Updated April 2025
This Privacy Notice covers the business activities of Ipeco Holdings Limited, which is part of the Castledon Ltd group of Companies, as well as all other Companies and branches of Companies in the Castledon Ltd group of Companies and its subsidiaries. All references in this Statement to “Ipeco”, “we”, “us”, “our”, or the “Company” refer to Ipeco Holdings Limited as well as to all other Companies and branches of Companies in the Castledon Ltd group of Companies. These Companies include Ipeco lnc., OTM Servo Mechanism Ltd (https://otmservo.com/) and hs2 Engineering GmbH (https://hs2-engineering.de/). This policy also applies to the Ipeco Customer Portal.
You can find our contact details and the contact details of our Data Protection Officer in the section “Contact Details” of this Privacy Policy
Personal Data Transfer Internationally
Personal Data Storage and Retention
Your Rights Regarding Your Personal Data
Updates To Your Privacy Notice
How Long Are Cookies Stored On our System?
What Cookies Do We Use, and Why?
How Do I Control or Make Choices About Cookies and Tracking Technologies?
Our Privacy Notice
Our Privacy Notice explains how Personal Data provided by you to Ipeco and Personal Data collected by us will be handled and controlled by us in compliance with all applicable data protection laws and regulations. This Privacy Notice explains how we use and otherwise process Personal Data in connection with your relationship with us as a customer, potential customer or user of our website. We are committed to protecting and respecting your privacy.
“Personal Data” means any Information relating to an identified or identifiable natural person where that natural person can be identified, directly or indirectly, from or by such information.
Contact Details
You can contact us at:
Ipeco Holdings Limited
Address: Aviation Way, Southend on Sea, Essex SS2 6UN, United Kingdom
Telephone Number +44 1702 545118
lf you have any questions or concerns about this Privacy Notice or our privacy practices, or to assert the rights mentioned in the section “Your Rights Regarding your Personal Data” please contact us or our Chief Privacy Officer / Data Protection Officer in the following ways:
- by email to our General Counsel and Chief Privacy Officer: [email protected] or
- by post to: Group General Counsel, Ipeco Holdings Limited, Aviation Way, Southend on Sea, Essex SS2 6UN, United Kingdom.
- by phone: +44 1702 545118
- For the European Union:
- contact person: Verena Schwarz
- by post: hs2 engineering GmbH, Boschstr. 8/1 | D-89079 Ulm
- by email: [email protected]
- by phone: +49 731 940 2374 34
You have the right to make a complaint at any time to the Information Commissioner’s Office (the “ICO”), the UK supervisory authority for data protection issues or the competent data protection authorities responsible under the GDPR . We would, however, appreciate the chance to address your concerns before you approach the ICO/the competent data protection authorities under the GDPR, so please contact us in the first instance.
Personal Data Collection
Personal Data that may be collected, processed and stored by us include the following:
- information provided by you to us for you to receive a specific Service or as part of business relationship (such as identification and contact information, and Professional contact and work-related data, citizenship, nationality etc.);
- browsing data or data arising from you interacting with our website; and
- Cookies: we use Cookies and similar web tracking technologies to provide our website and services, to understand how customers use our services in order to make improvements, and to display advertising. We will obtain your explicit and active consent prior to the use of Cookies where required under applicable law. For more information about Cookies and how we use them when you interact with our website, please read our Cookie Policy. You can manage your Cookie settings from the Privacy Settings button located in the footer of the website.
Ordinarily, you will have provided such Personal Data to us but, in some cases, we may collect Personal Data about you from a third party, such as our third-party Service providers, or from public records. We protect Personal Data obtained from such third parties according to the practices described in this Privacy Notice.
Personal Data Use
This Section explains how we use the Personal Data we collect about you.
