Privacy Policy

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and lead authorities in the event you have a complaint.

This privacy notice was last updated on November 23rd, 2023.

Invar Group Limited, complies with the Data Protection Act (2018), the UK’s implementation of the General Data Protection Regulation (GDPR) and is regulated by the UK Information Commissioners Office (ICO).

Scope & Responsibilities.

Our scope is any data subject, whose personal data is collected, in line with the requirements of the Data Protection Act (2018), UK GDPR (2021), and other relevant UK data protection legislation.

The Data Protection Act (2018) and UK GDPR (2021) have a material scope covering personal data that is processed electronically and personal data that is part of a filing system or intended to be part of a filing system (i.e., any personal data that may be uploaded to a computer/electronic device or stored in a structured paper filing system).

Invar Group Limited adheres to the territorial scope of the Data Protection Act (2018) and the UK GDPR (2021). The legislation and regulations apply to all controllers and processors based in the UK.

Invar Group Limited will adhere to the Data Protection Act (2018 and UK GDPR (2021) data processing principles when handling personal data. Further details are provided by the ICO with regards to these data processing principles.

Invar Group Limited has further responsibilities with regards to controlling and processing personal data, which fall under the responsibility of the data protection lead or nominated data protection officer (DPO).

All associates and employees of Invar Group Limited who interact with data subjects are responsible for ensuring that this privacy notice is drawn to the data subject’s attention and must adhere to the requirements in full.

About Us

Invar Group Limited brings together three leading specialist organisations in the warehouse software, automation, and controls sector. Invar Group Limited has European offices in Holland and Poland, with the company Head Office located in Bedfordshire in the UK. Invar Group Limited works with an affiliated company (Invar US) which is not part of the group, but who we work with for ISA based customers or projects.

Invar Group Limited is a private limited company, based in England under company registration number 08802740, complying with the laws of England and Wales.

Invar Group Limited collects, controls and processes certain personal information about you, when we do so we are legislated by the Data Protection Act (2018). The Data Protection Act (2018) is the UK’s implementation of the General Data Protection Regulation (GDPR). Invar Group Limited also adheres to other relevant UK data privacy legislation.

We are responsible as the data controller & data processor for all personal information collected, controlled, and processed under those laws and regulations. Invar Group Limited can be contacted via email.

The data protection lead is Steve Butler.

Whether information must be provided by you, and if so, why?

The provision of certain personal data including (but not limited to) contact name, email address & telephone number is required from you. This enables Invar Group Limited to identify you and provide our services to you.

It may also be a legal requirement to obtain proof of identity from time to time. If this is required, we will explain why, what identification is required, how long the personal data will be kept on file and the necessity for the processing.

We will inform you at the point of collecting personal information from you, whether you are required to provide this and any other additional information to us.

Lawful bases for processing of personal data:

The lawful bases for processing are set out in Article 6 of the UK GDPR (2021). At least one of these must apply whenever Invar Group Limited processes your personal data:
Contract – the processing is necessary for Invar Group Limited to fulfil the obligations of an agreement or contract for the provision of our services to you. Both parties would be provided with a copy of the contract, a data processing agreement, and a copy of this privacy notice.

  • Legitimate Interests – the processing is necessary, as Invar Group Limited has ascertained the legitimate interest of the individual/organisation and explained why the processing of personal data is required to action the legitimate interest. Invar Group Limited reviews this lawful basis to hold personal data annually via a Legitimate Interests Assessment (LIA).

You can find more about the UK GDPR lawful bases here or by visiting

What information we collect about you.

The personal data you have provided, or we have collected from you, includes but is not limited or restricted to:

  • Personal Contact Data (e.g., contact names, email addresses, telephone numbers)
  • Addresses (e.g., delivery, invoice, site)


How we use your personal information?

Invar Group Limited uses your personal information:

  • To pre-qualify which of our services are suitable for your requirements: (e.g., responding to website contact forms, exhibition contact forms, email requests for our services, telephone calls, word-of-mouth referrals).
  • To communicate with you, via official Invar Group Limited communication channels (e.g., to fulfil the objectives as outlined in the proposal, contract & service level agreement).
  • To facilitate client and prospect meetings (e.g., to set-up and confirm meetings, either electronically via video call, such as Microsoft Teams or Zoom or in person).
  • To provide client after care and client support (e.g., contract renewal, obtaining feedback).
  • To keep you informed of any Invar Group Limited company updates (e.g., changes to this privacy notice, other important company updates).
  • To provide company newsletters including relevant industry news.
  • To produce invoices for services provided to you.
  • To provide compliance with all the legal requirements of England and Wales.


Continued overleaf.

Who we share your personal information with?

Where relevant, given the nature of our services provided to you by Invar Group Limited, we may also share your personal data with the following categories of third parties:

  • Third party partners who we work alongside and process personal data on behalf of Invar Group Limited, with regards to agreements and contracts, or for the provision of supplementary support services. Disclosure of the nominated trusted 3rd party partner would be provided at the contract stage and a relevant Data Processing Agreement (DPA) would be put in place to protect all personal data, from a data controller, data processor and data subject perspective.
  • Third party service providers who support the operation of our business, such as IT and legal partners for example.
  • Fraud prevention agencies, money laundering agencies and associations.
  • Regulators and law enforcement agencies, including the police, HM Revenue and Customs or any other relevant authority who may have jurisdiction.

We would always inform you ahead of acting on any instructions to proceed with any of our services.

This data sharing enables Invar Group Limited to supply our services to you in a professional and timely manner, whilst undertaking quality control & regulatory compliance procedures.

Furthermore, it ensures compliance with all necessary UK GDPR (2021), Data Protection Act (2018) and other UK data protection legislation lawful requirements. Invar Group Limited will share personal information with law enforcement or other authorities if required by law.

International Data Transfers.

Invar Group Limited may make restricted personal data transfers to/from the UK to our offices in Georgia, Kentucky & Michigan in the USA. The lawful base (under Article 6 of UK GDPR) for this transfer would be the facilitation of a contract. We may also make restricted transfers to trusted partners in Asia and Europe under contract. Any international personal data transfer would be restricted to what is ‘necessary’ to fulfil the purpose of the transfer.

All personal data transfers within the European Union/EEA, would be subject to the ‘Adequacy Decision’ agreed between the UK and European Parliament on June 27th, 2021. If the international data transfer is outside the EU/EEA/UK then appropriate safeguards would be put in place, such as Risk Assessments and Data Protection Impact Assessments (DPIAs). Further information on International Data Transfers is provided by ICO.

How long your personal information will be kept?

  • We will retain your personal information for several purposes, as is necessary to allow us to carry out our business in accordance with our contract or legitimate interests and is necessary for compliance with our legal obligations.
  • Any retention of personal data will be carried out in compliance with legal and regulatory obligations. These data retention periods are subject to change, due to any revisions of associated legislation or regulations.
  • Your information will be kept for up to 7 years after the completion of the contract on our main systems, after which time it will be archived, deleted, or anonymised depending on the content of the material and whether there is any continuing legal need for it to be retained.
  • We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
  • To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • Details of retention periods for different aspects of your personal data are available in our Data Retention Policy which you can request from us by contacting us.
  • Any personal data held in hard document copy is securely stored pre-destruction, securely destroyed, with a Certificate of Destruction issued in line with our UK GDPR (2021) Data Retention

Keeping your personal information secure.

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner.

We also have procedures in place to handle any suspected data security breach. We will notify you and any applicable lead authority and/or regulator (e.g., ICO) of a suspected data security breach where we are legally required to do so.

If you want detailed information from, Get Safe Online, on how to protect your information and your computers and devices against fraud, identity theft, viruses, and many other online problems, please visit

Get Safe Online is a UK public / private sector partnership supported by leading organisations in banking, retail, internet security and other sectors. Get Safe Online is Cyber Essentials certified.


We use cookies to collect, store and share information about your activities when you use our website.

Cookies do different things, letting you navigate between pages quickly and generally improving your experience of our website. If our website did not use cookies, it will think you are a new visitor every time you move to a new page on the website.

Invar Group Limited only uses ‘non-personal data’ cookies on our website, to track the performance of the website via Google Analytics. This tracking helps us to understand how to improve the website content for the benefit of all users. If you want to block cookies, then you can do this through your browser via the help function.

The ICO also offers further guidance on cookies and similar technologies.

Your rights.

Under the UK GDPR you have several important rights as a data subject. At any point while we are in possession of or processing your personal data, you, the data subject (living person), have the following rights:

  • Right to be informed – you have the right to know why we are collecting and processing personal data and this right is met by the provision of this privacy notice and any subsequent updates.
  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

For further information on each of these rights, including the circumstances in which they apply, see the guidance from the Information Commissioner’s Office (ICO) on individuals rights under the UK General Data Protection Regulation.

How to contact us?

Please contact us if you have any questions about your data subject rights, this privacy notice or the personal information, we hold about you.

In the first instance we would ask you to:

  • Email our data protection lead Steve Butler.
  • Let us have enough information to identify you,
  • Let us know the information to which your request relates?

How to complain?

We hope that we can resolve any query or concern you raise about our use of your personal data.

Should we not be able to do so, you have the right, to lodge a complaint with the lead authority.

The lead authority in the UK is the Information Commissioners Office (ICO) who may be contacted here or by telephone on 0303 123 1113.

Changes to this privacy notice.

This privacy notice was last reviewed and published on November 23rd, 2023. We may change this privacy notice from time to time, when we do, we will inform you via our company communication channels and company website.

Invar Group Limited is a private limited company, based in England under company registration number 08802740, complying with the laws of England and Wales.


What clients say
about us

Invar have provided unrivalled support to the site team; from design through to implementation, the creative and flexible approach has brought the vision to life, resulting in a robust and flexible solution for our customer


Since dealing with the Invar project team for the Stanton / Under Armour implementation I have been impressed with the level of service, knowledge and can-do attitude. These qualities have continued within the residency solution whereby the site is supported in a number of key measures such as a detailed PPM schedule, training staff on equipment, stores / spares management and building support. The weekly review meetings with the team ensure everything is effectively managed within agreed time frames.

Marc Baker
Facilities Manager at Ceva.

In the last 18 months I have seen Invar grow from strength to strength, I was part of the initial process where we recruited Greenstone to support with the servicing and repairs of our Conveyer and box machines, they have grown in that time from suppling engineers to helping us optimise the equipment, expand the area and incorporate changes to layout and process. With the team now fully established at the SDC, I feel we are is such a better situation, with limited downtime, planned preventative maintenance and increased productivity. The Invar team have done a great job, and I am extremely happy with the service that they have provided

Paul Morris
Facilities Manager at Pets at Home