PRIVACY POLICY
Last updated: 20/010/2026
1. INTRODUCTION
This Privacy Policy explains how BAUS Group collects, uses, shares, and protects personal data when you visit https://www.baus-group.com (the “Website”), contact us, or otherwise interact with us online.
We are committed to complying with applicable data protection laws, including the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and, where applicable, the UK GDPR and the UK Data Protection Act 2018.
2. WHO WE ARE (DATA CONTROLLER)
Data Controller:
Baus Engineers Ltd
Registered office: 128 City Road – EC1V 2NX – London, United Kingdom
Registration number: 14644888
Email: info@baus-group.com
Telephone: +44 7762 913301 – +30 210 3009288
If you operate multiple establishments (e.g., London – Athens – Nicosia), specify the main establishment and responsible entity:
Main establishment: ENGLAND – LONDON
Other establishments: GREECE – ATHENS – CYPRUS NICOSIA
3. SCOPE
This Policy applies to:
(a) visitors to the Website;
(b) individuals who contact us via forms, email, or phone;
(c) business contacts and representatives of corporate clients, suppliers, partners, and stakeholders interacting with us through the Website.
This Policy does not cover third-party websites linked from our Website.
4. PERSONAL DATA WE COLLECT
We may collect the following categories of personal data:
4.1 Data you provide
– Identity and contact data: name, job title, company, email, phone number, country, and any details you include in messages or attachments.
– Inquiry data: project information you choose to share (e.g., sector, scope, location, timeline).
– Preference data: communication preferences, language preferences.
4.2 Data collected automatically (technical/usage data)
– Device and technical data: IP address, device type, browser type/version, operating system, language, time zone, and referral source.
– Usage data: pages visited, time spent, clicks, approximate location (derived from IP), and interactions.
– Log data: server logs and security logs (e.g., request time, requested URL, status code, user agent).
4.3 Cookies and similar technologies
We use cookies and similar technologies as described in our Cookie Policy. Depending on your choices, we may collect analytics data and consent records.
4.4 Data from third parties (where applicable)
– Business contact data from professional networks, event registrations, or partners (e.g., corporate directories), limited to what is necessary for legitimate business communications.
– Technical service providers may provide security/anti-bot signals.
5. WHY WE USE PERSONAL DATA (PURPOSES) AND LEGAL BASES
We process personal data only where we have a lawful basis. Purposes and typical legal bases include:
5.1 To operate, secure, and improve the Website
Purpose: website functionality, performance monitoring, troubleshooting, fraud prevention, and security.
Legal basis: Legitimate Interests (Article 6(1)(f) GDPR) — ensuring network and information security; and/or Legal Obligation where required.
5.2 To respond to inquiries and communicate with you
Purpose: handle requests, provide information about capabilities, arrange meetings, and manage correspondence.
Legal basis: Legitimate Interests (Article 6(1)(f)) — business communications; and/or steps prior to entering into a contract (Article 6(1)(b)) when your request relates to potential services.
5.3 To manage business relationships (B2B)
Purpose: relationship management with corporate clients, partners, suppliers; due diligence; professional communications.
Legal basis: Legitimate Interests (Article 6(1)(f)) and/or Contract (Article 6(1)(b)).
5.4 Analytics (if enabled)
Purpose: understand aggregated usage patterns, improve content and user experience.
Legal basis: Consent (Article 6(1)(a)) where analytics cookies are non-essential under ePrivacy/PECR rules.
5.5 Marketing communications (B2B)
Purpose: send relevant updates about BAUS Group (e.g., capabilities, insights, announcements).
Legal basis: Legitimate Interests (Article 6(1)(f)) for B2B marketing where permitted; or Consent (Article 6(1)(a)) where required by law. You can opt out at any time.
5.6 Compliance, claims, and legal matters
Purpose: legal compliance, responding to lawful requests, establishing/exercising/defending legal claims.
Legal basis: Legal Obligation (Article 6(1)(c)) and/or Legitimate Interests (Article 6(1)(f)).
