ePrivacy and GPDR Cookie Consent by CookieConsent.com

Ingenious Power Engineering

Privacy policy

Version 1.1 Effective 29 June 2026 Reference IPE.CPOL.16

Ingenious Power Engineering Ltd ("Ingenious", "we", "us", "our") is committed to protecting personal data and handling it responsibly. This Privacy Policy explains how we collect, use, share and protect personal data across our business and through our Digital Ops platform. It is provided under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and (for cookies and electronic marketing) the Privacy and Electronic Communications Regulations (PECR).

This Policy is in three parts. Please read the part that applies to you, together with the Shared Provisions, which apply to everyone:

  • Part A - General. How we handle personal data in our general business: our website, enquiries, clients, suppliers and recruitment.
  • Part B - Digital Ops platform. How personal data is handled when you use the Digital Ops application and related services.
  • Shared Provisions. Matters that apply across both, including international transfers, security, retention, your rights, and how to contact us.

This Policy replaces any previous privacy policy published by Ingenious.

1. Who we are

Ingenious Power Engineering Ltd is the data controller responsible for personal data described in this Policy, except where Part B states that we act as a processor on a subscribing organisation's behalf. Our registered office is 26 Britten Road, Reading, RG2 0AU, and our ICO registration number is ZB131412. Contact details are in the "Contact us" section.

Part A - General

This Part applies to visitors to our website, anyone who contacts or enquires with us, our clients and their representatives, our suppliers and subcontractors, and people who apply to work with us.

2. Information we collect

  • Contact and enquiry details - your name, email address, telephone number, organisation and the content of your message, when you contact us or complete a form on our website.
  • Client and project information - the contact details and correspondence of client representatives and project stakeholders, gathered in the course of providing our connection and engineering services.
  • Supplier and subcontractor information - contact and contractual details of the organisations and individuals we work with.
  • Recruitment information - where you apply for a role with us, the information in your application, CV and related correspondence.
  • Website and technical information - IP address, device and browser type, and information collected through cookies and similar technologies, including Google Analytics (set only with your consent).
  • Marketing preferences - where you have opted in to receive updates from us.

3. How we use this information and our lawful basis

  • To respond to enquiries and provide information you request - our legitimate interests, and/or taking steps at your request before entering a contract.
  • To provide our connection and engineering services and manage client contracts - performance of a contract and our legitimate interests.
  • To manage supplier and subcontractor relationships - performance of a contract and our legitimate interests.
  • To consider applicants for employment - our legitimate interests and steps prior to a contract.
  • To send marketing communications where permitted - your consent, or our legitimate interests where allowed, with the ability to opt out at any time (in line with PECR).
  • To operate, maintain and secure our website - our legitimate interests.
  • To comply with legal, regulatory and industry obligations - including health-and-safety and construction (CDM) record-keeping - compliance with a legal obligation.

4. Sharing

We do not sell personal data. We share it only as necessary, with: our professional advisers (legal, accounting, insurance); the IT and hosting providers who support our systems, including Microsoft 365, Microsoft Entra ID and Amazon Web Services (AWS); clients, network operators (DNOs) and project partners where required to deliver a project; and authorities or regulators where required by law.

5. Cookies and similar technologies

Our website uses cookies and similar technologies. Strictly necessary cookies are used to operate the site. Analytics and other non-essential cookies, including Google Analytics, are used only with your consent, in line with PECR. You can manage or withdraw your consent at any time using the Change my preferences option in our website's cookie banner, or through your browser settings.

Part B - Digital Ops platform

This Part applies when you use the Digital Ops application and related services (the "Service"). Digital Ops is provided on a business-to-business basis.

6. Who controls your personal data

Who is legally responsible for your personal data - the "controller" - depends on how you came to use the Service.

  • Access provided by your organisation. Where your employer or another organisation has subscribed to Digital Ops and given you access, that organisation is the controller. It decides what data is entered, for what purpose, and on what lawful basis, including any location or attendance monitoring. Ingenious acts as a processor on that organisation's behalf and only on its documented instructions, under a data processing agreement. If you wish to exercise rights over data your organisation has entered, please contact your organisation first; we will support them but generally cannot act without their authority.
  • Direct registration. Where you register for an account directly with us, Ingenious is the controller for that account.
  • Data we always control. In all cases, Ingenious is the controller for account registration and authentication data, subscription and billing data, data used to operate, secure and diagnose the Service, and your communications with our support team.

