UK GDPR statement

Made For Builders acts as the data controller for the personal data collected through madeforbuilders.com and our commercial relationships. We apply the accountability principle of Article 5(2) UK GDPR: we document our processing activities and can demonstrate compliance on request. Full identifying details of the controller are available through the contact page.

Every processing activity rests on one of the Article 6 lawful bases:

• Contract (Art. 6(1)(b)): answering enquiries, preparing proposals, delivering and billing services.
• Legitimate interests (Art. 6(1)(f)): improving the site with aggregated, cookieless metrics — assessed against your rights.
• Consent (Art. 6(1)(a)): marketing communications, only if you opt in, withdrawable at any time.
• Legal obligation (Art. 6(1)(c)): keeping billing records for the periods required by UK tax law.

We collect only what we need: contact details you give us in forms (name, email, phone, company, message) and aggregated technical metrics. We do not collect special category data, we do not profile you, and we do not use third-party tracking cookies.

The UK GDPR gives you these rights, exercisable free of charge through our contact page:

• Right of access (Art. 15): a copy of your data and how we use it.
• Right to rectification (Art. 16): correction of inaccurate data.
• Right to erasure (Art. 17): deletion when there is no overriding reason to keep it.
• Right to restriction (Art. 18): pausing processing while a dispute is resolved.
• Right to portability (Art. 20): your data in a structured, machine-readable format.
• Right to object (Art. 21): to processing based on legitimate interests and to direct marketing.

We answer data subject requests within one calendar month. For complex requests we may extend by up to two further months, and we will tell you within the first month and explain why.

Some of our suppliers (for example, Vercel for hosting) may process data outside the UK. Transfers rely on UK adequacy regulations or appropriate safeguards: the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU standard contractual clauses.

We apply technical and organisational measures proportional to the risk: TLS encryption in transit, role-based access, and suppliers with recognised security certifications. If a breach is likely to risk your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as Articles 33 and 34 require.

If you believe we have mishandled your personal data, contact us first — most issues are resolved quickly. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.