Legal

Privacy Policy

Last updated: 4 February 2026

1. Introduction

GIS Analytics ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our website at www.gisanalytics.uk and our services.

We are a data engineering, machine learning, and cloud solutions company registered in England and Wales. Our registered address is:

GIS Analytics
25 Thornhill Bridge Wharf
Islington, London
N1 0RU, United Kingdom

This policy applies to all personal data processed through our website, contact forms, job application processes, and any other interactions you have with us. It is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide Directly

  • Contact form submissions: your name, email address, company name, and message content when you reach out to us via our contact page.
  • Job applications: your name, email address, phone number, CV/resume, cover letter, and any other information you choose to include in your application.
  • Email correspondence: any personal data included in emails you send to us.

2.2 Information Collected Automatically

  • Website usage data: pages visited, time spent on pages, navigation paths, referring URLs, and interaction patterns collected through analytics tools.
  • Technical data: IP address, browser type and version, operating system, device type, screen resolution, and time zone setting.
  • Server logs: access logs including IP addresses, request timestamps, HTTP methods, response codes, and user agent strings, maintained for security and operational purposes.
  • Cookies and similar technologies: data collected through cookies as described in Section 8 below.

3. How We Use Your Information

We use the personal data we collect for the following purposes:

  • Responding to enquiries: to reply to your questions, provide information about our services, and facilitate ongoing communication.
  • Processing job applications: to evaluate your suitability for roles at GIS Analytics, schedule interviews, and manage the recruitment process.
  • Improving our services: to understand how visitors use our website, identify areas for improvement, and enhance user experience.
  • Sending relevant communications: with your explicit consent, to send you updates about our services, industry insights, or company news. You may opt out at any time.
  • Ensuring security: to monitor and protect our website and systems against fraud, abuse, and unauthorised access.
  • Complying with legal obligations: to meet regulatory requirements and respond to lawful requests from authorities.

4. Legal Basis for Processing

Under the UK GDPR, we rely on the following lawful bases for processing your personal data:

Lawful Basis How It Applies
Consent When you subscribe to communications or accept non-essential cookies. You can withdraw consent at any time.
Contractual Necessity When processing is necessary to take steps at your request before entering into a contract, such as responding to a service enquiry or processing your job application.
Legitimate Interests To improve our website, analyse usage patterns, maintain security, and promote our services, where these interests do not override your rights and freedoms.
Legal Obligation When we are required to process data to comply with applicable laws, regulations, or legal proceedings.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

Data Category Retention Period
Contact form enquiries 2 years from the date of submission
Job applications 1 year from the date of application (or longer with your consent)
Website analytics data 26 months
Server logs 90 days
Contractual records 6 years after the end of the contract

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

6. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: you may request a copy of the personal data we hold about you (known as a Subject Access Request).
  • Right to rectification: you may request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: you may request that we delete your personal data where there is no compelling reason for its continued processing (also known as the "right to be forgotten").
  • Right to restrict processing: you may request that we limit the way we use your data in certain circumstances.
  • Right to data portability: you may request a copy of your data in a structured, commonly used, and machine-readable format, and have it transferred to another controller.
  • Right to object: you may object to our processing of your personal data where we are relying on legitimate interests as the legal basis.
  • Rights related to automated decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We do not currently carry out automated decision-making.

To exercise any of these rights, please contact us at info@gisanalytics.com. We will respond to your request within one month. In certain circumstances, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.

You will not be charged a fee to exercise your rights, unless your request is clearly unfounded or excessive.

7. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it, including:

  • Encryption: all data transmitted between your browser and our website is encrypted using TLS/SSL (HTTPS). Sensitive data at rest is encrypted using industry-standard algorithms.
  • Access controls: access to personal data is restricted to authorised personnel on a need-to-know basis. Administrative areas of our website are protected by session-based authentication with enforced timeouts.
  • Regular security reviews: we conduct periodic security assessments and reviews of our systems, including vulnerability scanning and code reviews.
  • Secure hosting: our website is hosted on infrastructure that provides firewall protection, intrusion detection, and regular security updates.
  • Input validation and sanitisation: we employ CSRF protection, input validation, and parameterised database queries to guard against common web application vulnerabilities.

While we take all reasonable precautions, no method of data transmission or storage is entirely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

8. Cookies

Our website uses cookies and similar technologies to enhance your browsing experience. A cookie is a small text file placed on your device when you visit a website.

8.1 Essential Cookies

These cookies are necessary for the website to function properly and cannot be switched off. They include:

  • Session cookies for authenticated admin areas
  • Security cookies (CSRF tokens) to protect form submissions
  • Service worker cache management

8.2 Analytics Cookies

We use Google Analytics to understand how visitors interact with our website. Google Analytics uses cookies to collect information about page visits, traffic sources, and user behaviour. This data is aggregated and anonymised. Google Analytics cookies include:

  • _ga - used to distinguish users (expires after 2 years)
  • _gid - used to distinguish users (expires after 24 hours)
  • _gat - used to throttle request rate (expires after 1 minute)

8.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored and delete them individually
  • Block third-party cookies
  • Block cookies from particular websites
  • Block all cookies from being set
  • Delete all cookies when you close your browser

Please note that blocking or deleting cookies may affect your experience on our website and limit certain functionality.

9. Third-Party Services

We use a limited number of third-party services that may process personal data on our behalf:

  • Google Analytics: for website usage analytics. Google processes data in accordance with their Privacy Policy. We have enabled IP anonymisation to minimise the personal data collected.
  • Cloudflare (CDN): our frontend libraries (TailwindCSS, GSAP) are served via Cloudflare's Content Delivery Network. Cloudflare may process technical data such as IP addresses for performance and security purposes.
  • Amazon Web Services (AWS): certain assets such as images may be hosted on AWS infrastructure. AWS operates under comprehensive data protection agreements.
  • Hostinger: our web hosting provider, which stores and serves our website and associated data.

We have verified that each of these third-party providers maintains appropriate data protection standards and, where applicable, has entered into data processing agreements with us.

10. International Data Transfers

Some of our third-party service providers may process data outside the United Kingdom. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries that the UK government has determined provide an adequate level of data protection (adequacy decisions).
  • Use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses where no adequacy decision exists.
  • Verification that our service providers maintain certifications and comply with applicable data protection frameworks.

You may contact us for more information about the specific safeguards applied to any international transfers of your personal data.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child, please contact us and we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

Data Protection Enquiries
GIS Analytics
25 Thornhill Bridge Wharf
Islington, London, N1 0RU
United Kingdom

Email: info@gisanalytics.com
Phone: +44 7940 839655

Complaints

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority set up to uphold information rights:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
United Kingdom

Website: ico.org.uk
Helpline: 0303 123 1113