Your data. Our promise.

1. About this Privacy Policy

This Privacy Policy explains how BARCLAY ADVISORY SERVICES LTD, trading as evie.pro, collects, uses, stores and shares personal data when you use our website, platform, products, services, trials, demonstrations and support channels.

This Privacy Policy applies to:

• the evie.pro website;

• the app.evie.pro platform;

• Evie trials, demonstrations and onboarding activity;

• customer support and service communications;

• business development and sales communications; and

• any other services we provide under the evie.pro name.

In this Privacy Policy, Evie, we, us and our means BARCLAY ADVISORY SERVICES LTD, trading as evie.pro.

Our services are intended for business users only. They are not intended for children or for personal, household or consumer use.

2. Who we are

Legal entity: BARCLAY ADVISORY SERVICES LTD
Trading name: evie.pro
Company number: 16006462
Registered office: Belmont Suite, Paragon Business Park, Chorley New Road, Horwich, Bolton, United Kingdom, BL6 6HG
Contact email: team@evie.pro

For privacy enquiries, data protection requests or questions about this Privacy Policy, contact us at team@evie.pro.

3. What Evie does

Evie is a business-to-business project intelligence platform for project controls teams, commercial teams, construction and infrastructure contractors, client organisations and related project delivery teams.

Evie helps organisations connect, structure, analyse and interpret project delivery information. This may include programme, commercial, progress, risk, action, governance, reporting and delivery information.

Evie provides decision-support outputs. Customers remain responsible for their own professional judgement, project decisions, contractual notices, commercial positions, programme submissions and operational actions.

4. Our role under data protection law

Depending on the context, we may act as either a controller or a processor of personal data.

4.1 When we act as controller

We act as controller when we decide why and how personal data is used. This includes personal data we process for:

• website operation and analytics;

• sales enquiries;

• demonstrations and trials;

• account administration;

• billing and invoicing;

• customer relationship management;

• service improvement;

• security monitoring;

• support communications; and

• legal, tax and business record keeping.

4.2 When we act as processor

We usually act as processor when we process personal data contained in customer data, project data or workspace data on behalf of a customer organisation.

In that case, the customer organisation is usually the controller and is responsible for deciding what personal data is uploaded, connected, submitted or made available to Evie.

Customer organisations are responsible for ensuring that any data provided to Evie is lawful, appropriate, relevant and, where necessary, sanitised before upload or connection.

Where required, processing carried out by Evie on behalf of a customer organisation should be governed by a separate Data Processing Agreement.

5. Personal data we collect

We may collect and process the following categories of personal data.

5.1 Account and user data

This may include:

• name;

• business email address;

• password or authentication details;

• company name;

• role or job title;

• phone number;

• profile image;

• workspace, project or account membership;

• user permissions and access roles; and

• records of invitations sent by customer administrators.

5.2 Business contact and sales data

This may include:

• name;

• business email address;

• company name;

• job title;

• phone number;

• enquiry details;

• demonstration requests;

• trial discussions;

• meeting notes;

• commercial communications; and

• records of our interactions with prospective and existing customers.

5.3 Customer and project data

Customers may upload, connect, submit or generate project-related data within Evie. This may include business, project, commercial, programme, progress, governance, risk, action, reporting or delivery information.

Customer and project data may contain personal data if it includes information such as names, email addresses, initials, user identifiers, responsibility owners, action owners, approvers, reviewers, planners, project team members, resource names, comments or audit history.

Customers are responsible for deciding what customer and project data is provided to Evie and for sanitising that data where appropriate.

5.4 Comments, notes and collaboration data

Evie may allow users to create or interact with comments, notes, assignments, actions, observations, risks, issues, reports, recommendations, workflow items and related collaboration records.

These records may include personal data where users identify themselves or others.

5.5 Support and communications data

If you contact us, we may collect:

• your name;

• email address;

• company name;

• message content;

• support request details;

• attachments you choose to provide;

• technical information relevant to the request; and

• records of our response.

At present, support is provided primarily by email.

5.6 Technical, usage and security data

We may collect technical and usage data such as:

• IP address;

• browser type and version;

• device type;

• operating system;

• approximate location derived from technical data;

• pages viewed;

• session activity;

• login times;

• access logs;

• audit logs;

• feature usage;

• error logs;

• diagnostic data; and

• security event data.

We use this data to operate, secure, maintain and improve Evie.

