top of page
Three Weave Social Share OG Image.png

Privacy Policy

November 2025

1. INTRODUCTION

Welcome to Three Weave's privacy policy.

Three Weave ("we", "us", or "our") is committed to protecting your privacy and personal data in compliance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

This privacy policy explains how we collect, use and safeguard your personal data. It outlines your privacy rights and our obligations when processing data, including data captured during our aerial inspection services.

This policy applies to the Personal Data we process about:

  • Clients and their representatives (for example. property owners, facilities managers, heritage custodians, site managers and hospitality operators). 

  • Individuals connected to our inspection sites including residents, tenants, neighbours, employees, contractors, guests and visitors who may be captured in or affected by our aerial inspections of homes, heritage properties and hospitality venues.

  • Business contacts and suppliers and website users.

It applies to all Personal Data handled by Three Weave and all our employees and staff.

1.2 Your Data Controller and How to Contact Us

Your data controller is:

Screen Weave Ltd, (trading as Three Weave)

9 Linnet Avenue,

Barton, Preston,

Lancashire PR3 5AW

Email: privacy@threeweave.co.uk

We are responsible for deciding how your personal data is used and for keeping it safe. We are not required to appoint a Data Protection Officer but have designated a privacy lead who oversees our compliance.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time (www.ico.org.uk). However, we would welcome the opportunity to address your concerns before you contact the ICO. 

1.3 Our Responsibilities as a Controller

As the data controller, Three Weave is responsible for ensuring your personal data is processed lawfully, fairly, transparently and securely. This applies to all activities, including:

  • Data collected through our website and business communications.

  • Data captured during our aerial inspection services including images, video and sensor data relating to homes, heritage properties and hospitality venues.

We work with third-party service providers (“processors”) such as drone pilots, cloud and IT providers. They act only on our documented instructions and are bound by contract to protect your data, assist us with security and rights, and delete or return data at the end of the service.

We and our Processors are committed to: 

  1. Lawful Processing: We will always have a valid legal basis for processing personal data, as required by GDPR. 

  2. Confidentiality & Security: Staff and processors are subject to confidentiality obligation, and we implement technical and organisational security measures proportionate to the risks, recognising the sensitivity of aerial imagery.

  3. Control & Cooperation: We will not authorise other processors without appropriate contracts and safeguards. We will assist you in exercising your data subject rights and cooperate with the ICO.

  4. Transparency & Accountability: We maintain records of our processing, conduct risk assessments where required, and can demonstrate compliance with our UK GDPR obligations.

  5. Incident Management: We will notify the ICO and, where appropriate, affected individuals of any personal data breach in accordance with legal requirements.

 

2. LEGAL BASIS FOR DATA COLLECTION

 

2.1 The Data We Collect

"Personal Data" means any information about an individual from which that person can be identified. It does not include data where the identity has been irreversibly removed (anonymous data). 

We may collect, use, store and transfer different kinds of personal data, which we group as follows. Not all categories will apply in every case.

Data Collected Through Our Aerial Inspection Services:

Image and Location Data:

  • Still images and video footage captured by drones.

  • Thermal, multispectral or similar sensor data used to assess building, grounds, safety and energy performance.

  • Associated location and timing information, such as GPS coordinates of the site and flight paths.

Because of the aerial nature of our services, this imagery focuses on the inspection target (for example, a roof, façade, or external structure) but may also capture surrounding areas within the field of view, including neighbouring buildings, gardens, private outdoor areas and nearby public spaces.

Where these images contain identifiable individuals (such as visible registration plates), or clearly recognised features of properties, this constitutes personal data.

In limited situations, imagery may also incidentally reveal:

  • Special category data, such as:

    • Evidence of health-related circumstances (for example, visible accessibility ramps, or wheelchairs).

    • Political or religious views (for example, posters, flags, or symbols displayed where visible to the public).

    • Aspects of a person’s sex life or sexual orientation (for example, intimate activity in a private garden).

  • Criminal offence data, such as indications that might suggest criminal activity (for example, unusual thermal anomalies consistent with certain types of unlawful cultivation).

