Back to home

Privacy Policy

Construction Project Management Portal · Seddon Construction Ltd · May 2026 · Version 1.0

Please read this Privacy Policy carefully before accessing or using the Portal. By registering for or using the Portal, you confirm that you have read, understood, and agree to the practices described in this document.

1. Introduction and Who We Are

Seddon Construction Ltd ("we", "us", "our") is a UK-based construction company committed to protecting the privacy and personal data of all individuals who interact with our Project Management Portal (the "Portal"). We are the data controller for the personal information we collect and process through the Portal.

The Portal is a secure digital platform used to manage construction projects from instruction through to completion. Access is restricted to our clients and supply chain partners (including subcontractors, consultants, and specialist suppliers) who have been formally authorised by us. The Portal is not accessible to the general public.

This Privacy Policy explains:

  • What personal data we collect and why
  • How we use and share your personal data
  • How long we retain your information
  • Your rights under UK data protection law
  • How to contact us or raise a concern

2. Data We Collect

2.1 Categories of Personal Data

We collect and process the following categories of personal data through the Portal:

  • Identity and Contact Information: full name and job title; company or organisation name; work email address and telephone number; business address
  • Project and Works Information: details of assigned construction project(s); photographs of works in progress and upon completion; trade certifications, compliance records, and inspection documentation; signed approvals, consents, and sign-off records; instructions, correspondence, and submissions made through the Portal
  • Access and System Data: Portal login credentials (passwords are stored in encrypted form only); access logs, timestamps, and activity records; device and browser information for security and audit purposes

2.2 Special Category Data

We do not intentionally collect special category data (such as health, biometric, racial, or religious information) through the Portal. If any such data is inadvertently submitted as part of project documentation, it will be handled with additional safeguards and removed at the earliest appropriate opportunity.

3. Why We Collect Your Personal Data

We collect and use your personal data on the following legal bases under UK GDPR:

3.1 Performance of a Contract (Article 6(1)(b))

Where you are a client or supply chain partner, we process your data to fulfil our contractual obligations, including managing project delivery, issuing and receiving instructions, tracking progress, and maintaining records of completed works.

3.2 Legitimate Interests (Article 6(1)(f))

We process certain data to pursue our legitimate business interests, including maintaining the security and integrity of the Portal, monitoring compliance across projects, and keeping accurate records for audit and dispute resolution purposes. We have conducted a balancing test to ensure these interests do not override your fundamental rights and freedoms.

3.3 Legal Obligation (Article 6(1)(c))

We may be required to process and retain certain personal data and project records to comply with applicable legislation, including health and safety law, building regulations, and financial reporting requirements.

3.4 Consent (Article 6(1)(a))

Where we rely on your consent (for example, for optional communications), you may withdraw that consent at any time by contacting us using the details in Section 10.

4. How We Share Your Personal Data

We operate a strict need-to-know principle. Your personal data will only be shared with individuals and organisations who require it for the specific purpose for which it was collected.

  • We do not sell, rent, or trade your personal data to any third party for commercial purposes.

4.1 Internal Users

Project managers, contract managers, site managers, and other employees who have been granted access on a role-specific basis relevant to the project.

4.2 Clients

Where you are a client, relevant contractors, subcontractors, or suppliers assigned to a specific project may have visibility of contact information and project details to the extent required to carry out and coordinate their works.

4.3 Supply Chain Partners

Where you are a supply chain partner, your name, role, progress submissions, and relevant certifications may be visible to the client commissioning the relevant works, to the extent necessary for project oversight, approval, and sign-off.

4.4 Third-Party Service Providers

We use carefully selected third-party providers to support the operation of the Portal, including IT hosting, cloud storage, and cybersecurity services. These parties act as data processors on our behalf and are contractually bound to process your data only on our instructions and in accordance with applicable data protection law.

4.5 Legal and Regulatory Bodies

We may disclose personal data where required to do so by law, court order, or regulatory authority, including the Health and Safety Executive (HSE), local authorities, or HMRC.

5. Data Retention

We retain personal data only for as long as it is necessary for the purposes for which it was collected. Our retention schedule is as follows:

  • Active project data: retained for the duration of the project plus six years following practical completion, in line with the standard limitation period under the Limitation Act 1980
  • Defects liability period records: retained until the expiry of the relevant defects liability period and for a further six years thereafter
  • Certifications and statutory compliance records: retained in accordance with the applicable legal requirement, which may exceed six years
  • Portal access credentials and login data: deactivated promptly upon project completion or upon a user's departure, and deleted within 30 days of deactivation
  • Photographs and site images: retained for the duration of the relevant project and associated liability periods, then securely deleted
  • Upon expiry of the relevant retention period, all data will be securely destroyed in accordance with our Data Destruction Policy

6. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, alteration, or disclosure. These include:

  • Role-based access controls limiting data visibility to authorised users only
  • Encryption of data in transit and at rest
  • Secure authentication for Portal access
  • Regular security audits and vulnerability assessments
  • Staff training on data protection and information security
  • In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and will notify affected individuals without undue delay where required

7. International Transfers

We do not routinely transfer personal data outside the United Kingdom. Where any transfer does occur — for example, in connection with cloud infrastructure hosted outside the UK — we will ensure that appropriate safeguards are in place, such as a UK International Data Transfer Agreement (IDTA) or equivalent mechanism recognised under UK law.

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data where there is no longer a lawful basis to retain it
  • Right to restriction — to request that we limit our processing in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests
  • Right to withdraw consent — where processing is consent-based, you may withdraw at any time

To exercise any of these rights, please contact our Data Protection Officer using the details in Section 10. We will respond within one calendar month. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time: www.ico.org.uk · Helpline: 0303 123 1113.

9. Cookies and Tracking

The Portal may use strictly necessary cookies to maintain your session and ensure security. No advertising, analytics, or behavioural tracking cookies are used. You cannot opt out of strictly necessary cookies, as they are essential for the Portal to function.

10. Contact Us

For any questions, concerns, or data subject rights requests relating to this Privacy Policy, please contact:

  • Data Protection Officer, Seddon Construction Ltd
  • Email: Liam.hickey@seddon.co.uk
  • Phone: 01204 570 400
  • Address: Plodder Lane, Edge Fold, Bolton, BL4 0NN
  • Registered in England: 3578140

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our operations, or our data practices. The current version will always be accessible within the Portal. Where changes are material, registered users will be notified by email no less than 14 days before the change takes effect. Continued use of the Portal after that date constitutes acceptance of the revised policy.

Last updated: May 2026 | Version 1.0