Privacy Policy

Last updated: 3 December 2025

1. Who we are

This website is operated by Codor Ltd ("Codor", "we", "us", "our"). We are a consultancy focused on engineering-related scientific and technical activities in the energy sector.

Legal entity: Codor Ltd
Company number: 16508476
Registered office: Suite 606, West Village, 114 Wellington Street, Leeds, LS1 1BA, United Kingdom
Website: https://codor.uk
Contact: info@codor.uk

Codor is the controller of the personal data described in this policy when you interact with this website or contact us.

2. What this policy covers

This Privacy Policy explains:

  • What personal data we collect
  • How and why we use it
  • The legal bases we rely on
  • How long we keep it
  • Who we share it with
  • Your rights under UK data protection law

It applies to:

  • Visitors to codor.uk
  • People who contact us via the website, email or phone
  • People who receive communications from us based on those interactions

It does not cover personal data processed under specific client contracts, which are governed by the applicable engagement terms.

3. Personal data we collect

3.1 Data you provide directly

When you contact us (for example via the contact form, email or phone), you may provide:

  • Name
  • Job title
  • Company name
  • Work email address
  • Work phone number
  • Any information you choose to include in your message

We treat free-text messages as business information, but they may contain personal data if you choose to include it.

3.2 Data we collect automatically

When you visit our website, we may automatically collect:

  • IP address
  • Device and browser type
  • General location (country/region)
  • Pages visited, time and date of visit, time spent on pages
  • Referring site or campaign (where available)

This is typically collected via cookies and similar technologies. See our Cookie Policy for more detail.

We do not intentionally collect special category data (e.g. health, ethnicity, political opinions) or data about children through this website.

4. How we use your personal data and legal bases

We only process personal data where we have a lawful basis under UK GDPR and the Data Protection Act 2018.

4.1 Handling enquiries and providing information

Purpose: Responding to enquiries, arranging meetings, providing information about our services and potential engagements.

Data used: Contact details, company details, message content, follow-up correspondence.

Legal basis:

  • Legitimate interests (Article 6(1)(f)) — our interest in managing and growing our business and responding to prospective clients; and/or
  • Steps taken at your request prior to entering into a contract (Article 6(1)(b)).

4.2 Maintaining business records

Purpose: Keeping records of enquiries, proposals and engagements for governance, commercial and audit purposes.

Data used: Contact details, company details, records of interactions.

Legal basis: Legitimate interests (Article 6(1)(f)).

4.3 Website performance, security and analytics

Purpose: Operating, securing and improving the website; understanding usage patterns.

Data used: IP address, device information, usage data, cookies/analytics data.

Legal basis:

  • For essential cookies and security logging: Legitimate interests (Article 6(1)(f)) — keeping the site available and secure.
  • For optional analytics cookies: Consent (Article 6(1)(a)) — we will only set these if you accept them via our cookie banner.

We do not currently run marketing mailing lists from this site. If that changes, we will update this policy and clearly set out the relevant legal basis (usually consent or legitimate interests with an easy opt-out).

5. How long we keep your data

We keep personal data only for as long as necessary for the purposes described above:

  • Enquiry information: typically up to 2 years from our last interaction, unless there is an ongoing commercial opportunity or another legitimate reason to retain it longer.
  • Contract-related records: retained in line with our legal and regulatory obligations (often up to 6–7 years for accounting/audit purposes).
  • Technical logs and security data: typically up to 12 months, unless needed for investigation.

We may retain anonymised or aggregated data (no longer personal data) for longer periods.