5.7 Website analytics data

We may use analytics tools to understand how visitors use our website and platform. These tools may include Google Analytics, PostHog and Vercel Analytics.

Analytics data may include device information, page views, referral information, approximate location, session information and interaction events.

Where analytics cookies or similar technologies are not strictly necessary, we will use them in accordance with applicable cookie and electronic communications requirements.

6. How we collect personal data

We may collect personal data:

• directly from you when you contact us, create an account, use Evie, request a demo or ask for support;

• from customer administrators when they invite you to use Evie;

• from your employer, client organisation or project organisation;

• from customer systems, files, integrations or project environments where a customer makes data available to Evie;

• automatically through website, platform, security and analytics technologies;

• from suppliers that support our website, infrastructure, analytics, hosting or platform operations; and

• from business communications, meetings and commercial discussions.

7. How we use personal data

We use personal data for the following purposes.

Purpose

Examples

Lawful basis

Provide Evie services

Create accounts, operate workspaces, process customer data, provide platform access

Contract, legitimate interests, or processor activity on behalf of the customer

Manage customer relationships

Demos, onboarding, account management, service communications

Contract or legitimate interests

Support users

Respond to support requests, investigate issues, provide technical help

Contract or legitimate interests

Secure the platform

Access control, audit logs, abuse detection, incident investigation

Legitimate interests, legal obligation

Improve Evie

Product analytics, usage analysis, error monitoring, service improvement

Legitimate interests or consent where required

Billing and finance

Invoicing, payment records, accounting and tax records

Contract, legal obligation

Marketing and business development

Respond to enquiries, send business updates where permitted

Legitimate interests or consent where required

Legal compliance

Comply with law, respond to lawful requests, enforce rights

Legal obligation or legitimate interests

Protect our business

Prevent misuse, enforce terms, manage disputes

Legitimate interests

Where we rely on legitimate interests, we consider and balance our interests against the rights and freedoms of affected individuals.

8. Customer responsibility for uploaded or connected data

Evie is designed for business and project delivery environments. Customer data may include commercially sensitive information and may also contain personal data.

Customers are responsible for:

• deciding what data is uploaded, connected or submitted to Evie;

• ensuring they have a lawful basis for providing personal data to Evie;

• ensuring data is accurate, relevant and appropriate;

• sanitising or minimising personal data where appropriate;

• managing user access and permissions within their organisation;

• informing their own personnel, contractors and project participants where their data may be processed through Evie; and

• complying with their own data protection obligations.

Evie will process customer data in accordance with the applicable agreement with the customer.

9. AI and decision-support processing

Evie may include functionality that helps customers generate, organise, summarise, analyse or interpret project information.

Customers decide what data is made available within their Evie environment and how Evie outputs are used.

Evie outputs are provided for decision-support only. Customers remain responsible for reviewing outputs, validating information, applying professional judgement and making their own project, contractual, commercial and operational decisions.

Where outputs, summaries, recommendations, insights or derived records are generated in a customer environment, those records may be stored within that customer environment as part of the service.

10. Cookies and similar technologies

We may use cookies and similar technologies on our website and platform.

Cookies and similar technologies may be used to:

• provide essential website and platform functionality;

• maintain sessions and security;

• understand website and product usage;

• improve performance;

• detect errors; and

• analyse how users interact with Evie.

We may use analytics tools including Google Analytics, PostHog and Vercel Analytics.

Where cookies or similar technologies are not strictly necessary, we will seek consent where required by law.

We expect to provide further details in a separate Cookie Policy, including cookie names, purposes, providers and durations.

11. Who we share personal data with

We may share personal data with the following categories of recipients where necessary.

11.1 Customer organisations

If your account is provided through your employer, client organisation or project organisation, relevant information may be visible to that organisation and its authorised administrators.

This may include your account details, role, access permissions, activity within the workspace, comments, assignments, actions and other records associated with your use of Evie.

11.2 Suppliers and service providers

We use suppliers to help operate, host, secure, analyse and support Evie.

Current suppliers may include:

• Supabase;

• Vercel;

• Framer; and

• PostHog.

These suppliers may process personal data only as needed to provide their services to us.

11.3 Professional advisers

We may share personal data with accountants, lawyers, insurers, auditors and other professional advisers where required for business, legal, insurance, accounting or compliance purposes.

