GDPR Policy

Last updated: April 2, 2026

Nash CM ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [www.nashcm.ie], use our services, or otherwise interact with us. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

We comply with the EU General Data Protection Regulation (GDPR) and Ireland's Data Protection Act 2018.

1. Information we collect

We collect information that you provide directly to us, including:

  • Name

  • Email address

  • Phone number

  • Company/trade name

  • Project details (e.g., site type, work description)

  • Uploaded files (e.g., RAMS drafts, method statements)

This data is collected through our quote request form and email correspondence.

2. How we use your information

We use your information to:

  • Provide RAMS review, method statement support, and pre-start paperwork services

  • Communicate with you about your quote request and service delivery

  • Process payments (if applicable)

  • Improve our services

Your data is used solely for fulfilling your service request and is not used for marketing or shared with third parties.

3. Legal basis for processing

We process your personal data based on:

  • Contractual necessity: To deliver the services you requested

  • Legitimate interests: To communicate about your project and provide support

  • Your consent: When you explicitly agree via our quote form checkbox

4. How long we keep your information

  • Quote requests: 6 months after final response (unless service is delivered)

  • Active projects: Until project completion + 12 months for reference/follow-up

  • Completed projects: 2 years for quality assurance and potential references (anonymized where possible)

  • After that: Deleted unless you request retention

5. Who we share your data with

We do not sell, rent, or share your personal data with third parties except:

  • Payment processors (if used)

  • Legal authorities if required by law

All processors are GDPR compliant.

6. Your data protection rights

Under GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Erase your data ("right to be forgotten")

  • Restrict processing

  • Data portability

  • Object to processing

  • Withdraw consent at any time

Contact us at damiennash@gmail.com to exercise these rights.

7. Data security

We use reasonable technical and organizational measures to protect your data, including:

  • Secure email transmission

  • Password-protected file storage

  • Access controls

8. International transfers

Data is processed within the EU (Ireland/Belgium). No transfers outside EEA.

9. Website cookies

This site uses essential cookies only (session management). No tracking cookies.

10. Changes to this policy

We may update this policy. Changes will be posted here with the updated date.

11. Contact information

Email: info@ncm.ie

Data Protection Authority: Data Protection Commission Ireland (www.dataprotection.ie)