Privacy Policy
This Privacy Policy explains how Colossus Scaffolding collects, uses, and protects your personal data in accordance with UK data protection laws.
Table of Contents
1. Data Controller Information
Colossus Scaffolding is the data controller for your personal information. We are a professional scaffolding company providing commercial, industrial, and residential scaffolding services across the South East UK.
Company Details:
Business Name: Colossus Scaffolding Ltd
Registered Office: Office 7, 15-20 Gresley Road, St Leonards On Sea, East Sussex, TN38 9PL
Phone: 01424 466 661
Email: info@colossusscaffolding.com
Service Area: East Sussex, West Sussex, Kent, Surrey, Essex, London
2. Data We Collect
As a scaffolding contractor, we collect different types of personal data depending on how you interact with our services:
2.1 Scaffolding Service Inquiries
When you contact us for scaffolding quotes or services, we collect:
- Contact Information: Name, phone number, email address
- Project Details: Property address, project description, scaffolding requirements
- Business Information: Company name (for commercial projects), contractor details
- Communication Records: Phone call records, email correspondence, site visit notes
- Quote Information: Scaffolding specifications, pricing, project timelines
2.2 Website Analytics Data
Through our website and analytics systems, we collect:
- Technical Information: IP address, browser type, device information
- Usage Data: Pages visited, time spent on site, click patterns
- Referral Information: How you found our website (search engines, social media, direct)
- Cookie Data: Analytics cookies, consent preferences (see our Cookie Policy)
- Performance Data: Website loading times, error reports
2.3 Marketing & Communications
For marketing our scaffolding services, we may collect:
- Marketing Interactions: Email opens, link clicks, social media engagement
- Advertising Data: Response to Facebook and Google Ads campaigns
- Conversion Tracking: Actions taken after viewing our advertising
- Preference Data: Communication preferences, service interests
2.4 Active Project Information
For customers with active scaffolding projects, we process:
- Project Management: Installation schedules, progress reports, completion certificates
- Health & Safety: Risk assessments, safety inspections, compliance records
- Financial Information: Invoices, payment records, purchase order details
- Site Information: Access requirements, site photos, installation drawings
- Contractor Details: Subcontractor information, certification records
3. How We Use Your Data
We use your personal data to provide professional scaffolding services and improve our business operations:
Service Delivery
- Provide scaffolding quotes and estimates
- Schedule site visits and installations
- Manage scaffolding projects and timelines
- Conduct safety inspections and compliance checks
- Process payments and invoicing
- Provide customer support and project updates
Business Operations
- Improve our scaffolding services and processes
- Analyze website performance and user experience
- Develop new scaffolding solutions and services
- Train our team and improve service quality
- Ensure health and safety compliance
- Maintain accurate business records
Marketing & Communications
- Send information about our scaffolding services
- Market relevant scaffolding solutions
- Measure advertising campaign effectiveness
- Send newsletters and service updates
- Respond to inquiries and customer service
- Follow up on quotes and proposals
Legal & Compliance
- Comply with health and safety regulations
- Meet insurance and certification requirements
- Fulfill contractual obligations
- Respond to legal requests or disputes
- Maintain accurate financial records
- Ensure GDPR and data protection compliance
4. Legal Basis for Processing
Under UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:
Legitimate Interests
For most business operations, we rely on our legitimate interests as a scaffolding company to provide services and run our business effectively.
Examples: Processing inquiries, providing quotes, analyzing website performance, improving services, business communications.
Contract Performance
When you engage us for scaffolding services, we need to process your data to fulfill our contractual obligations.
Examples: Project management, scheduling installations, safety compliance, invoicing, delivery of scaffolding services.
Consent
For certain activities, we ask for your explicit consent before processing your data.
Examples: Marketing cookies, targeted advertising, newsletters, optional marketing communications.
Legal Obligation
Sometimes we must process data to comply with legal requirements in the construction and scaffolding industry.
Examples: Health and safety compliance, tax obligations, insurance requirements, regulatory reporting.
5. Data Sharing & Third Parties
We may share your personal data with trusted third parties who help us provide our scaffolding services:
Service Providers
- Analytics Services: Google Analytics for website performance analysis
- Marketing Platforms: Facebook/Meta for advertising, Google Ads for marketing campaigns
- Email Services: Email providers for business communications and newsletters
- Cloud Storage: Secure cloud services for data backup and storage
- Payment Processors: For handling invoices and payment processing
Scaffolding Industry Partners
- Subcontractors: Qualified scaffolding professionals who assist with projects
- Suppliers: Equipment and material suppliers for scaffolding projects
- Insurance Providers: For liability coverage and claims processing
- Certification Bodies: For health and safety compliance and inspections
Legal & Regulatory
- Legal Authorities: When required by law or court order
- Health & Safety Executive (HSE): For compliance reporting if required
- Professional Bodies: Industry associations and certification organizations
- Accountants & Advisors: Professional services for business operations
Data Protection: All third parties are contractually required to protect your data and use it only for the specific purposes we've authorized. We never sell your personal data to third parties.
