Privacy Policy

Last updated: 3 December 2025

1. Introduction

PETRUF Consulting Engineers Ltd. (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring transparency in how we collect, use, and protect your personal data. This Privacy Policy explains our practices in compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

2. Our Privacy-First Approach

We believe in privacy by default. Apart from minimal data that is strictly necessary for security and basic functionality, we do not use cookies or process additional personal data (such as analytics or embedded content) unless you explicitly consent to them.

Our website uses a cookie consent system that:

Blocks all non-essential cookies by default
Requires your explicit consent before activating analytics or embedded content
Allows granular control over different types of cookies
Respects your choices and remembers your preferences

3. Data We Collect

3.1 Strictly Necessary Data

We collect minimal data required for website security and functionality:

Cookie consent preferences – to remember your choices about cookies
Session data – to maintain secure connections and prevent attacks
Web server logs – IP address, date and time of access, URLs visited, referrer URL, and browser/user-agent information, used for security monitoring, error diagnostics, and preventing abuse

Web server logs are generally retained for a short period (for example, up to 30 days), unless a longer retention period is required to investigate security incidents.

Legal Basis: Our legitimate interest in providing a secure, reliable website and preventing fraud or abuse (GDPR Art. 6(1)(f)).

If you accept analytics cookies, we use Google Analytics to understand how visitors use our website:

IP address (truncated/anonymized where configured)
Browser type and version
Device information (type, operating system)
Pages visited and navigation patterns
Time spent on pages
Referral source

Legal Basis: Your explicit consent (GDPR Art. 6(1)(a))

Cookies Used:

Cookie	Service	Purpose	Expiration
`_ga`	Google Analytics	Distinguish unique users	2 years
`_ga_*`	Google Analytics	Persist session state	2 years

We embed third-party content to enhance your experience. These embeds only load when you accept embedded content cookies or click “Accept & Load” on specific content:

YouTube Videos – Project showcase videos hosted on YouTube
Google Maps – Interactive map showing our office location
Booking Calendar – Schedule consultations via an embedded booking widget

When you schedule a consultation through the booking calendar, the provider may process:

Your name
Contact details (such as email address and/or phone number)
Preferred meeting time and time zone
Optional project or enquiry details you choose to provide

When embedded content is loaded, these services may collect:

IP address
Browser and device information
Interaction data with embedded content
Cookies set by the respective services

Legal Basis: Your explicit consent for loading embedded content and associated cookies (GDPR Art. 6(1)(a)).

Cookies Used:

Cookie	Service	Purpose	Expiration
`CONSENT`	YouTube	Track consent for embedded videos	20 years
`NID`	Google Maps	Remember preferences for embedded maps	6 months

4. How We Use Your Data

Purpose	Data Used	Legal Basis
Website security and functionality	Session data, consent preferences, web server logs	Legitimate interest (GDPR Art. 6(1)(f))
Understanding site usage and improving services	Analytics data	Consent (GDPR Art. 6(1)(a))
Displaying office location on map	IP address, location data via Google Maps	Consent (GDPR Art. 6(1)(a))
Showing project videos	IP address, interaction data via YouTube	Consent (GDPR Art. 6(1)(a))
Enabling appointment booking and managing consultations	Name, contact details, booking details, interaction data via booking widget	Performance of a contract or pre‑contractual steps at your request (GDPR Art. 6(1)(b)) and, where applicable, consent for any non‑essential cookies used by the provider (GDPR Art. 6(1)(a))

5. Third-Party Data Recipients

Your data may be processed by the following third parties:

Google Ireland Ltd.

