HADRIZ CO LTD – Privacy Statement
HADRIZ CO LTD (“Hadriz”, “we”, “us”, or “our”) respects and is committed to protecting the privacy and confidentiality of personal data entrusted to us. This Privacy Statement explains how we collect, use, share and protect information that relates to an identified or identifiable individual (“Personal Data”) in the course of our business.
This Privacy Statement applies to:
- clients and prospective clients
- suppliers and other third-party partners
- website users and people who contact us via our website forms or by email/phone
- business contacts and individuals whose details we receive in the context of our services
- job applicants
1. Who we are and how to contact us
HADRIZ CO LTD is the controller of your Personal Data for the purposes described in this Privacy Statement, unless we state otherwise.
Controller details
HADRIZ CO LTD
Company No. 16456355
71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Tel: +44 (0)7346 136058
Email: info@hadriz.com
We have appointed a person responsible for data protection matters (our “Privacy Lead”). If you have questions about this Privacy Statement, or wish to exercise your data protection rights, please contact us using the details above and mark your communication for the attention of the Privacy Lead.
This Privacy Statement is effective as of 24 November 2025 and may be updated from time to time to reflect changes in how we handle Personal Data or in applicable law. We will post any updates on this page.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.
2. What Personal Data we collect
“Personal Data” means any information that can identify you, directly or indirectly. It does not include data where the identity has been removed (anonymous data).
Depending on your relationship with us, we may collect and process the following categories of Personal Data:
- Identity Data – such as first name, last name, title.
- Contact Data – such as email address, telephone number, postal address, company name, role or job title.
- Technical Data – such as IP address, browser type and version, device identifiers, operating system, time zone setting and other information about the devices you use to access our website.
- Usage Data – information about how you use our website, including pages visited, time spent on pages and interactions with our online content. This may include information gathered via cookies and similar technologies (e.g. Google Analytics).
- Marketing and Communications Data – such as your preferences for receiving marketing information from us and records of communications with you about our services.
- Transactional and Financial Data – such as bank account details and payment information where we pay you (for example, suppliers) or you pay us (clients), and basic records of invoices and payments.
- Service and Engagement Data – such as information you share with us in relation to our consulting, prime contracting and acquisition services (for example, project-related correspondence, notes of meetings, or other information necessary to deliver our services).
- Recruitment Data – if you apply for a role with us or we receive your CV, we may collect information such as your employment history, qualifications, right to work documentation and referees.
Special categories of data
We do not generally seek to collect special categories of Personal Data (such as data relating to health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, sexual life or sexual orientation), nor criminal conviction data. If there is a clear business need to process such data, we will only do so where permitted by law (for example, where required by employment or safeguarding law) and, where necessary, with your explicit consent.
Aggregated data
We also collect and use aggregated data such as overall website traffic statistics. Aggregated data may be derived from your Personal Data but does not directly or indirectly reveal your identity (for example, the total number of visitors to a page). We may use aggregated data for purposes such as understanding how users engage with our website and improving our services.
Except where required by law or necessary under a contract, providing your Personal Data is voluntary. However, if you choose not to provide information we reasonably need (for example, your contact details when you submit an enquiry), we may be unable to respond to your request or provide our services.
If you provide us with Personal Data about another individual (for example, a colleague or referee), you are responsible for ensuring that they are aware of this Privacy Statement and that you are allowed to share their Personal Data with us.
3. How we collect your Personal Data
We collect Personal Data in the following ways:
a) Directly from you
For example, when you:
- contact us by phone, email, post or via our website contact form
- request information about our services
- engage us to provide consulting or prime contracting services
- provide services to us as a supplier
- attend a meeting, call or event with us
- subscribe to receive updates or marketing from us
- send us your CV or apply for a role
b) Automatically, when you use our website
When you visit our website, certain Technical and Usage Data is collected automatically through cookies and similar technologies. This helps us understand how the site is used and improve performance and security. We currently use, among other tools, Google Analytics for this purpose. Our cookie banners and settings allow you to manage your preferences.
For more information on cookies, please refer to our cookie information (which may be provided within this notice or as a separate cookie policy).
c) From third parties and public sources
We may also collect Personal Data from:
- individuals who introduce you to us (for example, a colleague or another client)
- publicly available sources such as LinkedIn or company websites
- professional advisers and other service providers involved in our work for you
- regulators or authorities, where this is relevant to our services
4. Why we use your Personal Data and our legal bases
We will only use your Personal Data when we have a lawful basis to do so under UK data protection law (UK GDPR and Data Protection Act 2018). Depending on the context, we rely on one or more of the following legal bases:
- Performance of a contract – where processing is necessary for us to perform a contract with you or to take steps at your request before entering into a contract.
- Legitimate interests – where processing is necessary for our or a third party’s legitimate interests, and these are not overridden by your interests or fundamental rights.
- Legal obligation – where processing is necessary to comply with a legal or regulatory obligation (for example, tax or accounting rules).
- Consent – where you have given us clear consent to process your Personal Data for a specific purpose (for example, some marketing communications).