Personal Data collected by us may be processed by us for the following purposes
- fulfilling your information requests by providing information about our products, services, offers
and our commercial network; - pursuing our interest to establish, maintain and improve our relationship with you;
- enabling us to display the content of the website correctly, optimizing the content of our website and the advertising for the website and for ensuring network and information security and protecting the website from attacks, disruptions and damage and, if necessary, contributing to the investigation of criminal offences, insofar as we are legally obliged to do so;
- subject to obtaining your specific consent, sending commercial communications and newsletters as
well as advertising on our similar products and Services or to perform market research. All these
activities may be done in hardcopy, by automated or electronic means including via mail or e-mail,
phone and any other means (e.g., web sites) (“Marketing”); - subject to obtaining your specific consent communicating the Personal Data to our subsidiaries and affiliates as well as our MRO and distributor network. Our Partners will process Personal Data with the purpose of sending commercial Communications to you as well as advertising and improving their products and services or to perform market research (“Marketing Third Party”); and
- to ensure compliance with legal obligations to which we are subject, such as international export legislation.
Personal Data is collected and processed based on the contract entered between you and us or on pre-contractual measures and our explicit and legitimate interest to carry out our services to you under points (i), (ii) and (iii) above and subject to our legitimate interest or your express consent or the marketing purposes detailed under (iv.) and (v.). Please be aware that, if you have given your consent, you may withdraw it at any time by contacting us (see the section headed “Contact Details”). Data may be processed electronically within IT Systems, and manually, in paper form.
Personal Data Sharing
Personal Data may be shared with and communicated to companies within the Ipeco group, our trusted external Partners, Service providers, distributors and business Partners, based in and outside the United Kingdom (“UK”) and the European Economic Area (“EEA”), who are contractually restricted from using your information in any manner other than in helping us provide our services to you, and are under specific contractual obligations to protect the Personal Data and to treat it in accordance with applicable data protections laws and regulations. Third parties may use your Personal Data solely for the fulfilment of the purposes listed above and only in accordance with our instructions.
Personal Data may also be communicated to third parties to comply with legal obligations, to operate and maintain our security, protect our rights or property, to respond to the order of public, state or other governmental authorities, or to exercise our rights before judicial authorities.
Personal Data Transfer Internationally
To perform some of the Personal Data Processing activities detailed above, we may need to transfer Personal Data to countries outside of the UK and EEA, including storing that Personal Data in digital or physical databases located outside the UK and EEA. Database management and Personal Data Processing are limited to the purposes of the Processing and are carried out in accordance with applicable data protection laws and regulations.
Where Personal Data is transferred outside of the UK or the EEA, we will ensure that a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is in place:
- the transfer of Personal Data out of the European Union is to a country deemed to provide an adequate level of protection by the European Commission or, should the respective Personal Data be transferred out of the UK, the ICO; or if such adequacy decision does not exist:
- the use of specific contractual measures to guarantee the adequate protection of the Personal Data, including the European Commission’s approved Standard Data Protection Clauses in accordance with Articles 46 (1), (2) lit. c) GDPR, which are available on the European Commission website (https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en) which have also been adopted by the ICO and are applicable to the transfer of personal data outside the UK and EEA . To receive a copy of the Standard Contractual Clauses, please contact us via the contact details provided in the section Contact Details.
Personal Data Storage and Retention
We maintain Personal Data in our Systems and archives for as long as necessary to pursue the purposes described in this Privacy Notice considering, when applicable, legal and contractual requirements, ensuring security and confidentiality of the same in compliance with the principles of fairness, lawfulness and transparency and in accordance with the provisions of applicable laws and regulations.
When Personal Data is no longer necessary for the purposes for which it is processed, that Personal Data is deleted or kept in a form which does not permit the identification of data subjects, provided that we are not legally required or permitted to hold such Personal Data. We may continue to store Personal Data for a longer period, as may be necessary to protect our interests related to potential liability connected to the provision of the services or products or the processing of Personal Data.
Personal Data processed for Marketing purposes will be retained until you withdraw your consent and, in any event, in accordance with the above-mentioned principles and the guidelines provided by the relevant Privacy Authorities in this respect.