Services: Google Analytics, Google Maps, YouTube
Data Processing: Google may process data outside the EEA (including in the United States) under the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs)
Privacy Policy: https://policies.google.com/privacy

Booking Service Provider

Service: Appointment scheduling calendar
Data Processing: Processes your personal data (such as your name, contact details, and booking details) to schedule and manage your appointment, in accordance with the booking service provider’s privacy policy
Purpose: Facilitate consultation bookings

WebSupport s.r.o. (Web Hosting Provider)

Services: Web hosting and technical infrastructure for this website
Data Processing: Stores website data and processes server log files (such as IP address, date and time of access, URL, referrer and browser information) for hosting, security, and troubleshooting purposes on servers located within the European Economic Area (EEA)
Legal Basis: Our legitimate interest in secure and reliable website hosting (GDPR Art. 6(1)(f))

We do not sell, rent, or trade your personal data to third parties.

Strictly Necessary Cookies (Always Active)

Essential for website functionality. Cannot be disabled.

Cookie consent preferences
Security and session management
CSRF protection

Functionality Cookies (Optional)

Enable enhanced features like remembering your preferences.

Analytics Cookies (Optional – Disabled by Default)

Help us understand website usage through Google Analytics.

Embedded Content Cookies (Optional – Disabled by Default)

Enable third-party content including YouTube videos, Google Maps, and booking calendars.

7. Your Data Protection Rights

Under GDPR, you have the following rights:

Right of Access (Art. 15)
Request a copy of the personal data we hold about you.
Right to Rectification (Art. 16)
Request correction of inaccurate personal data.
Right to Erasure (Art. 17)
Request deletion of your personal data (“right to be forgotten”).
Right to Restrict Processing (Art. 18)
Request limitation of how we process your data.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format.
Right to Object (Art. 21)
Object to processing based on legitimate interests.
Right to Withdraw Consent (Art. 7(3))
Withdraw consent for analytics or embedded content at any time by clicking “Cookie Settings” in the footer or changing your browser settings.
Right to Lodge a Complaint
File a complaint with the Data Protection Commission (DPC) Ireland:
- Website: https://www.dataprotection.ie
- Phone: +353 (0)761 104 800
- Email: info@dataprotection.ie

Automated decision-making:
We do not use your personal data for decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects concerning you (GDPR Art. 22).

Requirement to provide data:
Providing your personal data is generally voluntary. However, if you choose not to provide certain information (for example, the contact and booking details requested in the booking form), we may not be able to respond to your enquiry or enter into a contract with you.

8. Data Retention

Consent preferences: Stored locally in your browser until you clear cookies or revoke consent.
Analytics data: Retained by Google Analytics for 26 months, then automatically deleted.
Session data: Deleted when you close your browser.
Web server logs: Retained by our hosting provider for a short period (for example, up to 30 days), unless a longer retention period is required to investigate security incidents.
Embedded content cookies: Retention periods set by respective services (see Section 3.3).

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

HTTPS encryption for all website traffic
Secure cookie storage with appropriate flags
Minimal data collection – we only collect what’s necessary
Third-party security – we work only with service providers that commit to GDPR-compliant practices

10. International Data Transfers

Some of our third-party service providers (notably Google) may transfer data outside the European Economic Area (EEA). These transfers are protected by:

EU-US Data Privacy Framework – where the provider is certified
Standard Contractual Clauses (SCCs) – approved by the European Commission
Adequacy decisions – transfers to countries deemed adequate by the EU

11. Children’s Privacy

Our website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates when changes were last made. We encourage you to review this policy periodically.

Material changes will be communicated through:

Notice on our website
Update to the consent banner (requiring fresh consent if necessary)

Where required by law or guidance, we may periodically ask you to review and renew your cookie consent choices.

You can manage your cookie preferences at any time:

Via our Cookie Settings: Click “Cookie Settings” in the footer of any page.
Via your browser settings: Configure your browser to block or delete cookies.
Per-content basis: Click “Accept & Load” or “Cookie Settings” on individual embedded content placeholders.

Note: Blocking all cookies may impact website functionality.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

PETRUF Consulting Engineers Ltd.
51 Baroda Court, Newbridge, Co. Kildare W12 HR58, Ireland

Contact methods:

Email: info@petruf.ie
Visit our contact page for booking and inquiry options

We will respond to your request within one month as required by GDPR (Art. 12(3)).