Privacy Policy

Sustainable Drainage Systems Limited (SDS Limited) has a responsibility to document how we will proPrivacy Notice

Effective Date: January 2026

  1. Introduction

Sustainable Drainage Systems Limited (“SDS Limited”, “we”, “us”, “our”) is committed to protecting the privacy and security of personal data. We process personal data lawfully, fairly, and transparently in accordance with:

  • the UK General Data Protection Regulation (UK GDPR);
  • the Data Protection Act 2018 (DPA 2018);
  • the Data Use and Access Act 2025 (DUAA 2025); and
  • the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

This Privacy Notice explains how we collect, use, store, share, and protect personal data, and outlines the rights available to individuals.

  • Who We Are

Legal Entity: Sustainable Drainage Systems Limited Company Number: 04433740 Registered Office: England and Wales ICO Registration Number: ZB405442

SDS Limited acts as both a Data Controller and, where applicable, a Data Processor.

Contact Details:

Telephone: 01934 751303

Email: info@sdsinfrastructure.com

  • Definitions
  • Personal Data: Any information relating to an identified or identifiable living individual (UK GDPR Article 4(1)).
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion (UK GDPR Article 4(2)).
  • Special Category Data: Personal data revealing racial or ethnic origin, health, or other sensitive information requiring enhanced protection (UK GDPR Article 9).
  • Data Controller: The organisation that determines the purposes and means of processing personal data.
  • Data Processor: An organisation that processes personal data on behalf of a Data Controller.
  • Senior Responsible Individual (SRI): A role established under the DUAA 2025 responsible for oversight, accountability, and access transparency.
  • Scope

This Privacy Notice applies to all individuals whose personal data is processed by SDS Limited, whether electronically or within structured manual filing systems, in line with the material scope of the UK GDPR and DPA 2018.

We adhere to the seven data protection principles set out in UK GDPR Article 5:

  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality (security)
  7. Accountability
  • Lawful Bases for Processing

We process personal data only where a lawful basis applies under UK GDPR Article 6, including:

  • Contract: Processing necessary to perform or enter into a contract.
  • Legal Obligation: Processing required to comply with UK law.
  • Legitimate Interests: Processing necessary for our legitimate business interests, provided these are not overridden by individual rights and freedoms.
  • Consent: Where required, particularly for electronic marketing under PECR.

Where special category data is processed, we rely on additional conditions under UK GDPR Article 9.

  • Categories of Personal Data We Process

We may process the following categories of personal data:

  • Identity and Contact Data: Names, job titles, email addresses, telephone numbers.
  • Location Data: Business or site addresses.
  • Financial Data: Invoice details, payment records, and banking information.
  • Communications Data: Emails, correspondence, and records of interactions.
  • Website Usage Data: IP address, browser type, and technical usage data (where applicable).

We do not knowingly process personal data relating to children.