Privacy Policy

Last updated: June 2026

1. Who we are

Raven Technical Services Limited is a health and safety consultancy registered in England and Wales (Company No. 17282046). We produce Risk Assessment and Method Statement (RAMS) documents for contractors carrying out structural and architectural steelwork and metalwork site installations.

We are registered as a data controller with the Information Commissioner's Office (ICO) under Tier 1. ICO Reference: ZC177447.

For any privacy-related queries, contact us at the email address registered to your account.

2. What personal data we collect

When you create an account and use this portal, we collect:

  • Account data: your name, company name, and email address
  • Job information: site addresses, client/principal contractor names, scope of works, planned start dates, number of operatives, and any additional site-specific information you provide
  • Uploaded files: project drawings (DWG, DXF), ZIP packs, PDFs, specifications, and other documents you upload to support your RAMS — these are processed to extract job details and are not stored permanently on our servers
  • Company logo: if uploaded via your account settings
  • Payment records: amounts charged, discount codes used, and referral credit history (payment card details are handled exclusively by Stripe and are never seen or stored by us)
  • Reviews: if you submit a review through the client portal, your name, company name, and review text are stored

3. Legal basis for processing

We process your personal data on the following grounds under UK GDPR:

  • Contract performance — to provide the RAMS document service you have requested
  • Legal obligation — to retain records as required by health and safety and financial legislation
  • Legitimate interests — to operate and improve the portal and communicate with you about your account

4. How we use your data

We use your data solely to:

  • Generate and deliver your RAMS documents
  • Communicate with you about submitted jobs, account matters, and pricing notices
  • Send a minimum 14 days' advance notice of any rate changes
  • Maintain billing records as required by law

We do not sell your data to third parties. We do not use your data for marketing without your explicit consent.

5. Third-party processors

We use the following third-party services to operate the portal:

  • Stripe — payment processing. Card details are entered directly into Stripe's secure interface and are never transmitted to or stored by Raven Technical Services Limited. Stripe's privacy policy applies to payment data.
  • Anthropic (Claude API) — used to extract job details from uploaded files. File contents are sent to Anthropic's API for processing and are subject to Anthropic's data handling policy. Files are not retained by Anthropic after processing.

6. Data retention

Job records and associated RAMS documents are retained for a minimum of 7 years to comply with statutory record-keeping requirements relevant to health and safety documentation. Account data is retained for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us — subject to our legal obligation to retain billing and job records.

Uploaded project files (drawings, specifications, ZIPs) are processed in memory to extract job details and are not stored permanently on our servers once processing is complete.

7. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erasure (right to be forgotten), subject to legal retention obligations
  • Restrict or object to processing
  • Data portability — receive your data in a structured, machine-readable format

To exercise any of these rights, contact us via the email address registered to your account. You also have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.

8. Security

Passwords are stored as irreversible cryptographic hashes. All access to the portal requires authentication. Connections are encrypted in transit. We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

9. Changes to this policy

We may update this Privacy Policy from time to time. Continued use of the portal after notification of material changes constitutes acceptance of the updated policy.