Privacy, Cookies & Data Protection Policy

Europa Engineering Ltd trading as Lifting Gear Products – Division of Europa Engineering Group
Last updated: 17 November 2025

1. Introduction

Lifting Gear Products, part of the Europa Engineering Group, is committed to protecting your privacy and handling your personal data responsibly. This policy explains how we collect, use, and protect your personal data when you use our website, products, or services.

By using our website or services, you consent to the practices described in this policy. We encourage you to review this policy regularly, as we may update it from time to time.

This Data Protection Policy applies across all divisions of the Europa Engineering Group, including Lifting Gear Products. All references to “we,” “our,” or “the Company” in this policy include Lifting Gear Products and any other divisions within the Group. This ensures that all personal data handled across our business operations, websites, and services is protected consistently and in compliance with UK GDPR and the Data Protection Act 2018.

This policy applies to all employees, contractors, agency staff, and anyone working on behalf of Europa Engineering.

Audience: Our services and website are intended for professional and industrial users. We do not target or knowingly collect data from children under 16.

2. Information We Collect

Europa Engineering Ltd is committed to protecting the personal data we handle. We only collect what we need, use it lawfully, keep it safe, and respect the rights of individuals.

We may collect the following personal data:

  • Personal identification and contact information: Name, email, phone number, postal address, and payment details.
  • Demographic and professional information: Job role, company, postcode, preferences, and interests.
  • Interaction and usage data: IP address, browser type, pages visited, time on site, and survey/feedback responses.
  • Comments and uploaded content: Any media or comments you post on our site.
  • Analytics: Anonymised data for improving website functionality and services.

Lawful basis for processing:

  • Contractual necessity: Processing orders, payments, and providing customer support.
  • Legitimate interest: Website analytics, improving services, fraud prevention, and record keeping.
  • Consent: Marketing communications, optional surveys, and non-essential cookies.

3. How We Use Your Information

Data Type / Purpose Legal Basis Retention Period Disposal Method
Customer / Supplier contact details (name, email, phone, address) Contractual necessity / Legitimate interest Duration of business relationship + 6 years Secure destruction / secure wipe
Orders, payments, and transaction details Contractual necessity 7 years (for accounting and legal compliance) Secure destruction / secure wipe
Enquiries and customer support interactions Contractual necessity 3 years after last interaction Secure destruction / secure wipe
Marketing communications (emails, newsletters, promotions) Consent Until consent is withdrawn Secure destruction / secure wipe
Surveys and market research responses Consent Up to 2 years, unless consent is withdrawn earlier Secure destruction / secure wipe
Comments and media uploaded to the website Legitimate interest / Consent Indefinitely for moderation/legal purposes Secure deletion when no longer required
Website usage analytics (anonymised) Legitimate interest Indefinitely (anonymised, non-identifiable) N/A (anonymised)
Cookies / session information Consent / Legitimate interest Session-based or as specified in cookie details Automatic deletion on expiry
CCTV footage (if a visitor is captured on site) Legitimate interest / Safety 30 days (unless required for an incident) Secure deletion

4. Retention and deletion

Data Type / Purpose Legal Basis Disposal Method
HR / Personnel Records 6 years after employment Secure destruction / wipe
Payroll & Tax Records 7 years Secure destruction / wipe
Accident / Incident Reports 3 years minimum (longer if claim possible) Secure destruction / wipe
Customer / Supplier Records Duration of relationship + 6 years Secure destruction / wipe
CCTV Footage 30 days (unless incident) Secure deletion

5. Data Sharing & Third Parties

We may share data with third parties where necessary, including:
HMRC, banks, pension providers.
IT and payroll service providers.
Training bodies and certification providers.
HSE or regulators (where legally required).
We require third parties to comply with GDPR and only use the data for agreed purposes.

6. Cookies

Cookies are small files stored on your device to enhance your browsing experience.

Types of cookies we use:

  • Essential cookies: Necessary for site functionality, such as remembering login information and storing cart contents.
  • ekm_liftinggearprod – tests if cookies are enabled, expires in 72 hours
  • ekm_pp_liftinggearprod – stores cart/authentication info, expires on exit
  • ekm_tmp_ORDERNUMBER – stores order reference, expires on exit
  • Analytics cookies: Track user behaviour to improve the website (e.g., Google Analytics).
  • Third-party cookies: Used for payment processing (PayPal) or embedded content.

