1. Who We Are
HESTIA Fire Safety Ltd is an independent fire safety consultancy providing:

  • Fire Risk Assessments
  • Fire Strategy review and commentary
  • Emergency planning
  • Fire door inspections
  • General fire safety consultancy

HESTIA Fire Safety Ltd is the Data Controller for the purposes of UK GDPR.

2. What Personal Data We Collect
We may collect and process the following types of personal data:

Client and Business Contacts

  • Name
  • Job title
  • Organisation
  • Business address
  • Email address
  • Telephone number

Site-Related Information

  • Names of responsible persons
  • Maintenance contacts
  • Training records (where provided)
  • Evacuation role holders

Sensitive Data
We do not routinely collect special category data. If such data is disclosed (for example within evacuation plans), it will be processed solely for life safety purposes, handled securely, and retained only for as long as necessary to fulfil contractual and legal obligations.

3. Lawful Basis for Processing
We process personal data under the following lawful bases:

  • Contractual necessity – to deliver agreed Services
  • Legal obligation – to comply with statutory duties
  • Legitimate interests – to maintain professional records and manage business operations

4. How We Use Personal Data
We use personal data to:

  • Deliver fire safety consultancy services
  • Produce reports and documentation
  • Communicate with clients
  • Maintain professional records
  • Comply with regulatory and legal obligations

We do not sell or trade personal data.

5. Data Sharing
We do not routinely share personal data with third parties.

Data may be shared only where:

  • Required by law
  • Required for regulatory compliance
  • Necessary for professional advice (e.g., insurers or legal advisers)
  • Required for secure IT hosting or cloud storage services

All third-party providers are required to process data securely and lawfully.

6. Data Retention
We retain project documentation and associated personal data for six years from completion of Services.

This retention period aligns with limitation periods under Scottish law and professional indemnity insurance requirements.

Data may be retained longer where required by law.

7. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure cloud storage
  • Password-protected systems
  • Restricted access controls
  • Regular system updates

8. International Transfers
Personal data is not routinely transferred outside the United Kingdom.

If cloud service providers process data outside the UK, appropriate safeguards are in place in accordance with UK GDPR.

9. Your Rights
Under UK GDPR, individuals have the right to:

  • Access their personal data
  • Request rectification
  • Request erasure (where legally appropriate)
  • Request data portability (where applicable)
  • Where processing is based on consent, withdraw consent at any time.
  • Restrict processing
  • Object to processing
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO Website: www.ico.org.uk

10. Contact

If you have any questions regarding this Privacy Notice or your data, please contact:
Data Protection Enquiries
HESTIA Fire Safety Ltd
Email: office@hestiafire.co.uk

11. Changes to This Notice
This Privacy Notice may be updated periodically. The current version will always be available on our website.