Below are the main purposes for which we process Personal Data and the associated legal bases:
| Purpose | Categories of Personal Data | Legal basis |
|---|---|---|
| Responding to enquiries and requests you submit (e.g. via the contact form, email or phone) | Identity, Contact, Service and Engagement Data | Legitimate interests (to respond to and manage enquiries); steps taken at your request before entering into a contract |
| Providing and managing our consulting, prime contracting and acquisition services | Identity, Contact, Service and Engagement Data, Transactional and Financial Data | Performance of a contract; legitimate interests (to deliver and manage our services) |
| Managing our relationships with clients, suppliers and other business contacts, including record-keeping, billing and payments | Identity, Contact, Transactional and Financial Data, Service and Engagement Data | Performance of a contract; legitimate interests (to manage our business and client/supplier relationships); legal obligation (tax and accounting) |
| Operating, securing and improving our website and online tools | Technical and Usage Data | Legitimate interests (to ensure our website and systems are secure, functional and user-friendly) |
| Monitoring website usage and producing analytics and statistics (e.g. via Google Analytics) | Technical and Usage Data | Legitimate interests (to understand and improve how our website and services are used); consent where required by cookie/marketing rules |
| Sending you updates, insights or information about our services that may be of interest to you | Identity, Contact, Marketing and Communications Data | Legitimate interests (to promote and grow our business to existing or relevant business contacts), or consent where required. You can opt out at any time. |
| Recruitment and talent management (e.g. processing CVs and applications) | Identity, Contact, Recruitment Data | Steps taken at your request before entering into an employment contract; legitimate interests (to manage recruitment); legal obligation (e.g. right to work checks) |
| Complying with legal or regulatory obligations, responding to requests from authorities, handling disputes | Any relevant categories | Legal obligation; legitimate interests (to protect our rights and respond to claims) |
Where we rely on our legitimate interests, we balance those interests against your rights and freedoms and only proceed where they are not overridden.
If we intend to use your Personal Data for a purpose that is materially different from the purposes set out above, we will explain this to you and, where required, seek your consent.
5. Sharing your Personal Data
We may share your Personal Data with the following categories of recipients, only to the extent reasonably necessary for the purposes set out in this Statement:
- Service providers and professional advisers who support our business (e.g. IT and hosting providers, accountants, lawyers, consultants, email and document management providers, analytics providers like Google).
- Clients and suppliers, where this is necessary in the context of a specific engagement (for example, where your details are provided as a contact for a project).
- Regulators, public authorities and law enforcement where required by law or to protect our legal rights.
- Third parties involved in a business transaction, such as buyers, investors or their advisers, if we undergo a reorganisation, merger or sale of our business.
We require third-party service providers to use Personal Data only for the purposes we specify and in accordance with our instructions, and to apply appropriate security measures.
International transfers
Some of our service providers or partners may be located outside the UK or European Economic Area (EEA). Where we transfer Personal Data outside the UK or EEA, we will ensure that an adequate level of protection is in place, for example by:
- only transferring to countries which have been deemed to provide an adequate level of protection; or
- using appropriate safeguards such as standard contractual clauses approved by relevant authorities.
You can contact us if you would like more information about the safeguards we use for international transfers.
6. Data security
We take the security of your Personal Data seriously. We have implemented appropriate organisational, technical and physical measures designed to protect your Personal Data against unauthorised access, accidental loss, misuse or disclosure. These measures include, where appropriate:
- access controls so that only those with a business need can access personal data
- secure systems and devices, with regular updates and patching
- policies and training to promote good data protection and information security practices
- secure disposal or anonymisation of Personal Data when it is no longer needed
However, please note that transmission of information over the internet can never be guaranteed to be completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.
We have procedures in place to deal with suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.
7. How long we keep your Personal Data
We will retain your Personal Data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including for satisfying any legal, regulatory, tax, accounting or reporting requirements.
In determining the appropriate retention period, we consider:
- the amount, nature and sensitivity of the Personal Data
- the potential risk of harm from unauthorised use or disclosure
- the purposes for which we process it and whether we can achieve those purposes by other means
- applicable legal and regulatory requirements (for example, statutory limitation periods, tax rules)
By way of example:
- enquiry information is typically kept for a period that allows us to answer your query and, if appropriate, keep a record of the enquiry and our response
- client and supplier records, including financial records, are generally retained for at least the period required by tax and accounting law
- recruitment records are typically retained for a limited period after the recruitment process, unless you become an employee or we agree to keep your details for future opportunities
In some cases we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes; in that case we may use such information indefinitely without further notice to you.
8. Your rights
Under data protection law, and subject to certain conditions and exemptions, you have the following rights in relation to your Personal Data:
- Right of access – to obtain confirmation as to whether we process your Personal Data and to receive a copy of the Personal Data we hold about you.
- Right to rectification – to have inaccurate or incomplete Personal Data corrected.
- Right to erasure – in certain circumstances, to request the deletion of your Personal Data (for example, where it is no longer needed for the purposes for which it was collected).
- Right to restrict processing – in certain circumstances, to ask us to suspend processing of your Personal Data (for example, while we check its accuracy or consider an objection).
- Right to object – to object to our processing of your Personal Data where we are relying on legitimate interests, and in particular to object to processing for direct marketing at any time.
- Right to data portability – in certain circumstances, to receive Personal Data you have provided to us in a structured, commonly used and machine-readable format and to have that data transmitted to another controller.
- Right to withdraw consent – where we rely on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing based on consent before it is withdrawn.
If you wish to exercise any of these rights, please contact us using the details in section 1. We may need to request specific information from you to help us confirm your identity and ensure your right to exercise these rights. This is a security measure to ensure that Personal Data is not disclosed to anyone who has no right to receive it.
We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made a number of requests, it may take us longer; if so, we will keep you informed.
You will not usually have to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply with your request if it is manifestly unfounded or excessive.
9. Complaints
If you have concerns about how we handle your Personal Data, we would encourage you to contact us first so that we can try to resolve the issue.
You also have the right to make a complaint at any time to the UK data protection supervisory authority:
Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Last updated: 24 November 2025