Consent: Non-essential cookies require your consent. You can manage or withdraw consent through your browser settings or our cookie banner. Disabling certain cookies may affect website functionality.

7. Data Protection & Security

We implement technical, physical, and managerial measures to protect personal data, including:

  • Secure payment processing (SagePay, PayPal)
  • Encryption of sensitive information
  • Access restrictions to authorised personnel only
  • Regular staff training on data protection

Your rights under GDPR include:

  • Access your personal data
  • Correct or update your data
  • Request deletion of your data
  • Restrict or object to processing
  • Withdraw consent to marketing communications


8. Data Protection Principles

We comply with the seven UK GDPR principles:

  1. Lawfulness, fairness, transparency.
  2. Purpose limitation.
  3. Data minimisation.
  4. Accuracy.
  5. Storage limitation.
  6. Integrity and confidentiality.
  7. Accountability.


9. Data Types We Handle

We collect and process personal data including (but not limited to):

  • Employees – HR records, payroll, training, qualifications, emergency contacts.
  • Customers & Suppliers – names, job titles, phone numbers, email addresses, bank/payment details.
  • Operations – site visitor records, project contact information, subcontractor details.
  • Security & Safety – CCTV images, accident/incident records, occupational health information (where required).

We do not routinely process “special category” data (e.g., health, race, religion, political beliefs), except where required for employment, safety, or legal obligations.

10. Data Breach Management

  • All suspected breaches must be reported immediately to the Data Protection Lead.
  • The Lead will investigate and record the incident.
  • If there is a risk to individuals, the ICO will be notified within 72 hours.
  • Affected individuals will be informed if there is a high risk to their rights.

Data breaches: Any suspected breaches will be investigated and reported according to legal obligations. Individuals will be informed if their data is likely to result in high risk to their rights.

Data retention: Personal data is stored only as long as necessary for the purposes outlined above or to comply with legal obligations.

11. Legal Basis for Processing

We process data lawfully under the following bases:

  • Contractual obligation – to employ staff, pay wages, deliver projects.
  • Legal obligation – HSE reporting, tax, employment law.
  • Legitimate interest – Day-to-day business operations, managing suppliers and customers.
  • Consent – used only where required (e.g., using employee photos for marketing)


12. Data Security Measures

To protect personal data, we:

Restrict access to authorised staff only.

Use password protection and secure servers.

Lock physical files in secure cabinets.

Back up data regularly.

Train staff in phishing awareness and secure data handling.

Apply a “clean desk” rule for paper records.

13. Media, Comments & Embedded Content

  • Images you upload should not contain embedded location data unless necessary.
  • Comments may be retained indefinitely for moderation and legal purposes.
  • Embedded content from third-party sites (videos, articles, media) may collect data; Lifting Gear Products is not responsible for their privacy practices.


14. Links to Other Websites

Our website may contain links to third-party websites. We do not control their content or data practices. Please review their privacy policies separately.

15. International Data Transfers

Some data may be transferred to third-party processors outside the UK/EU (e.g., PayPal servers). In such cases, we ensure appropriate safeguards, such as standard contractual clauses, to protect your data.

16. Rights of Individuals

Individuals can request to:

  • Access their data (Subject Access Request).
  • Correct inaccurate data.
  • Request deletion (where legally possible).
  • Restrict or object to processing.
  • Request data portability (where applicable).

Requests should be sent to the IT Department.

17. Training & Awareness

All staff will receive basic training on:

  1. Handling personal data.
  2. Recognising phishing and scams.
  3. Secure storage and disposal of information.


18. Contact Information

For questions about this policy or to exercise your data rights:
Email: sales@liftinggearprod.co.uk
Postal Address: Lifting Gear Products, 326-328 Coleford Road, Sheffield, S9 5PH

19. Legal Association

Lifting Gear Products operates under Europa Engineering Ltd, part of the Europa Engineering Group, and complies with Group policies on cybersecurity, data protection, and responsible handling of customer information.