We do not intentionally seek to collect or analyse such special category or criminal offence data. Where it is incidentally captured, we seek to minimise its capture through operational planning and to remove or obscure it as early as practicable in our processing.

​Data Collected Through Our Website and Business Interaction:

Contact Data - Email address, postal address, telephone number, and company details.

Identity Data: This includes your first name, last name 

Usage Data: This includes information about how you use our website, products and services including cookies data and analytics where consented.

Job Candidacy Data:  CV, employment history, qualifications and other information you provide when applying for a role.

​We do not as a matter of routine collect detailed special category data or criminal convictions data about you through our website or general business interactions. Where such data might be relevant (for example, in an HR or legal context), we will only process it in accordance with the conditions in the UK GDPR and Data Protection Act 2018 and will explain this separately where required.

2.2 Our Legal Basis for Processing

We only process your personal data where we have a valid legal basis under UK GDPR. The main bases we rely on are: 

​Legitimate Interest (Article 6(1)(f) UK GDPR)

This is the primary basis for processing the imagery and data captured during our aerial inspections. Our legitimate interests include:

  • Delivering professional inspection services for homes, heritage properties and hospitality venues.

  • Helping clients understand property and grounds condition, safety issues and maintenance needs.

  • Supporting energy efficiency, structural integrity, preservation of heritage assets and protection of guests, residents and staff.

We have carried out a Legitimate Interests Assessment (LIA) to ensure that:

Our interests and those of our clients are genuine and clearly defined.

Processing is necessary to achieve these aims, and less intrusive alternatives (for example purely ground-based methods) are not always  practical, safe of effective for the type of inspection requested.

The impact on individuals’ rights and freedoms is minimised and not overriding, due to the safeguards such as careful flight planning, higher altitudes where appropriate, restricted fields of view, and prompt depersonalisation of imagery (blurring / pixelation of faces, vehicle plates and other identifiers.

The capture of some surrounding areas is incidental to safe and effective drone operation and to achieving the inspection objectives, but we actively design and manage our operations to minimise unnecessary intrusion.

You have the right to object at any time to processing we carry out on the basis of legitimate interest; see section 4.1 below. A summary of our Legitimate Interests Assessment (LIA) is available on request.

Contract (Article 6(1)(b) UK GDPR)

We process contact and identity data where necessary to enter into and perform contracts with you (for example, to provide quotes, schedule inspections, deliver reports and manage our relationship).

Consent (Article 6(1)(a) UK GDPR)

We rely on consent for certain activities such as:

  • Sending non-essential marketing communications (for example, newsletters) to new contacts who are not existing clients.

  • Using non-essential cookies and similar technologies on our website (for example, analytics or profiling cookies).

  • Sharing your contact details and brief information about the type of issue identified with selected contractors or service providers, where you have explicitly consented to a referral (for example, by signing a referral consent in our service agreement).

You can withdraw your consent at any time by using the unsubscribe link in our emails or contacting us using the details above. Withdrawal does not affect the lawfulness or processing before consent was withdrawn.

Legal Obligations (Article 6(1)(c) UK GDPR)

In some situations, we must process personal data to comply with legal obligations (for example, dealing with fraud, responding to lawful requests from authorities, maintaining accounting records).

Special Category and criminal offence data

Where our imagery incidentally captures special category or criminal offence data, we do not use it to make decisions about individuals and implement measures to reduce capture and promptly obscure / remove it. In rare cases where use of such data may become necessary (for example, where something is manifestly made public by the data subject, such as a political poster clearly visible from the street), we will only rely on a relevant Article 9 condition and, where applicable, a Data Protection Act 2018 Schedule1 condition, and will record this in out internal assessments.

3. HOW WE USE YOUR PERSONAL DATA

3.1 Our Data Uses

We will only use your Personal Data when the law allows us to. The following outlines the purposes for which we use your data, the types of data involved, and the lawful basis we rely on for that processing.

