Privacy Notice


We know that you care about your personal data and how it is used, and we want you to trust that Headland Archaeology uses your personal data carefully. This Privacy Notice will help you understand what personal data we collect, why we collect it and what we do with it.

Please take a moment to familiarise yourself with our privacy practices and let us know if you have any questions by sending us an email.

We have tried to keep this Notice as simple as possible, but if you’re not familiar with terms, such as cookies, IP addresses, and browsers, then please read about these key terms first.

You have the right to object to certain uses of your personal data including the use of your personal data for direct marketing. See what are your rights and how you can exercise them here.


Who is collecting it?

Any personal data provided to or collected by Headland Archaeology is controlled by Headland Archaeology (UK) Limited, a private limited company, with company registration number SC342945.

Our registered office is at 13 Jane Street, Edinburgh, EH6 5HE. Headland Archaeology is registered as an organisation with the Chartered Institute for Archaeologists.  Headland Archaeology is the data controller of your personal data and is registered with the Information Commissioner (ICO) under registration number ZA393571.


What personal data is being collected?

Personal data means any information that can be used to identify directly or indirectly a specific individual.

You are not required to provide Headland Archaeology the personal data that we request, but if you choose not to do so, we may not be able to provide you with our products or services, or with a high quality of service or respond to any queries you may have.

We may collect personal data from a variety of sources. This includes:

  • Personal data you give us directly,
  • Personal data we collect automatically, and
  • Personal data we collect from other sources.

Headland Archaeology collects personal data relating to our clients and potential clients in order to carry out our business activities. This includes name, organisation name, email address, business address, phone numbers and any other data that we need in order to carry our contractual obligations. This relates to anyone with whom we have a business relationship, through our commercial activities. This data is not shared with any third parties and is only used for the purposes that the individual would expect. Only information relating to projects that are carried out by our joint venture partnership with MOLA (MOLA Headland Infrastructure) and may share this personal data with each other and use it in a manner consistent with this Privacy Notice.

Our website is not intended for children and we do not as a general rule collect data relating to children.

Ways in which we collect your personal data

We may collect personal data from a variety of sources. This includes:

Personal data you give us directly. We collect data about how you use our services, such as the types of content you engage with, when you request marketing to be sent to you; provide your details in order to create business opportunities (including by giving us your business card, contacting us by email, post or telephone on a speculative basis, or regarding an existing contract or project); or perform contracts.

Personal data we collect automatically. We also receive and store certain types of personal data whenever you interact with us online. For example, as you interact with our website, we may automatically collect personal data about the IP address (to find out more see our privacy key terms), device ID, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. We do not use these cookies to identify individuals as they are used for statistical purposes only.  You can restrict or block the cookies used by our website through your browser settings, but this will impact your user experience.  Please see our cookies policy for further details.

Personal data we collect from other sources. we may receive personal data about you from various third parties and public sources as set out below including analytics providers such as Google (based outside the European Economic Area) and publicly available sources such as Companies House.


What purpose do we use your data for?

We collect, process and disclose your personal data only for specific and limited purposes. We process your personal data in order to provide the services that you have requested (and if you do not agree to this processing, we will not be able to perform our contract with you), or where we have a legitimate interest and your individual interests and fundamental rights do not override our legitimate interest.

Where we process your personal data based on your consent, you have the right to withdraw your consent at any time, and you have the right to opt-out of receiving direct marketing communications from us at any time.

Who will it be shared with?

As a national business, Headland Archaeology shares your personal data internally and except as specified in this section, we do not pass on your details to any third party (including any local authority, unless we must comply, see below Legal disclosure), unless you give us permission to do so. We may share your personal data:

  • In the case of projects that are being managed by our joint venture partnership with Museum of London Archaeology (MOLA Headland Infrastructure), your personal data will be shared with the joint venture partnership to the extent necessary for internal reasons, primarily for business and operational purposes
  • With external service providers, to the extent required for the performance of the services, including our cloud storage provider.
  • Legal disclosure. We may transfer and disclose your personal data to third-parties:
    • To comply with a legal obligation;
    • When we believe in good faith that an applicable law requires it;
    • At the request of governmental authorities conducting an investigation;
    • To detect and protect against fraud, or any technical or security vulnerabilities;
    • To respond to an emergency; or otherwise
    • To protect the rights, property, safety, or security of our joint venture partnership with Museum of London Archaeology (MOLA Headland Infrastructure)

We require all third parties to respect the security of your personal data.  We do not transfer your personal data outside of the European Economic Area.

How do we protect your personal data?

Headland Archaeology takes the security of your personal data very seriously. We take every effort to protect your personal data from misuse, interference, loss, unauthorised access, modification or disclosure.

Our measures include implementing appropriate access controls, investing into protecting the IT environments we leverage, and ensuring we encrypt, pseudonymise and anonymise personal data wherever possible. Access to your personal data is only permitted among our employees and if necessary, within the joint venture partnership with Museum of London Archaeology (MOLA Headland Infrastructure), as described above.

How long do we keep your personal data for?

We will keep your personal data for as long as we need it for the purpose it is being processed for. The personal data collected by Headland Archaeology is evaluated periodically to determine whether it is current and still needs to be held, and the applicable legal requirements. We store your personal data in accordance with our retention policy.

What are your rights?

Your rights in relation to your personal data how it is processed. You can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights by sending an email or submitting a request through the “Contact Us” form on our websites.

  • The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. Therefore, we’re providing you with the information in this Notice.
  • The right to access and rectification. You have the right to access, correct or update your personal data at any time. We understand the importance of this and should you want to exercise your rights, please contact us.
  • The right to data portability. The personal data you have provided us with is portable. This means it can be moved, copied or transmitted electronically under certain circumstances.
  • The right to be forgotten. Under certain circumstances, you have right to request that we delete your data. If you wish to delete the personal data we hold about you, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements. If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
  • The right to restrict processing. Under certain circumstances, you have the right to restrict the processing of your personal data.
  • The right to object. Under certain circumstances, you have the right to object to certain types of processing, including processing for direct marketing (i.e., receiving emails from us notifying you or being contacted with varying potential opportunities).
  • The right to lodge a complaint with a Supervisory Authority. You have the right to lodge a complaint directly with any local Supervisory Authority about how we process your personal data.
  • The right to withdraw consent. If you have given your consent to anything we do with your personal data (i.e., we rely on consent as a legal basis for processing your personal data), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). You can withdraw your consent to the processing of your personal data at any time by contacting us with the details provided below.


How do you contact Headland Archaeology?

Headland’s nominated Data Protection Officer is Marilily Pierri who can be contacted at Headland Archaeology, 13 Jane Street, Edinburgh EH6 5HE, or by email. If you have any questions or concerns about Headland’s Privacy Notice or data processing or if you would like to make a complaint about a possible breach of local privacy laws, please do so by sending an e-mail or submitting a request through the “Contact Us” form on our websites.

When a privacy question or access request is received we have a dedicated team which triages the contacts and seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the relevant Supervisory Authority. If you ask us, we will endeavour to provide you with information about relevant complaint avenues which may be applicable to your circumstances.


How do we keep this notice up to date?

We will update this Privacy Notice when necessary to reflect customer/employee feedback and changes in our services. When we post changes to this statement, we will revise the “last updated” date at the end of this Notice. If the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Notice changes). We will also keep prior versions of this Privacy Notice in an archive for your review. We will not reduce your rights under this Privacy Notice without your consent.


Last updated May 2018