6. LEGITIMATE INTERESTS (BALANCING)
Where we rely on Legitimate Interests, we consider:
– necessity for our business operations (e.g., security, responding to inquiries);
– minimal impact on individuals (data minimization, access controls);
– reasonable expectations of business users visiting a corporate site.
You may object to processing based on legitimate interests (see Section 11).
7. SHARING AND DISCLOSURE (RECIPIENTS)
We may share personal data with:
7.1 Internal recipients
Authorized staff and affiliated entities within BAUS Group who need the data for the purposes above.
7.2 Service providers (processors)
IT hosting providers, website maintenance providers, email/communication providers, security providers (e.g., firewall/anti-bot), analytics providers (if enabled), and CRM tools (if used).
We require processors to protect personal data and process it only on our instructions under appropriate contracts (e.g., Article 28 GDPR).
7.3 Professional advisors
Lawyers, auditors, and consultants where necessary.
7.4 Authorities
Public authorities or law enforcement where legally required.
8. INTERNATIONAL TRANSFERS
Your data may be processed in countries outside the EEA/UK depending on service providers and group operations.
Where transfers occur, we use appropriate safeguards such as:
– European Commission adequacy decisions (where applicable);
– Standard Contractual Clauses (SCCs) and UK Addendum, plus supplementary measures where needed;
– other lawful mechanisms under GDPR/UK GDPR.
9. DATA RETENTION
We keep personal data only as long as necessary:
– Inquiry/contact data: typically [12–36 months] after last meaningful interaction, unless needed longer for a contract or legal purposes.
– Security logs: typically [30–180 days], unless needed for incident investigation.
– Consent records (cookies/marketing): as long as necessary to demonstrate compliance and manage preferences, typically [up to 5 years] or per legal requirements.
– Contract-related business contact data: for the duration of the relationship and then for [x years] according to limitation periods and accounting/legal obligations.
Define your actual retention schedule and align it with operational reality.
10. SECURITY MEASURES
We implement appropriate technical and organizational measures, such as:
– TLS/HTTPS encryption in transit;
– access controls and least-privilege permissions;
– secure hosting and patch management;
– monitoring, logging, and intrusion prevention;
– backup and recovery procedures;
– staff confidentiality obligations.
No system is 100% secure; if a breach occurs, we will follow legal notification requirements.
11. YOUR RIGHTS (EU/UK DATA SUBJECT RIGHTS)
Subject to applicable law, you may have the right to:
– Access your personal data;
– Rectify inaccurate data;
– Erase data (“right to be forgotten”);
– Restrict processing;
– Data portability (where applicable);
– Object to processing (including direct marketing);
– Withdraw consent at any time (where we rely on consent);
– Lodge a complaint with a supervisory authority.
12. HOW TO EXERCISE YOUR RIGHTS
Submit requests to: info@baus-group.com
We may need to verify identity to protect your data. We respond within statutory timeframes (typically one month, extendable in complex cases).
13. MARKETING PREFERENCES
You can opt out of marketing emails at any time by:
(a) using the “unsubscribe” link (if present), or
(b) emailing info@baus-group.com with your request.
Opting out does not affect non-marketing communications (e.g., responses to inquiries or contractual matters).
14. CHILDREN
The Website is not intended for children and we do not knowingly collect children’s personal data.
15. AUTOMATED DECISION-MAKING
We do not conduct automated decision-making producing legal or similarly significant effects based solely on automated processing. If this changes, we will provide required information.
16. COOKIES
For information about cookies and how to manage preferences, see our Cookie Policy.
17. UPDATES TO THIS POLICY
We may update this Policy from time to time. We encourage you to review it periodically.
18. CONTACT AND COMPLAINTS
Contact us: info@baus-group.com
Address: 128 City Road – EC1V 2NX – London, United Kingdom
EU: You may lodge a complaint with your local data protection authority.
UK: You may lodge a complaint with the Information Commissioner’s Office (ICO).