Activity

Type of Data

Lawful Basis for Processing

Conducting an aerial inspection of a specific home, heritage site, or hospitality venue (including capture of photo, video, thermal and multispectral data)

Image and location data; limited incidental personal data (for example, neighbours, passers-by)

Legitimate Interest.  Processing is fundamental to delivering our professional inspection services. Capture of some surrounding areas is incidental, but we implement measures to minimise privacy impact: careful flight planning, use of appropriate angles / altitudes, exclusion of clearly sensitive locations where feasible, and early depersonalisation (blurring of faces, vehicle plates and other identifiers) before wider internal use or client sharing. Data is used solely for creating and delivering inspection outputs and related quality and safety purposes. Thermal / Multispectral data is used solely for structural assessment and not analysed to identify individuals.

Managing our client relationship (for example providing a quote, scheduling a visit, delivering a report, providing customer support)

Contact and identity data; inspection reference data

Contract.  Necessary to enter into and perform our contract with you and to take steps at your request before entering a contract.

Managing business contacts and suppliers

Contact and identity data

Legitimate interests. To maintain and develop our business network and manage supplier relationships.

Direct marketing to existing clients about similar services

Contact Data

Legitimate interests. We may rely on the “soft-opt-in” to send marketing about similar services to existing clients, subject to your right to object or opt out at any time.

Sending non-essential marketing (for example, newsletters) to non-clients

Contact Data

Consent. Only where you have clearly opted in. You can withdraw consent at any time.

Processing a Job Application

Contact Data, Job Candidacy Data

Legitimate Interest. To assess your suitability for a role and manage recruitment. Where we need to retain candidate data longer or process any sensitive information, we will do so in line with applicable law.

Website analytics and funcionality

Usage data; online identifiers

Consent. For non-essential cookies (for example, analytics); legitimate interests for essential cookies strictly necessary for security and site operation.

Introducing you to contractors or service providers who may assist with inspection, repair, or remedial works following an aerial inspection where you have requested or agreed to such an introduction

Contact and identity data; Property address; high level description of the type of issue or area of concern.

Consent. We only share your details with such third parties where you have clearly agreed (for example, via a signed referral consent). You can withdraw consent at any time, which will stop future sharing

3.2 Change of Purpose

 

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another compatible purpose under Article 6(4) UK GDPR, taking into account:

 

  • The relationship of the original purpose,

  • Context,

  • Nature of data

  • Potential consequences, and

  • Safeguards.

 

If we need to use your data for a purpose that is not compatible with the original purpose, we will notify you and explain the new legal basis.

 

Should we ever need to use your Personal Data for a purpose that is unrelated to the original reason for collection, we will notify you and explain the legal basis that permits us to do so.

 

Please note that we may process your Personal Data without your knowledge or further consent where this is required or permitted by law.

4. Your Rights and How You Are Protected

 

4.1 Your Legal Rights

 

Under UK data protection laws, you have rights in relation to your personal data, including:

 

  • Right to be informed: You have the right to know how we use your personal data. This privacy policy fulfils that right.

 

  • Right of access: You can request a copy of the personal data we hold about you and to check that we are processing it lawfully (a "Data Subject Access Request").

 

  • Right to rectification: You can request that we correct any incomplete or inaccurate personal data we hold about you.

 

  • Right to erasure (the 'right to be forgotten'): You can ask us to delete or remove your personal data where there is no compelling reason for us to continue processing it.

 

  • Right to restrict processing: You can ask us to suspend the processing in certain circumstances.

 

  • Right to data portability: You can request the transfer of your personal data to you or a third party in a structured, machine-readable format. This applies to automated data you provided based on consent or a contract.

 

  • Right to object: to object to processing based on our legitimate interests, including:

 

  • Objection to direct marketing at any time (we will stop immediately).

  • Objection to our use of imagery and associated data on legitimate interests. In this case, we will consider your objection on a case-by-case basis and stop processing unless we can demonstrate compelling legitimate grounds that override your interest, rights and freedoms, or the processing is required for legal claims.

 

  • Rights related to automated decision-making: we do not carry out fully automated decision-making, including profiling, that produces legal or similarly significant effects about individuals.

 

These rights are not absolute and may apply only in certain circumstances.

 

4.2 How to Exercise Your Rights

 

If you wish to exercise any of these rights, please contact us at privacy@threeweave.co.uk or by post at the address under section 1.2.

We may need to request specific information from you to confirm your identity and help us locate your data. We will respond within the time limits set by law, normally one month.

