Introduction

This policy explains how Castlegate Building and Maintenance Ltd, trading as Castlegate Builders ("Castlegate Builders", "we", "us", "our"), collects, uses, and protects personal data. Personal data means any information relating to an identifiable living person ("you", "the data subject").

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). This policy does not apply to information that is already in the public domain, such as company information held at Companies House.

Who we are

Castlegate Builders is a UK-based construction and building maintenance company, operated by Castlegate Building and Maintenance Ltd, company number 16212403.

For all data protection matters, contact us at: andy@castlegatebm.co.uk

What personal data we collect

We may collect personal data about you when you:

·       Contact us by email, phone, or through our website enquiry form

·       Request a quote or instruct us to carry out work

·       Visit our website (e.g. IP address and browsing behaviour, via Google Analytics)

·       Correspond with us by phone, email, or in person

This may include your name, contact details, address, and details of the work you have requested. We do not knowingly collect sensitive categories of personal data, and we only collect what is needed to provide our services.

How we use your personal data

We use your personal data to:

·       Provide quotes, carry out building work, and manage our contract with you

·       Respond to enquiries and correspondence

·       Send you marketing about our services, where you have not opted out

·       Understand how visitors use our website, so we can improve it

·       Meet our legal, accounting, and regulatory obligations

Where we act on behalf of a client as a processor of data they provide to us (for example, to deliver a contracted service), we will only process that data in line with the client’s instructions and this policy.

We do not sell or broker your personal data to third parties.

Cookies and Google Analytics

Our website uses Google Analytics to understand how visitors use our site — for example, which pages are viewed and how long visitors stay. Google Analytics does this using cookies, small text files stored on your device, and collects information such as your IP address and browsing behaviour on our site. We do not combine this information with other personal data we hold about you.

You can prevent your data being used by Google Analytics by installing the Google Analytics opt-out browser add-on, available at: https://tools.google.com/dlpage/gaoptout. You can also block or delete cookies at any time through your browser settings, though this may affect how parts of our website function.

More information on how Google collects and processes data through Analytics is available in Google’s Privacy Policy: https://policies.google.com/privacy.

Who we share your personal data with

We will not share your personal data with third parties except where:

·       It is necessary to deliver the service or contract you have with us

·       We use a service provider to help run our business, such as Google Analytics (see above) or our accountant/bookkeeper

·       We are required to by law, or requested to by a regulator, court, or law enforcement body

·       It is necessary in connection with the sale or transfer of part or all of our business

Any third party we share data with is only permitted to use it for the purpose we specify, and is required to keep it secure.

Legal basis for processing

We rely on the following legal bases under UK GDPR:

·       Contract – to provide quotes and carry out work you have instructed

·       Legitimate interests – to market our services to existing and prospective customers, and to understand use of our website

·       Legal obligation – to meet accounting, tax, and regulatory requirements

·       Consent – where you have actively agreed to receive marketing or to specific use of your data, which you may withdraw at any time

Data retention

We keep personal data for as long as necessary to provide our services and meet our legal obligations. As a general rule, we retain client and contract-related personal data for 7 years after a contract ends, to meet tax and legal requirements. Data no longer needed is securely deleted.

Data storage and transfers

Your personal data is stored on servers and systems within the United Kingdom. Where a service provider we use (such as Google Analytics) stores or processes data outside the UK, we rely on that provider’s compliance with UK adequacy regulations or equivalent legal safeguards, such as standard contractual clauses.

Your rights

Under UK GDPR, you have the right to:

·       Access a copy of the personal data we hold about you

·       Correct inaccurate or incomplete data

·       Request erasure of your data in certain circumstances

·       Restrict how we process your data in certain circumstances

·       Receive your data in a portable format

·       Object to processing, including direct marketing

·       Withdraw consent at any time, where consent is the legal basis for processing

To exercise any of these rights, email andy@castlegatebm.co.uk. We may need to verify your identity before responding, and will respond within one month as required by law.

Complaints

If you have concerns about how we handle your personal data, please contact us first at andy@castlegatebm.co.uk so we can try to resolve the issue directly. If you remain unsatisfied, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The "last updated" date at the top of this page shows when it was last revised.