Privacy Policy

Last updated: 23 April 2026. UKBPM Limited is committed to protecting your personal data in accordance with UK GDPR and the Data Protection Act 2018.

1. Who We Are

UKBPM Limited is the data controller for personal data collected through this website and in connection with our facilities maintenance management services.

UKBPM Limited
Company registration: 16245788
Registered office: 124 City Road, London, England, EC1V 2NX
Email: info@ukbpm.co.uk
Telephone: 0203 693 3824
ICO Registration No.: ZC132400

This Privacy Policy applies to personal data collected via this website (www.ukbpm.co.uk), by telephone, and by email when you contact us or engage our services.

2. What Personal Data We Collect

2.1 Website contact form

When you submit an enquiry through our contact form, we collect:

  • Full name
  • Email address
  • Company or organisation name (where provided)
  • Job title or role (where provided)
  • Telephone number (where provided)
  • The content of your enquiry
  • Whether you have consented to receive marketing communications

We use this data solely to respond to your enquiry and, where you have separately consented, to send you information about our services.

2.2 Telephone enquiries

When you telephone us, the caller's name, telephone number, and the substance of the enquiry may be noted and stored in our email system (Microsoft 365) for the purpose of handling the enquiry.

2.3 Automatic data

If you accept analytics cookies, our website may collect your IP address, browser type, pages visited, and time of visit via Google Analytics 4 (GA4). This data is not linked to your name unless you have separately provided it. Analytics cookies are only set after you have given explicit consent via our cookie banner. See Section 4 for details.

3. Third-Party Telephone Answering Service

UKBPM Limited uses a third-party telephone answering service to handle incoming calls on our behalf. This service acts as a data processor under UK GDPR Article 28. When you call us and your call is answered by this service, the operator may record your name, telephone number, and the nature of your enquiry, and will transmit this to us by email.

We have a Data Processing Agreement (DPA) in place with this provider. The provider is instructed to process your data only on our instructions, maintain appropriate security measures, and not to use your data for any other purpose.

You are not required to provide personal data to the telephone answering service — you may choose to call back at a time when UKBPM staff are directly available, or contact us by email using info@ukbpm.co.uk.

4. Analytics (Google Analytics 4)

We use Google Analytics 4 (GA4) to understand how visitors use this website. GA4 uses cookies to collect information about your visit, including pages viewed, time spent, and approximate location (country/city level).

We only activate GA4 tracking after you have explicitly accepted analytics cookies via our cookie banner. If you decline, GA4 operates in consent-denied mode — no tracking cookies are set and no personal data is collected. You may withdraw consent at any time by clicking "Cookie settings" in the footer or visiting our Cookie Policy.

GA4 data is processed by Google LLC under the EU-US Data Privacy Framework and Google's data processing terms. For more information, see Google's Privacy Policy.

5. Lawful Basis for Processing

PurposeLawful basis
Responding to website enquiriesLegitimate interests (Article 6(1)(f)) — responding to a business enquiry is a legitimate interest that does not override your rights
Responding to telephone enquiriesLegitimate interests (Article 6(1)(f))
Marketing communications (service updates, insights)Consent (Article 6(1)(a)) — only where you have ticked the optional marketing consent box
Analytics (GA4)Consent (Article 6(1)(a)) under PECR — only where you have accepted analytics cookies
Service delivery (client contracts)Contract performance (Article 6(1)(b))
Statutory compliance recordsLegal obligation (Article 6(1)(c))
Contractor data (payment, H&S, statutory records)Contract performance (Article 6(1)(b)) and Legal obligation (Article 6(1)(c))

6. How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purpose for which it was collected, and in accordance with our legal obligations. Our full retention schedule is published on our Data Retention Policy page. Key periods:

  • Website enquiries (not converted to a client): 12 months
  • Client data: 6 years after last contact
  • Contractor data: 6 years after relationship ends; invoices 7 years (HMRC)
  • Statutory maintenance records: as required by law (e.g. gas safety 2 years; asbestos life of building)

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you (Subject Access Request).
  • Right to rectification: You may ask us to correct inaccurate data.
  • Right to erasure: In certain circumstances, you may ask us to delete your data ("right to be forgotten").
  • Right to restrict processing: You may ask us to pause processing of your data in certain circumstances.
  • Right to data portability: Where processing is based on consent or contract, you may request your data in a portable format.
  • Right to object: You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, email privacy@ukbpm.co.uk with "Data Request" in the subject line. We will respond within 30 days.

8. Who We Share Your Data With

We do not sell your personal data. We do not share it with third parties for their own marketing purposes. We share data only:

  • Telephone answering service: As described in Section 3 — a data processor acting on our instructions under a DPA.
  • Microsoft 365 / OneDrive: Your enquiry data is stored within our Microsoft 365 tenancy (Microsoft acts as a data processor under appropriate data processing terms).
  • Google Analytics: Where you have consented to analytics cookies — see Section 4.
  • Legal obligation: We may disclose data to comply with a legal obligation, court order, or to protect the rights and safety of others.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include: password-protected systems, encrypted email and storage (Microsoft 365), access controls, and staff awareness of data protection obligations.

No transmission of data over the internet is completely secure. If you have concerns about the security of your data, contact us at info@ukbpm.co.uk.

10. Children

Our services are directed at businesses and adults. We do not knowingly collect personal data from anyone under 18 years of age. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated via a notice on our website. We encourage you to review this policy periodically.

12. How to Complain

If you are unhappy with how we have handled your personal data, please contact us first at info@ukbpm.co.uk. We will do our best to resolve your concern.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

13. Contact Us

For any questions about this Privacy Policy or to exercise your data rights:

UKBPM Limited
Data enquiries: privacy@ukbpm.co.uk
Telephone: 0203 693 3824
Registered office: 124 City Road, London, England, EC1V 2NX