Privacy Policy


Mike Speak Associates prides itself upon and is committed to good practice in conducting its business ethically and in accordance with all applicable principles, laws and regulations, including the GDPR (General Data Protection Regulation).

Mike Speak Associates expects this commitment to be shared by any and all others involved, in any connection, in provision of the Structural Engineering Service it provides.

The GDPR legal requirements – which come into effect 25 May 2018 – provide you with greater protection of and control over your personal data and digital privacy.

Mike Speak Associates is registered with the ICO (Information Commissioners Office) – Registration No: ZA441147 

We collect, store and process only sufficient personal data essential to supply you with the high quality, cost effective professional structural engineering service you engage us to provide. We do so in accordance with legal and professional requirements and in line with the GDPR ‘Legitimate Interest’ category. We therefore ensure that your data privacy and rights are respected and protected and we pledge never to misuse your data.

We believe in transparency and this Privacy Policy (and our Privacy Statement) explains what personal data we collect, how we obtain it, how it is stored and securely protected, and how it is processed in order to fulfil the Structural Engineering Service you engage Mike Speak Associates to provide. This Policy (and our Privacy Statement) also detail how clients can exercise their rights under GDPR in connection with their personal data.

How We Obtain Your Personal Data

  • Referrals from Architects, Surveyors, Building Inspectors, Property Developers, Builders and former clients.
  • Enquiries received via: 
Our website;
Institution of Structural Engineers’ Find an Engineer website
Local Surveyors’ website
) For one-time capture of data
) when you send us enquiries.
) These are forwarded to our
) MS Outlook email account.
Direct email and telephone contact from you
Personal recommendations from others

Data We Store

Name & Address
Email Address
Phone Number
Mobile Number
Website (if applicable) 

How We Process Your Personal Data

We process your data in connection with provision of the professional Structural Engineering service you engage us to provide strictly in accordance with all legal & professional requirements. We use your data to communicate with you by email, telephone and post; also in connection with our financial accounting.

Lawful Basis for Processing Your Data

Legitimate interest in connection with the Structural Engineering Service you engage us to provide.

Who Has Access to Your Personal Data

Only the Data Controller has access to your securely stored personal data.

Third Party or Publicly Available Sources We Employ

We contract with the following third party or Publicly Available Sources to supply our Structural Engineering Service to you:

Daisy Telecoms: Phone & broadband;
Krystal: Web hosting & email;
ESET Endpoint: Antivirus & firewall
Kamazoy IT: Computer Security
Microsoft: Outlook; Word; Excel
Sage: Accounting;
Vodafone: Mobile smart phone.

How We Store Your Personal Data

We store your personal information within secure physical and electronic systems.

How We Protect Your Personal Data

  • Filing cabinets locked & accessible only by Data Controller;
  • Secure archive files accessible only by Data Controller; 
  • PC password, antivirus & firewall protected/locked. Accessible only by Data Controller and Kamazoy IT/
  • Computer Security; 
  • Mobile phone (Samsung S5) password protected & locked. Accessible only by Data Controller;
  • Automatic storage of incoming & outgoing phone numbers on Gigaset landline;
  • Incoming answerphone messages received on Gigaset landline;
  • In addition, our computer systems are continually monitored by Kamazoy IT/Computer Security.

How We May Share Your Personal Data

We share your personal data only as strictly necessary in accordance with the service you engage us to provide; ie:

  • With any Associate of Mike Speak Associates involved with carrying out work on your behalf;
  • With relevant industry specialists such as the Architect, Surveyor, Building Control/Building Inspector, Property Developer, Builder etc, and
  • In line with legal and professional requirements. 

The only time we would divulge any personal client information to any other external source would be if legally required to do so.

How Long We Keep Your Data

We store your data for a minimum of 7 years (in accordance with industry standard and to meet legal/professional requirements).

How We Destroy Your Data

  • Manual deletion of computer records.
  • Cross shredding of paper records
  • Manual deletion of landline and mobile incoming & outgoing phone numbers, plus answerphone  messages retained only as long as necessary to fulfil requested Structuring Engineering Service.

Our secure storage technologies and precise procedures regarding storage, access and management of personal data meet the GDPR compliance requirement.

In Case of a Data Breach

Should we ever discover a data breach we will immediately comply with GDPR and notify all relevant parties/authorities.

Your Rights under GDPR/How You Can Exercise Them

GDPR entitles you to be informed (which we are doing via this Privacy Policy and our Privacy Statement); to access your personal data and have it rectified if inaccurate or incomplete; also to object to, restrict or block processing; and to have your data deleted.

You can exercise your rights by contacting Mike Speak Associates or if necessary the European Data Protection Supervisor

We do not use auto decision making/profiling and we do not use your data for marketing purposes.

Contacting Us

If you wish to contact us about our Data Protection Privacy Policy, or if you have any concerns about your data and wish to exercise your rights, you can:

  • email us at
  • Contact us through our website or
  • Write to us at Mike Speak Associates, County House, St Mary Street, Worcester WR1 1HB.
  • We will acknowledge any such request as quickly as practicable but, before acting upon it, we must first confirm your identity and then check: 
    • If the request is reasonable; 
    • Whether acceding to your request could impact on other individuals’ personal data/rights; 
    • Also that there are no legal, regulatory or contractual requirements to retain the data in its current form (including ensuring that a request to delete data does not breach our legal or professional responsibilities). 

We will then carry out your request as quickly as practicable and confirm completion of the requested action(s) or explain why we could not do so.

Changes to This Data Protection Privacy Policy

This Policy was approved on 22 May 2018. Mike Speak Associates may change or modify this Data Protection Privacy Policy from time to time in accordance with applicable principles, laws/regulations (including the GDPR), professional requirements and good practice. 

We encourage you to check this Policy from time to time. Version numbers and dates of revisions will be shown in the footnote of this document.

DPPP v1   22.5.18