7. Information we collect through the Service

  • Identity and contact details - name, email, telephone, job role and employer.
  • Account and authentication data - username, credentials and sign-in logs.
  • Project and form content - projects, forms, records and other content created within the Service.
  • Photos, documents and attachments - files uploaded by users.
  • In-app messages - the content of messages you send to other users or to your organisation through the Service's in-app messaging feature.
  • Precise location (GPS) - collected only where the feature is enabled and used, for example to verify site attendance. Where you are an authorised user, this is collected on your organisation's instruction.
  • Attendance and time records - clock-in/out and time data.
  • Technical and usage information - to operate and secure the Service, we record your IP address and in-app activity logs (for example sign-in, file upload, attendance and form-submission events) for security and audit purposes. We do not use third-party analytics, advertising or crash-reporting software within the Service, and we do not load third-party tracking scripts.
  • Support communications - correspondence with our support team.

We do not intend to collect special category data. Users and organisations should not upload such data unless the controlling organisation has established an appropriate lawful basis.

8. How we use this information and our lawful basis

For data we control, we process personal data to provide, operate and maintain the Service (performance of a contract and legitimate interests); to authenticate users and secure the Service (legitimate interests and legal obligation); to administer subscriptions, accounts and billing (contract and legal obligation); to provide support (contract and legitimate interests); to improve performance, reliability and security (legitimate interests); and to comply with legal obligations.

For personal data we process on a subscribing organisation's behalf, we act only as a processor on that organisation's documented instructions. That organisation, as controller, is responsible for determining and communicating the lawful basis for its monitoring and other processing.

9. Sharing and sub-processors

We do not sell personal data and we do not share it for third-party advertising. We share personal data with the subscribing organisation that controls it; with the sub-processors set out below, under written contract and only as necessary; with authorities or professional advisers where required by law; and in connection with a business transfer, subject to the protections of this Policy.

Categories of sub-processor
Category Purpose Provider / location
Cloud hosting / infrastructure Hosting and storage of the platform and its data Amazon Web Services (AWS) Lightsail - London, United Kingdom (eu-west-2)
Communications / email Transactional email, password reset, notifications AWS Simple Email Service (SES) - London, United Kingdom (eu-west-2)

10. Account and data deletion (Digital Ops)

If you registered directly, you can delete your account and associated personal data from within the app via Account > My Profile > Delete Account, or by emailing us at privacy@ingeniouspe.com. Where your account is controlled by a subscribing organisation, account creation and deletion are managed by that organisation. Following a verified request, we delete or irreversibly anonymise the relevant personal data, except where limited retention is required by law.

Shared Provisions

The following provisions apply to both Part A and Part B.

11. International data transfers

Most personal data is stored and processed within the United Kingdom. The Digital Ops platform is hosted on Amazon Web Services in London (eu-west-2), with no replication to other regions. Some limited processing may take place outside the UK through our providers - for example, certain Microsoft Entra ID directory and authentication services, and Google Analytics on our website. Where personal data is transferred to, stored in, or accessed from a country outside the UK, we ensure an appropriate safeguard is in place - a UK adequacy determination, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses - under the relevant provider's standard contractual protections.

12. Data security

We take technical and organisational measures appropriate to the risk, including encryption of data in transit (HTTPS/TLS), role-based access controls on a least-privilege basis, authentication controls, activity logging and monitoring, regular backups, and due diligence on the providers we use. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Data retention

We retain personal data only for as long as necessary for the purposes set out in this Policy and to meet our contractual, legal and regulatory obligations. Enquiry and contact data is retained for 5 years; client and project records for the duration of the engagement and for 7 years afterwards (including for CDM and health-and-safety record-keeping); and recruitment data for unsuccessful applicants for 5 years. For the Digital Ops platform, retention follows the relevant subscription and our data processing agreement, after which data is deleted or returned, subject to limited retention required by law.

14. Your rights

Subject to applicable law, you have the right to request access to your personal data; request rectification of inaccurate data; request erasure; restrict or object to certain processing; request data portability; and, where processing is based on consent, withdraw that consent at any time. We do not carry out solely automated decision-making that produces legal or similarly significant effects.

If a subscribing organisation is the controller of the data in question (see Part B), please direct your request to that organisation; we will assist them in responding. To exercise rights over data we control, contact us using the details below.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk). We would, however, appreciate the opportunity to address your concerns first.

15. Children

The Digital Ops platform is intended for use in a workplace context by adults and is not directed at children. Where a subscribing organisation authorises individuals aged 16 or 17 (for example, apprentices), that organisation is responsible for ensuring an appropriate lawful basis and any additional safeguards required for those users.

16. Changes to this Policy

We review this Policy at least annually and whenever there is a significant change to our processing. Where changes are material, we will take reasonable steps to notify affected users, and we will update the effective date below.

17. Contact us

Ingenious Power Engineering Ltd
Privacy enquiries: privacy@ingeniouspe.com
Registered office: 26 Britten Road, Reading, RG2 0AU
ICO registration number: ZB131412
Website: https://www.ingeniouspe.com

Back to top