Privacy Policy

This Privacy Policy explains how TheContractorsToolbox ("we", "us", or "our") collects, uses, stores, shares, and protects personal data when you visit our website, request a demonstration, subscribe to our services, or use our construction compliance platform.

We are committed to handling personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

TheContractorsToolbox provides software for construction compliance, including RAMS, COSHH, inspections, workforce safety, documentation, and related operational workflows for UK contractors and construction teams.

For the purposes of data protection law, TheContractorsToolbox is the data controller for personal data processed through our website and direct customer relationships, unless we agree in writing that you are the controller for data you upload about your workforce or site operations.

If you have questions about this policy or our use of personal data, contact us at privacy@thecontractorstoolbox.com.

This policy applies to personal data we process about website visitors, prospective customers, account administrators, authorised users, billing contacts, support contacts, and individuals whose information is submitted to us in connection with trials, demos, or service delivery.

If you use our platform on behalf of an employer or customer organisation, that organisation may also have its own privacy notices governing how it uses workforce, site, and compliance information. Where we process such information on the organisation's instructions, we generally act as a data processor.

The information we collect depends on how you interact with us and which features you use. It may include identity and contact details such as your name, job title, company name, email address, telephone number, billing address, and account credentials.

We may also collect business and usage information, including subscription details, support requests, audit logs, device and browser information, IP address, approximate location derived from IP data, pages viewed, referral source, cookie preferences, and records of communications with our team.

If you use our compliance modules, we may process operational and workforce-related information submitted by you or your organisation, such as RAMS records, inspection results, training status, certifications, photos, signatures, site notes, timestamps, and other documentation required for compliance workflows.

We use personal data to provide, operate, maintain, secure, and improve our platform; create and administer accounts; authenticate users; process subscriptions and payments; deliver customer support; send service communications; respond to enquiries; and comply with legal obligations.

We may also use data to analyse product usage, develop new features, prevent fraud and misuse, enforce our terms, protect our rights, and send marketing communications where permitted by law and, where required, with your consent.

Under UK GDPR, we rely on one or more lawful bases depending on the activity. These may include performance of a contract, steps taken at your request before entering into a contract, legitimate interests, compliance with legal obligations, and consent where required.

Our legitimate interests include operating and improving a secure B2B SaaS platform, supporting customers, understanding how our services are used, and promoting our business in a proportionate way. Where we rely on legitimate interests, we balance those interests against your rights and expectations.

We do not sell personal data. We may share information with service providers that help us deliver our services, such as hosting providers, analytics providers, communications tools, payment processors, identity providers, customer support systems, and professional advisers.

We may also disclose information where required by law, court order, or regulatory request; to protect the rights, property, or safety of our users, customers, or others; in connection with a merger, acquisition, financing, or sale of assets; or with your direction or consent.

Where we use subprocessors to support platform delivery, we require appropriate contractual safeguards and security measures.

We aim to store and process personal data within the United Kingdom and the European Economic Area where possible. If personal data is transferred outside the UK or EEA, we implement appropriate safeguards such as UK International Data Transfer Agreements, adequacy regulations, or equivalent approved mechanisms.

We retain personal data only for as long as necessary for the purposes described in this policy, including to provide the service, meet contractual and legal requirements, resolve disputes, and enforce our agreements.

Retention periods vary depending on the type of data, your relationship with us, and applicable law. When data is no longer required, we delete or anonymise it in accordance with our retention schedule and technical capabilities.

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption in transit, role-based permissions, logging, monitoring, backups, and staff training.

No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for configuring user access appropriately within your organisation.

Depending on applicable law, you may have rights to request access to your personal data, correction of inaccurate data, erasure, restriction of processing, objection to certain processing, data portability, and withdrawal of consent where processing is based on consent.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). We encourage you to contact us first so we can try to resolve your concern.

To exercise your rights, email privacy@thecontractorstoolbox.com. We may need to verify your identity and, where requests relate to data controlled by one of our customers, direct you to that customer.

Our website may use cookies and similar technologies to enable core functionality, remember preferences, measure performance, and understand how visitors use our pages. You can manage cookies through your browser settings and, where provided, our cookie preference tools.

Some cookies are essential for the site to function. Others may be used for analytics or marketing only where permitted by law.

Our services are intended for business use and are not directed at children under 18. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. The "Last updated" date at the top of this page will change when revisions are published. Material changes may also be communicated through the website or by other appropriate means.

For privacy questions, data subject requests, or concerns about this policy, contact privacy@thecontractorstoolbox.com.

If you are a customer user and wish to access or correct workforce or site data held on behalf of your employer, please contact your organisation in the first instance.