Book Demo

Privacy Policy

How we collect, use and protect your personal data

Last updated: 4 January 2025

UKBPM ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

UKBPM is the data controller responsible for your personal data. Our registered office is in the United Kingdom.

Contact: For privacy enquiries, please contact us at info@ukbpm.co.uk or via our contact page.

2. Information We Collect

2.1 Information You Provide

  • Contact Information: Name, email address, phone number, company name, job title
  • Enquiry Information: Details provided when you contact us, request a consultation, or subscribe to updates
  • Career Applications: CV, cover letter, qualifications, employment history

2.2 Information We Collect Automatically

  • Website Usage: IP address, browser type, device information, pages visited, time spent on pages
  • Cookies: We use cookies to enhance your experience (see our Cookie Policy below)

3. Legal Basis and How We Use Your Data

We process your personal data based on the following legal grounds:

  • Consent: When you subscribe to our newsletter or marketing communications
  • Legitimate Interests: To respond to enquiries, improve our services, and protect our business interests
  • Contract Performance: To fulfil contractual obligations when you engage our services
  • Legal Obligation: To comply with legal and regulatory requirements

We use your data to:

  • Respond to your enquiries and provide information about our services
  • Process consultation bookings and service requests
  • Send you marketing communications (with your consent)
  • Improve our website and services
  • Comply with legal obligations

4. Email Communications and AWS SES

We use Amazon Web Services (AWS) Simple Email Service (SES) to send transactional emails. All emails are:

  • Transactional Only: Contact form submissions, consultation booking confirmations, and system notifications
  • User-Initiated: All emails are sent in response to actions you have taken on our website
  • Opt-In Only: We only send emails to users who have explicitly requested them
  • Secure Transmission: All emails are sent through AWS SES with proper authentication (DKIM/SPF)

4.1 Email Types We Send

  • Contact Form Confirmations: When you submit a contact form, we send a confirmation email
  • Consultation Bookings: Confirmation emails for consultation appointments
  • AI Chat Human Handoff: When you request human assistance via our AI chat, we notify our team
  • System Notifications: Important system alerts and account-related communications

4.2 Bounce and Complaint Handling

We have implemented automated processes to handle email bounces and complaints:

  • Bounced Emails: We automatically remove bounced email addresses from our system
  • Complaints: If you mark an email as spam or file a complaint, we immediately remove your email address
  • Monitoring: We monitor bounce and complaint rates to maintain high email deliverability
  • Compliance: We comply with AWS SES best practices and maintain bounce rates below 5% and complaint rates below 0.1%

4.3 Unsubscribe and Opt-Out

You can unsubscribe from marketing emails at any time:

  • Click the unsubscribe link in any marketing email
  • Contact us at info@ukbpm.co.uk with "Unsubscribe" in the subject line
  • Use our contact form to request removal

Note: Transactional emails (confirmations, bookings, system notifications) cannot be unsubscribed as they are essential for service delivery.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

  • Service Providers: Trusted third parties who assist us in operating our website and providing services:
    • AWS SES: For sending transactional emails (Amazon Web Services Simple Email Service)
    • EmailJS: For contact form submissions (when AWS SES is not available)
    • Hosting Providers: For website hosting and infrastructure
    • Analytics Providers: For website usage analysis (Google Analytics)
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Business Transfers: In the event of a merger, acquisition, or sale of assets

All third parties are required to maintain appropriate security measures and use your data only for specified purposes. AWS SES processes emails in compliance with AWS data protection standards and GDPR requirements.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, or resolve disputes.

  • Contact Form Data: Retained for 2 years or until you request deletion
  • Consultation Bookings: Retained for 3 years for business records
  • Email Addresses: Retained until you unsubscribe or request deletion
  • Bounced/Complained Emails: Removed immediately from our system
  • Marketing Data: Retained until you unsubscribe or withdraw consent

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at info@ukbpm.co.uk.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • Encryption: Data transmitted over the internet is encrypted using SSL/TLS
  • Secure Email: All emails are sent through AWS SES with DKIM and SPF authentication
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Updates: Security measures are regularly reviewed and updated
  • Incident Response: Procedures in place to respond to security incidents

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Cookies

Our website uses cookies to enhance functionality and analyse usage:

  • Essential Cookies: Necessary for the website to function (cannot be disabled)
  • Analytics Cookies: Help us understand how visitors use our website (Google Analytics)
  • Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Disabling cookies may affect website functionality.

10. International Transfers

Your data is processed within the UK and European Economic Area (EEA). When we use AWS SES, data may be processed in AWS data centres (primarily EU regions). AWS complies with GDPR and provides appropriate safeguards for data transfers. If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other approved transfer mechanisms

11. Children's Data

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at info@ukbpm.co.uk and we will delete such information.

12. Third-Party Services

12.1 AWS Simple Email Service (SES)

We use AWS SES for sending transactional emails. AWS SES:

  • Processes emails in compliance with GDPR
  • Uses secure transmission protocols
  • Implements email authentication (DKIM/SPF)
  • Monitors bounce and complaint rates
  • Complies with AWS data protection standards

For more information about AWS data protection, visit: AWS GDPR Compliance

12.2 Google Analytics

We use Google Analytics to understand website usage. Google Analytics:

  • Uses anonymised IP addresses
  • Does not collect personally identifiable information
  • Complies with GDPR through data processing agreements

You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates when changes were made. We encourage you to review this policy periodically. Material changes will be communicated via email or website notice.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us:

Email: info@ukbpm.co.uk
Website: Contact UKBPM

Ready to Transform Your Facilities Management?

Book a consultation to pressure test your current FM model and explore how UKBPM's proprietary frameworks, AI-powered intelligence, and integrated delivery model can transform your estate.

Book Consultation Compare FM Providers →

Or explore our frameworks and tools: