Last updated: May 2026
1. Who We Are
NETS PAT Testing ("we", "our", "us") is a division of North East Theatre Supplies. We are the data controller for your personal data collected through our platform.
Our company details:
North East Theatre Supplies (PAT Testing Division)
Email: [email protected]
2. Data We Collect
Account Data
When you register, we collect: company name, your name, email address, phone number, and billing address. This is necessary to provide our service under our contract with you.
Usage Data
We collect information about how you use the platform: assets added, tests recorded, certificates generated, and reports viewed. This data is essential for the service to function under our contract with you.
Technical Data
We collect IP address, browser type, and operating system for security monitoring and performance optimisation. Our legitimate interest is protecting the platform and your data.
Communications
If you contact us, we retain your message and our reply to provide support and improve our service under our legitimate interest.
3. Lawful Basis for Processing
Under UK GDPR, we process your data on the following bases:
- Contract performance — To provide the PAT testing platform, generate certificates, and manage your account
- Legitimate interest — To improve the platform, ensure security, send service updates, and respond to enquiries
- Consent — For analytics cookies and optional marketing communications
- Legal obligation — To comply with applicable laws and regulatory requirements
4. How We Use Your Data
- To provide and maintain the PAT testing platform
- To generate certificates and compliance reports
- To send service notifications (plan changes, feature updates, security alerts)
- To improve and develop the platform based on usage patterns
- To respond to support enquiries and troubleshoot issues
- To comply with legal obligations
5. Data Storage & Security
All data is stored on UK-based servers with encrypted connections (TLS 1.3). We implement:
- Encryption at rest and in transit
- Two-factor authentication for user accounts
- Role-based access control
- Regular automated encrypted backups
- Full audit logging of all data changes
- Intrusion detection and monitoring
- Staff training on data handling and privacy
In the event of a personal data breach, we will notify affected users and the ICO within 72 hours where required by law.
6. Data Retention
We retain your personal data for as long as your account is active. After account closure, data is retained for 12 months before secure deletion, unless longer retention is required by law.
Test records, certificates, and compliance statements may be retained for up to 6 years after creation to comply with legal and regulatory record-keeping requirements (including HMRC, health and safety, and insurance obligations).
Anonymised, aggregated data (from which you cannot be identified) may be retained indefinitely for analytical purposes.
7. Your Rights
Under UK data protection law, you have the following rights:
- Right of access — Request a copy of the personal data we hold about you
- Right to rectification — Correct inaccurate or incomplete data
- Right to erasure — Request deletion of your data, subject to legal retention requirements
- Right to restrict processing — Limit how we use your data in certain circumstances
- Right to data portability — Receive your data in a structured, commonly used format (CSV)
- Right to object — Object to processing based on legitimate interests or direct marketing
- Rights related to automated decision-making — We do not make automated decisions with legal or significant effects
To exercise any of these rights, email [email protected]. We will respond within 30 days.
If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk or 0303 123 1113.
8. International Data Transfers
Your data is primarily stored and processed in the UK. Where we use third-party services that involve data transfers outside the UK (including reCAPTCHA by Google), we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements or adequacy decisions.
9. Third Parties
We use the following third-party services in operating the platform:
- UK-based hosting provider — Server infrastructure and data storage
- Email delivery service — Sending service notifications and support replies
- Google reCAPTCHA — Registration security (data may be transferred to Google in the US under UK adequacy regulations)
We do not sell your personal data to any third party. All third-party processors are contractually bound to process data only on our instructions and to maintain appropriate security measures.
10. Cookies
We use the following categories of cookies:
- Essential cookies — Required for authentication, session management, and platform functionality. These are set automatically and do not require consent.
- Analytics cookies — Used only with your consent to understand how the platform is used and improve performance.
You can control non-essential cookies through our cookie banner or your browser settings. Disabling essential cookies may prevent the platform from functioning correctly.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be notified by email to account holders. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.
12. Contact
For privacy-related enquiries or to exercise your data rights:
Email: [email protected]
Write: North East Theatre Supplies, PAT Testing Division
You also have the right to contact the Information Commissioner's Office:
ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF