Privacy Policy

1. Who We Are

Kirby's Building & Property Maintenance Ltd is the data controller responsible for this website and for how your personal data is handled. This means we decide what data we collect and how it is used, and we are accountable for it under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

As a small business, we do not have a dedicated Data Protection Officer. However, any privacy-related questions or concerns can be directed to us using the contact details in section 13.

2. Personal Data We Collect

We collect only the information that is necessary to provide our services or run our business. This may include:

• •Name
• •Email address
• •Phone number
• •Property address related to the work requested
• •Job or project details you share with us
• •Communication history (emails, messages, call notes)
• •Invoice and payment records, where applicable
• •Technical data such as IP address or browser type when visiting our website

3. How We Collect Data

We collect personal information in the following ways:

• •When you contact us by email or phone
• •When you use our website contact form to request a quote or ask a question
• •When we carry out work for you and need to record job details
• •Through essential cookies that help the website function correctly
• •Through analytics cookies, but only if you give your consent via the cookie banner

4. Purpose of Processing

We use your personal data for the following purposes:

• •Responding to your enquiries
• •Preparing and sending quotes
• •Providing building and property maintenance services
• •Communicating with you about jobs, appointments, or ongoing work
• •Issuing invoices and processing payments
• •Maintaining financial records as required by HMRC
• •Improving the performance, security, and usability of our website

5. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

6. How We Store and Protect Your Data

We take reasonable steps to keep your data safe. This includes:

• •Data is held in secure email systems, business devices, and accounting systems
• •Only authorised personnel within the business have access to your information
• •We apply reasonable technical and organisational safeguards to prevent unauthorised access, loss, or misuse
• •We do not store more data than is necessary for the purpose it was collected

7. When We Share Data

We share your data only where necessary. This may include:

• •Subcontractors involved in delivering the work you have requested
• •Accountants or bookkeeping providers assisting with our finances
• •Invoicing or accounting software used to manage our records
• •IT or website hosting providers who support our systems
• •Legal authorities or regulatory bodies, where required by law

We never sell personal data.

8. How Long We Keep Data

We keep your data only for as long as is necessary:

• •Enquiries that did not lead to work: up to 24 months
• •Customer and job records: up to 6 years, as required for HMRC tax and accounting obligations

After these periods, data will be securely deleted or anonymised.

9. Cookies and Analytics

Essential cookies are used to make our website function properly. We also use analytics cookies only where you have given your consent. These analytics cookies help us understand how visitors use the website so we can improve it. You can change or withdraw your cookie preferences at any time by clicking "Cookie Settings" in the footer.

10. Your Data Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• •Right of access: You can request a copy of the personal data we hold about you.
• •Right to rectification: You can ask us to correct any inaccurate or incomplete data.
• •Right to erasure: You can ask us to delete your data in certain circumstances.
• •Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
• •Right to data portability: You can request your data in a portable format where applicable.
• •Right to object: You can object to us processing your data based on legitimate interests.
• •Right to withdraw consent: Where we rely on consent, you can withdraw it at any time.
• •Rights related to automated decision-making: We do not use any automated decision-making or profiling.

To exercise any of these rights, please contact us using the details in section 13. We will respond within one month, as required by UK GDPR.

11. Right to Complain

If you are unhappy with how we have handled your personal data, we encourage you to contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), which is the independent body responsible for data protection in the UK:

12. International Data Transfers

We do not intentionally transfer your personal data outside the United Kingdom. Our data is stored and processed within the UK or within services that operate under equivalent data protection standards. If this ever changes, we will update this policy accordingly.