This policy explains how TCM Building and Maintenance collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
TCM Building and Maintenance is committed to protecting your privacy. This policy has been prepared in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and guidance from the Information Commissioner's Office (ICO).
TCM Building and Maintenance is a building and property maintenance company registered in England and Wales. We are the data controller responsible for your personal information.
If you have any questions about how we handle your personal data, contact us at the details above. We aim to respond to all privacy-related enquiries within 30 days.
We collect personal data in the following categories, depending on how you interact with us:
| Category | Examples | Source |
|---|---|---|
| Identity data | Name, title | You provide directly |
| Contact data | Email address, phone number, postal address | You provide directly |
| Property data | Property address, type of work required, project details | You provide directly |
| Communications data | Enquiry messages, quote requests, email correspondence | You provide directly |
| Technical data | IP address, browser type, pages visited, time on site | Automatically via cookies |
| Usage data | How you navigate our website, which pages you view | Automatically via cookies |
| Financial data | Payment details for completed work | You provide directly or via payment processor |
We do not collect any special category data (such as health information, racial or ethnic origin, or political opinions) unless you voluntarily provide it in the context of a specific project (for example, access requirements for a property).
We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal information, please contact us immediately.
We use your personal data only for the purposes set out below, and only where we have a valid lawful basis for doing so under UK GDPR Article 6:
When you contact us about a project, we use your contact and property details to assess your requirements and provide an accurate quote.
Once you engage us for work, we use your data to manage the project, communicate progress, and arrange site visits.
We retain financial records as required by HMRC for a minimum of 6 years.
If you have opted in, we may send you information about our services, seasonal offers, or relevant guides. You can withdraw consent at any time.
We analyse anonymised usage data to understand how visitors use our site and to improve the user experience.
We may be required to share information with HMRC, the Health & Safety Executive, or other regulatory bodies.
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law:
| Type of Data | Retention Period |
|---|---|
| Enquiries that did not result in a contract | 12 months from last contact |
| Project and contract records | 6 years from project completion (Limitation Act 1980) |
| Financial and invoice records | 6 years (HMRC requirement) |
| Health & Safety records (e.g. COSHH, risk assessments) | Up to 40 years where required by law |
| Marketing consent records | Until consent is withdrawn, then deleted within 30 days |
| Website analytics (anonymised) | 26 months (Google Analytics default) |
Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at [email protected].
Request a copy of the personal data we hold about you (Subject Access Request). We will respond within one month.
Ask us to correct inaccurate or incomplete personal data we hold about you.
Request deletion of your personal data where there is no compelling reason for us to continue processing it.
Ask us to suspend processing your data in certain circumstances, for example while a complaint is investigated.
Receive your personal data in a structured, commonly used format to transfer to another service provider.
Object to processing based on legitimate interests, including direct marketing. We will stop unless we have compelling legitimate grounds.
Where processing is based on consent, withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
We will not charge a fee for exercising your rights unless a request is manifestly unfounded or excessive. In those circumstances, we may charge a reasonable administrative fee or refuse to comply.
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly without undue delay.
We review this Privacy Policy regularly and will update it when our practices change or when required by law. The date at the top of this page indicates when it was last reviewed. We will notify you of significant changes by email if you are an existing client.
We encourage you to review this policy periodically to stay informed about how we protect your personal data.
If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we have handled your personal data, please contact us:
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: