Privacy Policy

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contractual Necessity: To perform our contract with you or take steps at your request before entering into a contract (e.g., providing quotes, delivering building services)
• Legitimate Interests: For our legitimate business interests, such as improving our services, website functionality, marketing our services (where you haven't opted out), and preventing fraud
• Consent: Where you have given clear consent for us to process your data for specific purposes (e.g., marketing communications, newsletter subscriptions)
• Legal Obligations: To comply with legal requirements, such as tax obligations, health and safety regulations, and building regulations
• Vital Interests: To protect your vital interests or those of another person (e.g., in emergency situations)

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our building and construction services, including project planning, execution, and completion
• Communication: To respond to your inquiries, provide quotes and estimates, send project updates, and communicate about our services
• Customer Support: To provide customer service, address complaints, and resolve issues related to our services
• Contract Management: To manage contracts, process payments, issue invoices, and maintain business records
• Legal Compliance: To comply with legal obligations, including building regulations, health and safety requirements, tax obligations, and insurance requirements
• Website Improvement: To analyse website usage, improve website functionality, and enhance user experience
• Marketing: To send you marketing communications about our services, special offers, and company news (only with your consent or where we have a legitimate interest)
• Security: To detect, prevent, and address technical issues, security threats, and fraudulent activity
• Business Operations: To manage our business operations, including supplier relationships, subcontractor coordination, and quality assurance

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

• Service Providers and Contractors: We may share information with trusted third-party service providers who assist us in operating our business, including website hosting, email services, payment processing, accounting software, and cloud storage providers. These providers are contractually obligated to protect your information and use it only for the purposes we specify
• Subcontractors and Suppliers: When necessary for project delivery, we may share relevant project information with subcontractors, suppliers, and tradespeople working on your project
• Professional Advisors: We may share information with our professional advisors, including accountants, solicitors, and insurance brokers, as necessary for business operations
• Regulatory Authorities: We may disclose information to regulatory bodies, local authorities, building control officers, and other government agencies as required by law or building regulations
• Legal Requirements: We may disclose information if required by law, court order, or in response to valid requests by public authorities (e.g., police, HMRC)
• Business Transfers: In the event of a merger, acquisition, sale of assets, or business transfer, your information may be transferred to the new owner, subject to the same privacy protections
• With Your Consent: We may share your information with third parties when you have given explicit consent for us to do so
• Emergency Situations: We may share information in emergency situations to protect your vital interests or those of others

All third parties with whom we share your information are required to maintain appropriate security measures and use your information only for the purposes we specify, in accordance with applicable data protection laws.

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit using SSL/TLS protocols
• Secure storage of data with access controls and authentication
• Regular security assessments and updates to our systems
• Staff training on data protection and security best practices
• Physical security measures for our premises and equipment
• Regular backups of data with secure storage
• Limited access to personal data on a need-to-know basis

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. If we become aware of a data breach that may affect your personal information, we will notify you and the relevant supervisory authority in accordance with UK GDPR requirements.

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of Access: You have the right to request copies of your personal data that we hold. This is commonly known as a "data subject access request". We will provide this information within one month of your request, free of charge (unless the request is manifestly unfounded or excessive).
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. We will update your information promptly upon verification.
• Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose, you withdraw consent, or the data has been unlawfully processed. However, we may need to retain certain information for legal or contractual reasons (e.g., tax records, warranty information).
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another data controller where technically feasible.
• Right to Object: You have the right to object to processing of your personal data for direct marketing purposes or where we process your data based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds for the processing.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal.
• Rights Related to Automated Decision-Making: You have rights regarding automated decision-making and profiling, though we do not currently use automated decision-making processes that produce legal or similarly significant effects.

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority.

We will retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

• Legal Requirements: We retain financial and tax records for at least 6 years as required by HMRC
• Contractual Obligations: We retain contract and project information for the duration of warranties and guarantees (typically 12 months to 10 years depending on the work)
• Business Needs: We retain customer contact information and project history for legitimate business purposes, such as providing references and maintaining relationships
• Consent: We retain marketing contact information until you withdraw consent or unsubscribe
• Legal Claims: We may retain information longer if necessary for the establishment, exercise, or defence of legal claims

When we no longer need your information, we will securely delete or anonymise it in accordance with our data retention schedule and applicable legal requirements.

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us:

Supervisory Authority: If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):