 

We will not usually charge a fee. However, we may charge a reasonable fee or refuse to act on a request that is manifestly unfounded, excessive or repetitive.

4.3 How We Protect Your Personal Data

We implement technical and organisational measures to protect your personal data from unauthorised access, loss, alteration or disclosure. These measures are proportionate to the sensitivity of the data we process, particularly the aerial imagery we capture.

Our measures include:

  • Access controls: Raw and partially processed imagery, and any data that may identify individuals, is accessible only to a limited, trained group of authorised personnel subject to confidentiality obligations.

  • Encryption and secure storage: Where feasible, data is encrypted on-drone or on the recording device and always encrypted in transit and at rest once uploaded to our systems.

  • Secure transmission and handling: We use secure channels to transfer data between drones, pilots, our infrastructure and our clients.

  • Vendor Management: We impose contractual obligations on processors (for example cloud and IT providers, drone operators) to implement appropriate security, support us in responding to rights requests and delete or return data at the end of the engagement.

  • Logging and auditing: We maintain logs of access to raw imagery and sensitive systems.

Please be aware that no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we strive to use appropriate measures to protect your data.

If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at privacy@threeweave.co.uk

 

4.4 How to Opt-Out of Marketing Communications

 

You can stop receiving marketing promotions from us at any time.

 

The easiest way to opt-out is by using the unsubscribe link included in every marketing email we send.

 

You can also contact us directly at privacy@threeweave.co.uk

 

Please note that opting out of marketing does not affect our use of your data for non-marketing purposes, such as providing services you have requested or maintaining necessary business records.

5. Transparency Around Inspections and Objections

 

5.1 Transparency Measures for Inspections

 

For individual home, heritage and hospitality inspections, we seek to ensure that people reasonably expect our presence and understand, at a high level, what we are doing. Depending on the engagement, this may include one of more of:

 

  • Information provided by the commissioning client (for example landlords or venue operators) to residents, staff or guests explaining that an aerial inspection is scheduled.

 

  • On-site signage indication that drone operations or inspections are taking place.

 

  • Information in booking, maintenance or project communications provided to relevant individuals.

 

Our website privacy notice is also available to anyone who wishes to understand more about how we process data.

 

5.2. Objecting or Raising Concerns About an Inspection

 

If you are a resident, neighbour, guest, staff member or other individual affected by planned or completed inspections and have concerns about our use of imagery you can contact us using the details in section 1.2.

 

Where we rely on legitimate interests, you have the right to object to our processing. In practice this may mean, for example:

 

  • Before an inspection (where feasible) – we may adjust flight plans to minimise or avoid direct, targeted imaging of your property or area, while still ensuring safety and fulfilling the contractual inspection scope.

  • After an inspection – we may further blur or remove specific imagery that relates to you or your property, where this is technically feasible and does not unreasonably compromise the inspection purpose or the rights of others.

 

Each objection will be considered on a case-by-case basis. We may need additional information to understand your request and how it relates to a particular inspection.

Three Weave - A Trading Arm of Screen Weave Ltd.

6. Your Data and Third Parties

 

6.1 Sharing Your Data

 

We will not sell your personal data to third parties for their marketing purposes. We may share your data in the following circumstances:

  • Clients – We provide inspection outputs (for example, reports, annotated images) to the client who commissioned the inspection (for example, a property owner, heritage custodian or hospitality operator). They will typically act as independent controllers of any personal data they hold about you and will have their own privacy responsibilities, where they are responsible for:

    • Their own lawful basis,

    • Meeting transparency obligations, and

    • Avoiding repurposing without lawful grounds.

 

  • Service providers (processors) – We use trusted third-party processors (for example, drone pilots operating under our instructions, cloud hosting, IT and security providers) who process data only on our documented instructions and under contracts that meet UK GDPR Article 28 requirements.

 

  • Business Transfers: In the event of a merger, acquisition or similar transaction, your data may be transferred to the new owner or operator, who will be bound by this or an equivalent privacy policy.

 

  • Legal Obligations: We may disclose personal data where required by law, to enforce our terms and conditions, or to protect the rights, property or safety of Three Weave, our clients or others.

