Privacy Statement

Tetra Tech is committed to protecting the privacy and security of personal information processed via the Tetra Tech BHI Platform (“the Platform”). This Privacy Statement describes how we handle personal data on behalf of our clients (your employer or contracting organization) when you use the Platform.

While some countries have their own privacy laws, this global statement supports all relevant local legal frameworks and outlines how we process personal data in compliance with those laws.

Who is the Data Controller?

Your employer or contracting organization (referred to as the “Client”) is the data controller. This means they determine the purposes and means of processing your personal data.

Tetra Tech acts as a data processor on the Client’s behalf and processes personal data strictly in accordance with the Client’s instructions and applicable data protection laws, including the UK GDPR and EU GDPR.

If you have questions about how your data is used or wish to exercise your rights, please contact your employer or contracting organization directly.

Personal Data We Process

As a data processor, we may process the following types of personal data as instructed by the Client:

• Identity Data: e.g., first name, last name
• Contact Data: e.g., email address, phone number
• Technical Data: e.g., IP address, browser type and version, device information
• Support Data: e.g., information you provide when contacting support

We do not collect any personal data for our own purposes.

How We Collect Personal Data

We receive your personal data through the following methods:

• From the Client or its authorized administrators to provision user accounts
• Via Single Sign-On (SSO) or other authentication mechanisms
• Through automated means such as cookies and web logs during use of the Platform

For more information about our use of cookies, please refer to our Cookie Policy.

How We Use Your Personal Data

We process personal data only as necessary to provide the services agreed with the Client, including:

• Provisioning and managing access to the Platform
• Maintaining the functionality and security of the Platform
• Responding to user support queries
• Logging activity for system integrity and incident response

We may also process personal data where:

• Required by law under the Client’s instruction
• Necessary to fulfill the Client’s contractual obligations
• Permitted for the Client’s legitimate interests and not overridden by user rights

Our Privacy Commitments

We are committed to the following principles of data protection:

• Lawfulness, fairness, and transparency
• Purpose limitation – only processing data for defined purposes
• Data minimisation – only processing what is necessary
• Accuracy – ensuring data is kept up to date
• Storage limitation – retaining data only as long as necessary
• Integrity and confidentiality – protecting personal data through security safeguards
• Accountability – documenting and demonstrating compliance with data protection obligations

How We Protect Your Personal Data

We have implemented appropriate technical and organizational measures to safeguard your personal data. Access is limited to authorized personnel who require it to perform their duties and are bound by confidentiality obligations.

Data Retention

We retain your personal data only as long as necessary to provide the Platform services or as instructed by the Client. When access is deactivated or the retention period has lapsed, data is securely deleted or anonymized, in accordance with applicable legal and contractual obligations.

International Data Transfers

All our data is stored in the UK. However, if personal data is transferred outside of the UK, EEA, or other relevant jurisdictions, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by data protection authorities

Your Data Protection Rights

You may have the following rights under applicable data protection law:

• Request access to personal data (subject access)
• Request correction of inaccurate or incomplete data
• Request erasure (“right to be forgotten”)
• Object to processing on certain legal grounds
• Request restriction of processing
• Request data portability
• Withdraw consent where applicable

Important: As a data processor, we cannot respond directly to these requests. If you wish to exercise any of these rights, please contact your employer or contracting organization. If we receive a request directly, we will promptly notify the Client and await further instruction.

Updates to This Privacy Statement

We may update this Privacy Statement from time to time. Any changes will be published on this page. You are encouraged to review it regularly.

Contact Us

General inquiries: info@tetratech.com

General privacy-related inquiries: privacy@tetratech.com

UK/EU-specific privacy-related queries: UK.dataprotection@tetratech.com