Privacy Policy
1. Who we are and scope
Qudra Ltd (“Qudra”, “we”, “us”) is a UK‑based consultancy providing multidisciplinary engineering and architectural design, project/programme management and PMO services, and capability development/training to clients in the UK and internationally. This policy explains how we collect, use, disclose and protect personal data in connection with our services, website and business operations.
| Controller | Qudra Ltd |
| Registered address | 71–75 Shelton Street, Camden, London, WC2H 9JQ, United Kingdom |
| Website | www.qudra.co.uk |
| General contact | info@qudra.co.uk |
| Privacy contact | privacy@qudra.co.uk |
2. Our role and legal framework
Qudra is a “controller” of personal data for most activities described here; where we process data on behalf of clients (e.g., as part of a project), we act as a “processor” and follow clients’ documented instructions. Our processing is governed by UK data protection law, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR), as amended.
3. Personal data we collect
| Category | Examples | Typical source |
| Client & prospect contacts | Name, role, business contact details, communications, meeting notes | Direct from you; referrals; public sources |
| Supplier/sub‑contractor contacts | Name, role, business contact details, compliance due‑diligence responses | Direct; onboarding forms |
| Project stakeholders | Names and business contact details of third‑party stakeholders for project coordination | Client; public sources |
| Training delegates | Name, role, employer, email, attendance, assessment results (if applicable) | Booking forms; employer |
| Recruitment | CV details, qualifications, references, right‑to‑work checks | You; recruiters; referees |
| H&S/visitor information | Visit records, site inductions, accident/incident details where required | You; site systems |
| Device/website data | IP address, device identifiers, analytics/cookies (see Cookies Notice) | Your device; our website |
Special category data
We do not routinely collect special category data. Where necessary (e.g., accessibility or H&S), we process limited health information with appropriate safeguards and a relevant DPA 2018 Schedule 1 condition.
3. Purposes and lawful bases
| Purpose | Lawful basis | Typical data subjects |
| Pre‑contract engagement, proposals and contract administration | Contract; Legitimate interests | Client/prospect contacts |
| Project delivery and coordination | Contract; Legitimate interests; Legal obligation (where applicable) | Client staff; stakeholders; suppliers |
| Training delivery and certification | Contract; Legitimate interests; Consent if publishing testimonials/photos | Delegates |
| Supplier due diligence and management | Legitimate interests; Legal obligation (e.g., financial/tax) | Supplier contacts |
| Marketing to corporate subscribers | Legitimate interests with opt‑out; Consent where required by PECR | Business contacts |
| Website analytics and cookies | Consent for non‑essential cookies; Legitimate interests for essential | Website users |
| Recruitment and hiring | Legitimate interests; Contract; Legal obligation (right‑to‑work) | Applicants |
| Health & safety and incident management | Legal obligation; Vital interests | Visitors; workers |
4. Cookies and consent management
Our website uses essential cookies necessary for the site to function. We ask for your consent to place non‑essential cookies (e.g., analytics/advertising) via our consent management platform (CMP). You can change your preferences at any time using the cookie banner or your browser settings. See our separate Cookies Notice for full details.
5. Data sharing and processors
We use trusted service providers to operate our business (e.g., IT, email/collaboration, finance, learning platforms). These providers act as processors under written contracts that include confidentiality, security and data protection obligations. We may share limited data with clients, professional advisers, insurers, regulators or law enforcement where required. We do not sell personal data.
6. International transfers
Where we transfer personal data outside the UK, we implement appropriate safeguards. Depending on the destination and recipient, we may rely on: (a) UK adequacy regulations (including the UK–US Data Bridge for certified US organisations), or (b) the ICO’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with transfer risk assessments and supplementary measures where required.
7. Data security
We apply technical and organisational measures such as access controls, encryption (in transit and at rest where supported), role‑based permissions, secure configuration and backup, supplier due diligence, and staff training.
8. Retention
We keep personal data only as long as necessary for the purposes described and to meet legal/contractual requirements. We apply service‑specific retention rules (e.g., project files; training records; recruitment) and securely delete or anonymise data when no longer needed.
9. Your rights
You may request access, rectification, erasure, restriction, portability and object to certain processing. Where we rely on consent, you may withdraw it at any time. These rights may be subject to legal limitations. We will respond without undue delay and within statutory timescales.
| How to exercise your rights | Email privacy@qudra.co.uk or write to the address above. We may need to verify your identity. |
| Complaints | If you are unhappy with our response, you can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk. |
10. Children’s data
Our services are aimed at organisations. We do not knowingly collect any children’s personal data.
11. Changes to this policy
We may update this policy to reflect changes in law, guidance or our practices. Material changes will be highlighted on this page with a new effective date.
12. Contact
| Controller | Qudra Ltd |
| Address | 71–75 Shelton Street, Camden, London, WC2H 9JQ, United Kingdom |
| privacy@qudra.co.uk (or info@qudra.co.uk) |