6. Data Retention
We keep your personal data only as long as necessary for the purposes outlined in this policy and to meet our legal obligations:
| Data Type | Retention Period | Reason |
|---|---|---|
| Quote requests & inquiries | 2 years from last contact | Business development, follow-up opportunities |
| Active project records | 7 years after project completion | Legal obligations, insurance requirements |
| Financial records & invoices | 7 years | UK tax and accounting requirements |
| Health & safety records | 40 years (HSE requirement) | Construction industry legal obligations |
| Website analytics data | 26 months | Google Analytics standard retention |
| Marketing communications | Until withdrawn consent | Consent-based processing |
| Cookie consent preferences | 1 year | PECR compliance requirements |
Note: Some records may be retained longer if required for legal proceedings or regulatory investigations. We review retention periods regularly and securely delete data when no longer needed.
7. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access
Request copies of your personal data we hold and information about how we process it.
We'll provide this information free of charge within one month.
Right of Rectification
Request correction of incomplete or inaccurate personal data.
We'll update your information and notify relevant third parties.
Right of Erasure
Request deletion of your personal data in certain circumstances.
Subject to our legal obligations and legitimate interests.
Right to Restrict Processing
Request that we limit how we use your personal data.
Available in specific circumstances outlined by UK GDPR.
Right of Data Portability
Receive your personal data in a machine-readable format.
Applies to data processed automatically based on consent or contract.
Right to Object
Object to processing based on legitimate interests or for marketing purposes.
We'll stop processing unless we have compelling legitimate grounds.
How to Exercise Your Rights
To exercise any of these rights, please contact us using the details in Section 11. We may need to verify your identity before processing your request.
Response Time: We'll respond within one month (or two months for complex requests)
Cost: Exercising your rights is generally free, unless requests are excessive or repetitive
Verification: We may request proof of identity to protect your personal data
8. International Transfers
Some of our service providers are located outside the UK. When we transfer your data internationally, we ensure appropriate safeguards are in place:
Google Services (Analytics & Ads)
Google processes data in various countries including the United States.
- Google is certified under the EU-US Data Privacy Framework
- Standard Contractual Clauses provide additional protection
- Google implements technical and organizational security measures
Facebook/Meta Services
Facebook may process data in the United States and other countries.
- Meta is certified under the EU-US Data Privacy Framework
- Standard Contractual Clauses apply to data transfers
- Additional security measures protect data in transit and storage
Your Protection: We only work with providers who can demonstrate appropriate data protection standards equivalent to UK GDPR requirements.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
Technical Measures
- Encryption of data in transit and at rest
- Secure server infrastructure and hosting
- Regular security updates and patches
- Access controls and authentication systems
- Secure backup and recovery procedures
- Network security and firewall protection
Organizational Measures
- Staff training on data protection principles
- Access controls limiting data access to authorized personnel
- Regular security assessments and reviews
- Data processing agreements with third parties
- Incident response and breach notification procedures
- Regular policy updates and compliance monitoring
Data Breach: In the unlikely event of a data breach that poses a risk to your rights, we will notify you and the ICO within 72 hours as required by UK GDPR.
11. Contact & Complaints
Contact Us
For any questions about this Privacy Policy or to exercise your rights:
Colossus Scaffolding Ltd
Office 7, 15-20 Gresley Road
St Leonards On Sea
East Sussex TN38 9PL
Phone: 01424 466 661
Email: info@colossusscaffolding.com
Privacy Enquiries: Contact Form
Make a Complaint
If you're not satisfied with how we handle your personal data, you can complain to:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
Online: Make a complaint
Response Times: We aim to respond to all privacy-related inquiries within 5 working days, and formal data subject requests within one month as required by UK GDPR.
12. Changes to This Policy
We review this Privacy Policy regularly and may update it to reflect changes in our practices or legal requirements. Significant changes will be communicated by:
- Posting the updated policy on our website with a new "Last Updated" date
- Notifying customers via email if we have your contact details
- Displaying a notice on our website for significant changes
Current Version Information:
Last Updated: 27 September 2025
Version: 1.0
Next Review: September 2026
Stay Informed: We recommend checking this Privacy Policy periodically to stay informed about how we protect your personal information. Continued use of our services after updates indicates your acceptance of any changes.