Data protection policy

Data protection policy

Evolution Aqua Group – Data Protection and Retention Policy

 Last reviewed: 29 July 2025

Evolution Aqua Group comprises the holding company Evolution Aqua Group Ltd and its subsidiaries: Evolution Aqua Group, Aqua Bioscience Ltd, OCM Products Ltd, and Onyx Ling Ltd. References to ‘Evolution Aqua Group’ or ‘we’ in this policy apply to all group companies collectively, unless stated otherwise.

1. Policy Statement

Evolution Aqua Group is committed to protecting the rights and privacy of individuals. We collect, store, and process personal data fairly, lawfully, and transparently in line with the UK GDPR and Data Protection Act 2018. This policy outlines our approach to data protection and retention across all operations.

 

2. Scope

This policy applies to all employees, contractors, and systems that process personal data controlled by Evolution Aqua Group. It covers both digital and physical data.

 

3. Definitions

Key terms such as ‘personal data’, ‘special category data’, ‘data subject’, ‘data controller’, ‘data processor’, and ‘data breach’ are defined as per the UK GDPR and ICO guidelines.

 

4. Legal Bases for Processing

We process personal data under lawful bases including contract, consent, legal obligation, and legitimate interest. Each processing activity is assessed to determine the appropriate legal basis.

 

5. Data Subject Rights

Individuals have rights to access, rectify, erase, restrict, object, and port their data. We honour all rights requests promptly, typically within one month.

 

6. Data Collection and Use

We collect data directly from individuals or from trusted sources. Data is used only for specified, explicit, and legitimate purposes including service provision, legal compliance, marketing (with consent), and recruitment.

 

7. Data Sharing

We share data with professional advisors, regulatory authorities, and service providers under strict contractual terms. We do not sell personal data.

 

8. Data Transfers

Data transferred outside the UK or EEA is protected by appropriate safeguards such as adequacy decisions or standard contractual clauses.

 

9. Data Retention

Data is retained according to our Data Retention Schedule. For example, customer records are kept for 7 years after last interaction, CCTV footage for 30 days, and unsuccessful recruitment data for 12 months.

 

10. Data Security

We implement organisational and technical measures to ensure confidentiality, integrity, and availability of personal data. This includes access controls, encryption, secure storage, and regular audits.

 

11. Data Breaches

All suspected breaches must be reported immediately to the Data Protection Officer. We investigate and notify the ICO and data subjects where required, within statutory deadlines.

 

12. Roles and Responsibilities

The Data Protection Officer is responsible for oversight and compliance. All staff are required to follow this policy and complete regular data protection training.

 

13. Review and Updates

This policy is reviewed annually and updated to reflect changes in law or business operations.

 

14. How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:          

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint


 15. Contact Details

Post: Evolution Aqua Ltd, Martland Park, WIGAN, , WN5 0LP, GB

Telephone: 01942216554

Email: info@evolutionaqua.com