0123 456 7890

info@xkstructures.co.uk

Facebook Instagram X-twitter Youtube
Request a Quote

Privacy Policy

Effective from: 1st March 2026

Who We Are
XK Structures Ltd (“we”, “us”, “our”) is a construction company specialising in steel fixing, reinforced concrete frames, and groundworks. We are registered in England and Wales. Our registered office address is [Your Registered Office Address Here].

We are committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you interact with us, whether via our website at [Your Website URL], by phone, email, or in person.

For the purposes of UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the 'data controller' of your personal information.

The Information We Collect & Our Lawful Basis
We may collect and process the following personal data about you:

Information You Provide to Us

• Contact & Identity Data: Name, job title, company name, business email address, business phone number, and business postal address when you request a quote, make an inquiry, or enter into a contract with us.
• Project & Transaction Data: Details about your construction project, correspondence with us, and payment/banking details for invoicing.
• Marketing & Communications Data: Your preferences in receiving marketing from us.

Information We Collect Automatically

• Technical Data: When you visit our website, we may collect your IP address, browser type, operating system, and information about your visit (e.g., pages viewed) via cookies.

Information from Third Parties

• We may receive technical data from analytics providers (like Google).
pg. 31
• We may receive contact and identity data from publicly available sources (like Companies House) or from subcontractors/suppliers where you are a relevant contact for a joint project.

Our Lawful Basis for Processing
We will only use your personal data when the law allows us to. Our primary lawful bases are:

• Performance of a Contract: To provide you with a quote, fulfil our services, and manage our business relationship.
• Legitimate Interests: To operate and administer our business, ensure network security, prevent fraud, and for direct marketing of similar services to existing clients (you have the right to object).
• Legal Obligation: To comply with our legal and regulatory duties (e.g., health & safety records, tax compliance).
• Consent: For certain non-essential cookies or for sending marketing communications to nonclients. You can withdraw consent at any time.

How We Use Your Personal Data
We will use your personal data for the following purposes:

• To provide you with information, quotes, and estimates for our services.
• To perform our contract with you, including managing site access, communications, and project delivery.
• To administer and protect our business and our website (including troubleshooting, data analysis, and system testing).
• To manage payments, fees, and charges.
• To comply with our legal obligations in the construction industry (e.g., maintaining health and safety records, construction phase plans).
• To send you relevant marketing communications about our services, industry news, or company updates, where we have a legitimate interest or your consent.

How We Share Your Personal Data
We may share your personal data with the following third parties only where necessary and under strict obligations of confidentiality:

• Subcontractors & Suppliers: Essential for the performance of your project (e.g., specialist groundworks teams, plant hire companies). We share only the information necessary for them to fulfil their role.
• Professional Advisers: Including lawyers, bankers, auditors, and insurers.
• Regulatory Authorities: Such as HMRC, the Health and Safety Executive (HSE), or other authorities where required by law.
• Service Providers: Who provide IT, system administration, cloud storage, and payment processing services. These providers are not permitted to use your data for their own purposes.
• Potential Buyers: In the context of a business sale, merger, or restructuring.

We do not sell your personal data to any third parties.

pg. 32

Data Security & Retention

• Security: We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed unlawfully. These include secure IT systems, restricted physical access, and staff training on data protection. The transmission of information via the internet is not completely secure, and we cannot guarantee the security of data sent to us electronically.
• Retention: We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Client Project Data: We typically retain core project data (contracts, correspondence, safety records) for 12 years from project completion, in line with industry standards and potential liability under the Defective Premises Act 1972.
• Financial Records: We retain invoices and payment records for 7 years to comply with HMRC regulations.
• Marketing Data: We retain contact details for marketing purposes for as long as you actively engage with our communications or for 3 years from our last meaningful contact, after which it will be deleted or anonymised.

Your Legal Rights
Under UK data protection law, you have rights including:

• Right of Access: To request a copy of the personal data we hold about you (a “subject access request”).
• Right to Rectification: To request correction of inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): To request deletion of your data, where there is no compelling reason for us to continue processing it.
• Right to Restrict Processing: To request we suspend processing of your data in certain scenarios.
• Right to Data Portability: To request transfer of your data to another service provider.
• Right to Object: To object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details in Section 8. You will not have to pay a fee, but we may charge a reasonable fee if your request is clearly unfounded or excessive. We may need to request specific information from you to confirm your identity.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at any time (www.ico.org.uk).

Changes to This Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated “Last Updated” date. We will notify you of any significant changes if we are required to do so by law.