Legal

Privacy Policy

How CPCON collects, uses and protects personal data on cpcongroup.uk — under the UK GDPR and the Data Protection Act 2018.

Last updated: 10 June 2026

1. Who we are

This website, cpcongroup.uk, is operated by the CPCON Group (“CPCON”, “we”, “us”), an international fixed asset management and inventory consultancy. For any privacy matter relating to this website, contact contact@cpcongroup.com.

2. Personal data we collect

  • Enquiry data — when you submit the contact form: name, work email, telephone, company, role and your message. Provided voluntarily to receive a response.
  • Technical data — IP address and user-agent, processed transiently for security (anti-spam and abuse prevention) when you submit a form.
  • Analytics and marketing data — only with your consent (see Cookies below): usage statistics and campaign attribution parameters (e.g. UTM, click identifiers).

3. Why we process it (lawful bases)

  • Responding to your enquiry — legitimate interests / steps prior to entering a contract (UK GDPR art. 6(1)(f) and 6(1)(b)).
  • Security and anti-abuse — legitimate interests (art. 6(1)(f)).
  • Analytics and advertising measurement — your consent (art. 6(1)(a)), given or refused via the cookie banner and changeable at any time by clearing cookies for this site.

4. Cookies and consent

This site uses Google Tag Manager with Consent Mode v2 set to denied by default: no analytics or advertising cookies are written unless you choose “Accept all” in the banner. If you reject, the site still works fully; measurement runs cookieless and aggregated. Strictly necessary items (e.g. your consent choice itself) are stored locally in your browser.

5. Where your data goes

Enquiry data is delivered to CPCON’s customer relationship system to route your request to the right team, and may be processed by CPCON group companies outside the UK (including Brazil and the United States) under appropriate safeguards. We do not sell personal data.

6. Retention

Enquiry records are retained for as long as needed to handle your request and for a reasonable business-relationship period thereafter. Security logs are short-lived. Consented analytics data follows the retention settings of Google Analytics 4.

7. Your rights

Under the UK GDPR you may request access, rectification, erasure, restriction, portability and object to processing, and withdraw consent at any time. Write to contact@cpcongroup.com. You also have the right to complain to the Information Commissioner’s Office (ICO) — see ico.org.uk.

8. Changes

We will update this policy as our UK operations develop (for example, when a UK office address is established) and revise the date above accordingly.