 

We include contractual terms that limit how clients and processors may use inspection outputs, including restrictions on repurposing data for unrelated profiling, enforcement or discrimination against individuals without a separate lawful basis and appropriate transparency.

We may share your data in the following circumstances

  • Where you ask us to, or agree that we may, introduce you to contractors or service providers who may be able to help with inspection, repair or remedial works, we may share your name, contact details, Property address and a brief description of the type of issue or area of concern with carefully selected contractors in relevant trades (for example, roofing, building or maintenance). They will typically act as independent controllers of your data and will have their own privacy responsibilities

Where we have a referral arrangement with such contractors, we may receive a referral fee or commission, which is paid by the contractor and does not increase the price you pay.

6.2 Third-Party Links

Our website may contain links to third-party websites, plug-ins, or applications. Clicking on these links may allow third parties to collect or share data about you.

We do not control these third-party sites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy policy of every site you visit.

7. How Long We Retain Your Data

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.

In determining the appropriate retention period, we consider:

  • The amount, nature and sensitivity of the data.

  • The potential risk of harm from unauthorised use or disclosure.

  • The purposes for which we process the data and whether we can achieve those purposes by other means.

  • Applicable legal limitation periods

Examples:

  • Client and contract data – Typically retained for up to 7 years after the end of the client relationship, to comply with legal and tax obligations and to handle potential disputes.​

  • Aerial imagery – raw data – Raw images and video that may contain identifiable personal data are retained for a short period (typically up to 30 days) for quality assurance, troubleshooting and safety review, and then securely deleted or irreversibly depersonalised. Where possible, we aim to reduce this period as our processes mature.​​

  • Working and depersonalised imagery – Processed imagery and models in which identifiable elements have been blurred or removed may be retained for longer in order to generate and support the final reports, subject to contractual and legal needs.​

  • Final inspection reports – Kept in line with client and contract data (for example, up to 7 years) unless there is a specific reason to retain them longer (such as ongoing disputes or legal claims).​​

  • Prospective client enquiries – Retained for a short period to follow up on the enquiry and then deleted if no engagement follows.​

We may retain data for longer than the examples above where necessary in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

8. Age Limit for Our Users
Our services are not directed at children under16 and we do not knowingly collect personal data from children under 16. If we become aware that we have collected such data without appropriate consent, we will take steps to delete it.​
 

9. International Data Transfers
We store and process most personal data in the UK. In some cases, we may use service providers located outside the UK, including in the European Economic Area (EEA) or other countries.​


Where we transfer data outside the UK, we will ensure appropriate safeguards are in place, such as:
·       Transfers to countries deemed to provide an adequate level of protection by the UK government; or
·       Use of approved contractual clauses or equivalent safeguads.​​
You can contact us for more details about specific safeguards used in connection with your data.
 

10. Data Protection Impact Assessments and Privacy by Design
Given the nature of aerial imagery and the potential impact on individuals, we assess privacy risks before undertaking new or higher‑risk inspection activities.​​


Where a project is likely to result in a high risk to individuals’ rights and freedoms (for example, a large number of affected households, vulnerable groups, or new technologies such as advanced analytics), we conduct a Data Protection Impact Assessment (DPIA) in line with UK GDPR Article 35.​​
We apply privacy‑by‑design principles, including:


·       Considering privacy impacts when planning flight paths and choosing altitudes, angles and exclusion zones.​
·       Implementing early and effective depersonalisation measures.​​
·       Using contractual controls with clients and processors to limit misuse.​​
·       Periodically reviewing risk and safeguards in light of feedback, incidents and legal or technological developments.​​


11. Notification of Changes and Acceptance of Policy


We keep this privacy policy under regular review and may update it from time to time. Any changes will be posted on this page with an updated “Last updated” date.​
 

We encourage you to review this policy periodically to stay informed about how we protect your information. By using our services after changes are posted, you acknowledge the updated policy.​

12. Interpretation

In this privacy policy:

·       “Including” means “including but not limited to”.

·       Examples are illustrative and do not limit the scope of the general terms.​

 

All communications with us, including emails to the addresses provided in this policy, should relate to the purposes described here. We reserve the right not to respond to unrelated or inappropriate correspondence.

bottom of page