Privacy Policy

1. Who We Are and How to Contact Us

This Privacy Policy explains how Trojan (“we”, “us”, “our”) collects, uses, discloses and protects your personal data when you use our website at https://www.trojanstripout.co.uk or otherwise interact with us.

Controller: Trojan acts as the “controller” of your personal data for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Privacy contact: privacy@trojanstripout.co.uk

2. Scope of This Policy

This policy covers personal data collected through our website, by email or phone, in the course of providing quotations and services, and during recruitment. It does not cover personal data we process solely on behalf of clients as their processor (in those cases, the client’s privacy terms will apply).

3. What Data We Collect

  • Information you provide: name, business or company name, role or job title, email address, telephone number, project details, site location, correspondence and any attachments you send (e.g., plans, photos), preferences and consents.
  • Contract and billing data: service agreements, purchase orders, invoices, payment details (e.g., remittance information), addresses necessary for service delivery and accounting, and records of our communications.
  • Recruitment data: CV/resume, cover letter, employment and education history, professional qualifications, references, right-to-work documentation, interview notes, and if relevant, information needed to make reasonable adjustments. We do not seek special category data unless strictly necessary and lawful.
  • Automatically collected data: IP address, device identifiers, browser type and version, operating system, pages viewed, time and date of visits, referrer URL, and interaction data gathered via cookies and similar technologies.
  • Public and third-party sources: business contact details from corporate websites, professional platforms and directories, referrals and introductions, and data received from our service providers (e.g., analytics or security providers).

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes under the legal bases identified in Article 6 UK GDPR and relevant provisions of PECR for electronic marketing and cookies:

  • Responding to enquiries, providing quotations, and supplying services: performance of a contract or steps prior to entering into a contract (Article 6(1)(b)); and our legitimate interests in operating our business and communicating with you (Article 6(1)(f)).
  • Account management, invoicing, and payment: performance of a contract (Article 6(1)(b)) and legal obligations for tax and accounting (Article 6(1)(c)).
  • Website operation, security, and fraud prevention: our legitimate interests in ensuring the security, integrity and availability of our services (Article 6(1)(f)).
  • Analytics to improve our website and services: your consent via our cookie preferences tool (Article 6(1)(a)) and PECR consent where applicable.
  • Marketing communications: consent (Article 6(1)(a)) where required; and our legitimate interests in promoting our services to business contacts (Article 6(1)(f)), subject to PECR and your right to opt out at any time.
  • Recruitment and hiring: steps taken at your request prior to a contract (Article 6(1)(b)), legal obligations (Article 6(1)(c)), and our legitimate interests in evaluating candidates (Article 6(1)(f)). Where we process special category data for equal opportunities or adjustments, we will rely on your explicit consent (Article 9(2)(a)) or applicable employment and social protection law grounds.
  • Compliance, legal claims and regulatory requirements: legal obligations (Article 6(1)(c)) and our legitimate interests in establishing, exercising or defending legal claims (Article 6(1)(f)).

Where we rely on consent, you can withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5. Cookies and Similar Technologies

We use cookies and similar technologies to operate our website, remember your preferences, measure website performance, and enhance the user experience.

  • Strictly necessary cookies: required for core site functionality, security and network management. These do not require consent.
  • Functional cookies: remember choices to provide enhanced features. We use these with your consent where required.
  • Analytics cookies: help us understand how visitors use the site so we can improve it. We only set these with your consent and, where possible, apply measures such as IP truncation.

You can manage your preferences via our cookie controls and through your browser settings (e.g., blocking or deleting cookies). If you block certain cookies, parts of the site may not work as intended. Cookie lifetimes vary; some expire at the end of a session, while others may remain on your device for up to 24 months unless you delete them earlier.

6. Disclosures and Data Sharing

We share personal data only as necessary for the purposes described above, with appropriate safeguards:

  • Service providers acting on our behalf, such as website hosting and maintenance, email and communications platforms, cloud storage, analytics and security tools, IT support, CRM, and document management. These providers are bound by confidentiality and data protection obligations.
  • Professional advisers, insurers and auditors for advice, insurance, compliance and dispute resolution.
  • Business partners and subcontractors involved in delivering our services where necessary for a project and subject to confidentiality and data minimisation.
  • Authorities, regulators, courts or law enforcement when required by law or to protect our rights or the rights of others.
  • Business transfers in connection with a merger, acquisition, restructuring or asset sale, in which case personal data will continue to be protected in line with this policy.

7. International Data Transfers

Some of our service providers may process personal data outside the UK. Where such transfers occur, we ensure appropriate safeguards are in place, such as adequacy regulations, the International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms, together with additional technical and organisational measures as required.

You can request more information about the safeguards for international transfers by contacting privacy@trojanstripout.co.uk.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, and to comply with legal, accounting and reporting obligations. Typical retention periods are:

  • Enquiries and routine correspondence: up to 24 months from the date of our last interaction.
  • Contracts, project files and billing records: for the life of the contract and then for 7 years after the end of the relevant financial year for tax and accounting purposes.
  • Recruitment (unsuccessful candidates): 6 months after the hiring decision, or up to 12 months where you agree to be kept on file for future opportunities.
  • Employee and subcontractor records: for the duration of engagement and then in accordance with legal requirements (typically up to 6 years, and longer for certain health and safety records).
  • Security and access logs: typically 12 months.
  • Cookies and analytics data: in line with the cookie lifetime on your device (generally up to 24 months) or aggregated/anonymised data retained for longer for trend analysis.

9. Your Privacy Rights

Subject to applicable law, you have the right to:

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete personal data.
  • Erase your personal data in certain circumstances (“right to be forgotten”).
  • Restrict processing in certain circumstances.
  • Data portability for information you provided to us, where processing is based on consent or contract and carried out by automated means.
  • Object to processing based on our legitimate interests, and to object at any time to direct marketing.
  • Withdraw consent where processing is based on consent.

To exercise your rights, contact privacy@trojanstripout.co.uk. We may ask for information to verify your identity. We aim to respond within one month, or notify you if an extension is needed. You will not be charged a fee unless your request is manifestly unfounded or excessive.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Transport Layer Security (TLS) for data in transit where applicable.
  • Access controls, role-based permissions and multi-factor authentication for systems that store personal data.
  • Encryption, secure configuration, and regular patching of systems.
  • Backups, recovery procedures and change management.
  • Staff training, confidentiality obligations and least-privilege principles.
  • Vendor due diligence and data processing agreements with service providers.
  • Incident response processes to detect, investigate and notify where required.

No method of transmission or storage is completely secure; however, we continually review and improve our safeguards.

11. Marketing Preferences

You can opt out of marketing emails at any time by following the unsubscribe instructions in the message or by contacting privacy@trojanstripout.co.uk. For business contacts, we send only relevant messages and honour all opt-outs. Opting out of marketing does not affect service-related communications.

12. Children’s Privacy

Our website and services are intended for adults and business users. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it where appropriate.

13. Automated Decision-Making

We do not use personal data to make decisions based solely on automated processing that have legal or similarly significant effects on you.

14. Third-Party Websites

Our website may reference third-party content or services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy information when you leave our site or engage their services.

15. Data Protection Officer and Contact

We are not required to appoint a Data Protection Officer under the UK GDPR. We have designated a data protection lead to handle privacy matters.

Data protection contact: privacy@trojanstripout.co.uk

16. Complaints

If you have concerns about how we handle your personal data, please contact us at privacy@trojanstripout.co.uk and we will do our best to resolve your concerns.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements or other factors. We will post the updated version on this page and indicate the effective date.

Effective date: 28 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2026 Trojan