11.4 Authorities and legal recipients

We may share personal data with courts, regulators, law enforcement, public authorities or other parties where required by law or where necessary to protect our rights, users, customers or business.

11.5 Business transfers

If Evie or BARCLAY ADVISORY SERVICES LTD is involved in a merger, acquisition, investment, financing, restructuring or sale of business assets, personal data may be shared with relevant parties as part of that process, subject to appropriate confidentiality protections.

12. International transfers

Evie is operated from the United Kingdom. Our current hosting and core platform infrastructure is intended to be located in the United Kingdom.

However, some suppliers may process personal data in the United Kingdom, the European Economic Area or other countries where they or their sub-processors operate.

Where personal data is transferred internationally, we will take steps designed to ensure that appropriate safeguards are in place where required by applicable data protection law. This may include adequacy regulations, standard contractual clauses, the UK International Data Transfer Agreement, the UK Addendum or other lawful transfer mechanisms.

13. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required by law, contract, tax, accounting, dispute, security or compliance requirements.

Indicative retention periods are set out below.

Data category

Indicative retention period

Customer account and contract records

Up to 6 years after the end of the customer relationship, where required for business, tax, accounting or legal purposes

Platform user account data

For the life of the account, then deleted or anonymised within a reasonable period after account closure, unless required for legal or business records

Uploaded or connected customer project data

Usually deleted or returned in accordance with the customer agreement. Where no specific period applies, we aim to delete or anonymise inactive customer project data within 90 days after termination or expiry of the relevant service, subject to backups, legal holds or agreed retention

Backups

Usually retained for up to 90 days, unless a longer period is required for security, recovery or legal reasons

Support emails and support records

Up to 6 years where relevant to the customer relationship, service history, disputes or legal records

Website analytics data

Usually up to 26 months, unless configured differently or anonymised earlier

Marketing contact data

Until you unsubscribe, object, or we determine the data is no longer required for business development purposes

Security logs and audit logs

For a period reasonably required for security, audit, investigation and compliance purposes

Invoices and finance records

Up to 6 years or longer where required by law

Where data is stored in backups, deletion may occur when backups are overwritten in accordance with our backup cycle.

14. Security

We use technical and organisational measures designed to protect personal data and customer data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include:

• encrypted connections;

• access controls;

• role-based permissions;

• restricted production access;

• supplier due diligence;

• security logging;

• backup and recovery processes;

• environment separation where appropriate;

• administrative controls; and

• monitoring for errors, misuse and security events.

No system can be guaranteed to be completely secure. Customers and users are responsible for using strong passwords, protecting account credentials, managing user access and notifying us promptly of suspected unauthorised access.

15. Your data protection rights

Depending on the circumstances and applicable law, you may have rights to:

• access your personal data;

• correct inaccurate personal data;

• request deletion of personal data;

• restrict processing of personal data;

• object to processing of personal data;

• request portability of personal data;

• withdraw consent where processing is based on consent; and

• complain to a data protection authority.

If your Evie account is provided through a customer organisation, your organisation may be the controller of much of the data held in your workspace. In that case, you should usually contact your organisation administrator first.

You may also contact us at team@evie.pro. Where we act as processor, we may need to refer your request to the relevant customer organisation.

You also have the right to complain to the UK Information Commissioner's Office. The ICO website is available at https://ico.org.uk.

16. Marketing communications

We may contact business users and prospective customers about Evie, demonstrations, trials, product updates or related business services where permitted by law.

You can opt out of marketing communications at any time by contacting team@evie.pro or using any unsubscribe mechanism provided in the communication.

Evie does not currently operate a general consumer newsletter.

17. Third-party links and services

Our website or platform may contain links to third-party websites, services or customer systems. We are not responsible for the privacy practices, security or content of third-party websites or services.

Customers are responsible for their own systems, connected environments, user access arrangements and third-party tools that they choose to use with Evie.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to Evie, our suppliers, our processing activities, legal requirements or business operations.

When we make material changes, we will take reasonable steps to notify affected customers or users where appropriate.

The effective date at the top of this Privacy Policy shows when this version took effect.

19. Contact us

For privacy questions or requests, contact:

BARCLAY ADVISORY SERVICES LTD trading as evie.pro
Belmont Suite, Paragon Business Park
Chorley New Road
Horwich
Bolton
United Kingdom
BL6 6HG

Email: team@evie.pro