practicable.
  • Secure infrastructure – using reputable hosting and cloud providers, encryption in transit where appropriate, and maintaining technical safeguards to protect against common cyber threats.
  • Data handling procedures – applying internal procedures for the handling of project files, CAD models, engineering documentation, and client communications, including secure transfer and storage practices.
  • Monitoring and review – periodically reviewing our security measures and updating them as needed in response to technical or regulatory developments.

While we strive to protect your information using appropriate safeguards, no method of transmission over the internet or method of electronic storage is entirely risk-free. Accordingly, we cannot guarantee absolute security, but we are committed to responding promptly and transparently to any suspected data incidents.

8. Your Data Protection Rights

If you are located in the United Kingdom or another jurisdiction with similar data protection laws, you may have a number of rights in relation to the personal data we hold about you. Subject to certain conditions and exceptions, these may include:

  • Right of access – to obtain confirmation as to whether we process your personal data and to request a copy of the information we hold about you.
  • Right to rectification – to request that inaccurate or incomplete personal data is corrected or updated.
  • Right to erasure – to request deletion of your personal data where there is no compelling reason for us to continue processing it (also known as the "right to be forgotten").
  • Right to restriction of processing – to request that we limit the processing of your data in certain circumstances (for example, while the accuracy of the data is being verified).
  • Right to object – to object to processing based on our legitimate interests, on grounds relating to your particular situation, where we do not have overriding legitimate grounds to continue.
  • Right to data portability – to request that we provide your personal data in a structured, commonly used, and machine-readable format, or transmit it to another controller where technically feasible.
  • Right to withdraw consent – where we rely on your consent as a legal basis for processing, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us using the details set out in the section How to Contact Us. We may need to verify your identity before responding to your request, and we will aim to respond within the timeframes required by applicable law.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the United Kingdom or with your local supervisory authority if you believe that your data protection rights have been infringed. More information is available on the ICO website at https://www.ico.org.uk.

9. International Data Transfers

PAC CAD LTD is based in the United Kingdom. In some cases, the service providers or technical partners we use to host data, deliver infrastructure, or support our business operations may be located outside the United Kingdom or the European Economic Area (EEA), or may use infrastructure in other jurisdictions.

Where personal data is transferred outside the UK or EEA, we will ensure that appropriate safeguards are in place to protect it in accordance with applicable data protection laws. These safeguards may include:

  • Transfers to countries that have been formally recognised as providing an adequate level of data protection.
  • The use of approved contractual clauses (such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses, as applicable), together with additional safeguards where necessary.

Further information about international transfers and the safeguards we apply can be obtained by contacting us using the details provided below.

10. How to Contact Us

If you have any questions about this Privacy Policy, our data handling practices, or if you wish to exercise your data protection rights, you can contact us using the details below:

Company: PAC CAD LTD

Email: [email protected]

Telephone: +447470105089

Postal Address:
140 Windmill Road,
Hemel Hempstead,
Hertfordshire,
United Kingdom,
HP2 4BW

When contacting us in relation to your data protection rights, please provide sufficient information for us to identify you and understand your request. This helps us to respond in an accurate and timely manner.

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable laws and regulations. Any updates will be posted on this page, with a revised effective date.