Your Rights Regarding Your Personal Data
You may exercise your rights as defined by applicable laws and regulations. These rights include the:
- right of access: the right to obtain from us a confirmation as to whether, and for what purposes, your Personal Data is being processed, and the right to gain access to your Personal Data;
- right to rectification: the right to have your Personal Data corrected if it is inaccurate or incomplete;
- right to erasure or the right to be forgotten: the right to have your Personal Data erased without undue delay, where the request is made in accordance with the applicable laws and regulations; please note that this right to erasure does not apply if the further processing of that Personal Data is necessary, for example to fulfil a legal obligation such as statutory retention obligations or to assert legal claims;
- right to object to data Processing: the right to object at any time to the Processing of your Personal Data based on our legitimate interests or your specific consent;
- right to limit the data Processing: the right to request a limitation on our Processing activities;
- right to data portability: the right to receive the Personal Data you provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit your Personal Data to another data Controller without hindrance from us, especially where the Processing is based on consent or on a contract and the Processing is carried out by automated means;
- right to object to decision based on profiling or automated decision-making which produces legal effects concerning you or similarly affecting you; and
- right to make a complaint: without prejudice to any other administrative or judicial dispute, if you believe the Processing has been carried out illicitly or not in compliance with applicable laws and regulations, you have the right to raise a complaint with the supervisory authority of the UK or the EEA Member State in which you reside or work habitually, or of the EEA Member State where any breach has occurred. As outlined above, the relevant supervisory authority in the UK is the ICO. Within the scope of the GDPR you can contact the data protection supervisory authority which has the applicable authority in your jurisdiction.
Should you send us a request in relation to your Personal Data, we may need to obtain additional personal Information from you to verify your identity and contact you, if necessary. This is a security measure to ensure that Personal Data is not disclosed to any person who does not have a right to receive it. This information, together with other Personal Data we already hold, will then be processed to meet your request, as required by applicable law.
We aim to respond to all legitimate requests within one month. Occasionally it could take us longer than one month if your request is particularly complex or you have made several requests. In these circumstances, we will notify you within one month after your request about the delay and the reasons for the delay and keep you updated.
Where necessary, certain information may be transferred to other companies (within or outside the Ipeco Group) which act as data processors of your Personal Data, to fulfil your request. Your Personal Data will be processed for the necessary amount of time to evaluate and handle your request. In all other respects, what is set out in the section headed “Personal Data Storage and Retention” applies.
To make any requests to implement your rights or to update us with your information sharing preferences, you may contact us using one of the methods listed in the section headed “Contact Details”.
Security
We shall implement appropriate technical and organisational measures to ensure a level of security appropriate to potential risks, including:
- the pseudonymisation and encryption of your personal information where appropriate;
- ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- ensuring we can restore access to personal information in a timely manner if a physical or technical incident occurs; and
- regular testing, assessment and evaluation of the effectiveness of our technical and organisational measures to ensure your personal information is secure.
We maintain physical, electronic and procedural safeguards to protect the confidentiality and security of Personal Data transmitted to us. Please however note that email is not encrypted and is not considered to be a secure means of transmitting information.
Business Transactions
As we continue to develop our business, we may undergo a business transition such as acquiring another Company, merging with an existing Company, or selling a portion of our assets or business. In such transitions, customer information is typically one of the business assets that is transferred or acquired by a third party. In the unlikely event that we, or substantially all of our assets, are acquired or enter a court proceeding, you acknowledge that such transfers may occur and that your Personal Data can continue to be used as set forth in this Privacy Notice.
Updates To Your Privacy Notice
This Privacy Notice is up to date as of 29 April 2025. We may amend or update this Privacy Notice from time to time to reflect changing legal requirements or our Processing activities. We will publish any update on our website, and this will be effective upon posting.
We encourage you to periodically review this Privacy Notice to learn how we protect your Personal Data. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
Our Cookie Notice
What Are Cookies and Pixel Tags?
“Cookies” are small strings of text or Computer code stored locally on your device that allow us, ad networks, and our third-party Service providers, to identify your browser and/or device as you browse the Internet. Cookies can be placed, read, and/or written to by our Servers, or other websites or services that recognise a particular Cookie, which allows the website to “remember” or “recognise” a particular browser or device and, in some cases, store Information about that browser or device.
Certain types of Cookies or Cookie-like functionality may be placed or activated through browser add-ons, including, but not limited to Google. While these Cookies are stored differently, their functionality and purpose are generally like other Cookies.
Cookies are often used in conjunction with “pixel tags” (also known as “web beacons” or “clear gifs”). Pixel tags are small images that we, our analytics providers, advertisers, and other third parties can use to interact with Cookies and other tracking technologies. For example, we use pixel tags to evaluate the effectiveness of our advertising and marketing campaigns by determining whether you open and interact with the content in our promotional emails.
For more information about Cookies, please see: www.allaboutCookies.org
How Long Are Cookies Stored On our System?
Session Cookies: these are stored for the duration of a browser session; when you close the browser, the Cookie is deleted.
Persistent Cookies: these are stored for a pre-set amount of time (often between 90 days and two years, depending on the application) and are typically not deleted when a browser session is closed.
Your choices may affect whether we use session and/or persistent Cookies for a particular application.
What Cookies Do We Use, and Why?
We use Cookies to allow you to browse the services and access certain pages.
We will obtain your explicit and active consent prior to the use of Cookies where required under applicable law. This applies in particular to the use of essential, functional, and marketing Cookies. In addition, we will only share your personal data processed through Cookies with third parties if you have given us your express consent to do.
Essential Cookies are required to activate the core functionality of our service, and we do not use these Cookies to collect personal information about you.
Disabling or removing these Cookies may prevent the services, or certain functionality of the services, from working correctly or at all.
| Cookies | Description | Cookies Used | Retention period |
| Usercentrics Consent Management Platform | This is a consent management service. Usercentrics GmbH is used on websites and apps as a processor for the purpose of consent management. | Usercentrics GmbH https://usercentrics.com/privacy-policy/ | The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately. |
| gstatic.com | This is a domain used by Google to off-load static content to a different domain name in an effort to reduce bandwidth usage and increase network performance for the end user. | Alphabet Inc., Google LLC, Google Ireland Limited http://www.google.com/intl/de/policies/privacy/ | Requests for CSS assets are cached for 1 day, font files are cached for one year. Some information retained until removed by the user, some expires after a specific period of time, some is retained until the user’s Google Account is deleted. |
Functional Cookies. These are Session Cookies and we use them to collect information about how our users use and interact with the services, such as what pages are visited most often, how the services are used and function, and how users navigate the services. We use this information to improve the services and their content. These Cookies only collect aggregate information about the use of the services, and do not collect information that can be used to identify you personally.
| Cookies | Description | Cookies Used | Retention period |
| Cloudflare | This is a service providing increased security and performance for websites. Cloudflare offers for example a content delivery network („CDN“) to improve the loading times of the website. The use of a CDN enables the user to make content available for retrieval more quickly with the help of regionally or internationally distributed servers. | Cloudflare Group https://www.cloudflare.com/privacypolicy/ | Data will be deleted as soon as they are no longer needed for the processing purposes. |
| Google Fonts | This is a collection of fonts for commercial and personal use. | Alphabet Inc., Google LLC, Google Ireland Limited https://business.safety.google/privacy/ | The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes. |
| Google Maps | This is an integrated map service. | Alphabet Inc., Google LLC, Google Ireland Limited https://business.safety.google/privacy/ | The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes. |
| Google Tag Manager | This is a tag management system. Via Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes of other tools are integrated via the Google Tag Manager. The Tag Manager allows to control when a particular tag is triggered. | Alphabet Inc., Google LLC, Google Ireland Limited https://business.safety.google/privacy/ | The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes. |
| Gravatar | This is a service that provides avatars to internet users leaving comments on webpages. | Automattic Inc. https://automattic.com/privacy/ | The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes. |
| YouTube Video | This is a video player service. It can be used by user to watch, like, share, comment and upload videos. | Alphabet Inc. Google LLC Google Ireland Limited https://business.safety.google/privacy/ | Maximum age of cookie storage: 8 months |
| reCAPTCHA | This is a service that checks whether data is entered by a human or by an automated program. | Alphabet Inc. Google LLC Google Ireland Limited https://business.safety.google/privacy/ | Maximum age of cookie storage: 5 months, 27 days |
Marketing Cookies. These are Session Cookies. We allow third party advertisers, including advertising providers and ad networks, to place and/or activate Cookies, pixel tags, and/or other tracking technologies designed to enable advertising on your device and deliver it to you across the Internet.
The services may collect information and data about your activities online, both on the services and across third- party pages or platforms that participate in the ad network. This process helps us track the effectiveness of our marketing efforts and deliver advertising to you. These ad networks, in connection with Cookies, pixel tags, and other tracking technologies: (i) help deliver online behavioural advertisements, either by us, our affiliates, or third parties; (ii) may prevent you from seeing the same advertisements too many times; and (iii) help us, our Service providers, and/or our other Partners (as further described below) understand the effectiveness of the advertisements that have been delivered to you.
| Cookies | Description | Cookies Used | Retention period |
| DoubleClick Ad | This is an advertising service. With this service it is possible to provide relevant ads to users and get campaign reports. | Alphabet Inc. Google LLC Google Ireland Limited https://business.safety.google/privacy/ | The data will be deleted as soon as they are no longer needed for the processing purposes. |
| Google Ads | This is an advertising service. This service can be used to show personalised or non-personalised advertisement to users. | Alphabet Inc. Google LLC Google Ireland Limited https://business.safety.google/privacy/ | The data will be deleted as soon as they are no longer needed for the processing purposes. Log data is anonymized after 9 months and cookie information is anonymized after 18 months. |
| Google Analytics | This is a web analytics service. With this, the user can measure the advertising return on investment “ROI” as well as track user behavior with flash, video, websites and applications. | Alphabet Inc. Google LLC Google Ireland Limited https://business.safety.google/privacy/ | The Retention Period depends on the type of the saved data. Each user can choose how long Google Analytics retains data before automatically deleting it. |
Third-Party Functionality. We do not have access to or control over Cookies or other features that advertisers and third-party sites may use, and the information practices of those advertisers and third-party websites are not covered by our Privacy Notice or this Cookie Notice.
For more information about how third parties collect and use information about your activities, please review their applicable Terms of Use and Privacy Policies.
How Do I Control or Make Choices About Cookies and Tracking Technologies?
Managing Cookies.
You can manage your Cookie settings from the Privacy Settings button located in the footer of the website.
Most browsers automatically accept Cookies by default, but you can adjust your device and/or browser settings to delete and/or block some or all Cookies or provide notifications when you receive a new Cookie. Consult the “Help,” “Tools,” or “Preferences” menus on your browser, or the documentation for your device, for more information about how to do this. Please note, however, that blocking or deleting certain Cookies may negatively affect your user experience.
Additionally, you can generally disable or delete Cookies placed and used by browser add-ons by changing the add- on settings or visiting the website of its provider.
Note that if you disable certain Cookies or similar technologies you may not have access to certain features and services (such as consistent volume settings for Videos) that make your online experience more efficient and/or enjoyable.
If you wish to opt out of Google Analytics, you can download and install an opt-out browser add-on for certain browsers at the following link: https://tools.google.com/dlpage/gaoptout
Advertising. Certain devices and browsers allow you to reset your advertising identifier at any time by accessing the privacy settings on your device to restrict the delivery of tailored in-application advertisements. Consult your device’s documentation for more information about how to do this.
