top of page

Privacy Policy – Glow Building Consultancy Limited

Introduction

Glow Building Consultancy Limited (“we”, “us” or “our”) is committed to protecting your personal data and respecting your privacy. This privacy policy explains how we collect, use, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable privacy laws.

​

Who We Are

Glow Building Consultancy Limited is a UK-based consultancy specialising in building services and compliance.

Registered Address: 7 Bell Yard
Email: info@glowbc.co.uk
Telephone: +44 20 3633 9983

For any privacy-related queries, you can contact us via the email or postal address above.

​

What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Names and contact details

  • Addresses

  • Purchase or account history

  • Health and safety information

  • Account information

  • Website user information (including user journeys and cookie tracking)

  • Photographs or video recordings (including CCTV, if relevant to service delivery)

  • Records of meetings and decisions

  • Information relating to compliments or complaints
     

Purposes of Processing

We collect and use personal information for the following purposes:

  • To provide goods and services

  • To manage and fulfil contracts or service instructions

  • To maintain customer service and handle enquiries or feedback

  • To comply with legal obligations

  • To manage customer relationships and deliver service updates or marketing communications
     

Lawful Bases for Processing

We process your personal data on the following lawful bases:

  • Contract: Where processing is necessary to fulfil a contract or to take steps prior to entering a contract.

  • Legitimate Interests: Where we have a legitimate reason to process data which is not overridden by your rights – such as understanding client requirements, maintaining service quality, and managing professional relationships.

  • Legal Obligation: To comply with legal and regulatory requirements.
     

Legitimate Interests Assessment

Where we rely on legitimate interests, we have conducted a balancing test to ensure our processing is necessary and proportionate. For example, we may retain records of instructions or correspondence to meet client expectations and regulatory best practices, without being unduly intrusive.
 

Where We Get Your Data From

We collect personal data:

  • Directly from individuals through forms, email, post, or phone

  • Through website analytics (e.g. Google Analytics)

  • From publicly available sources (e.g. Companies House)
     

Sub-Processors and Third Parties

We use the following systems and organisations to process and manage personal data:

  • Wix – Website contact forms and content management

  • Xero – Accounting and financial management

  • Google Analytics – Website usage analytics

  • Insurance Providers – Where required to manage risk and coverage

  • Professional Advisors – Legal and compliance consultants

  • Regulatory Authorities – Where legally required

  • Auditors and Inspectors – As part of due diligence and compliance checks
     

Data Retention

Personal data is only retained for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, and professional obligations. We generally retain data for up to 6 years, in line with standard business practice, unless required to keep it longer due to legal obligations.
 

International Data Transfers

While we do not routinely transfer personal data outside of the UK, some sub-processors (e.g. Wix and Google) may store data internationally. Where international transfers take place, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place to protect personal information.
 

Data Security

We take data protection seriously and have implemented robust measures, including:

  • Encryption for data at rest and in transit

  • Multi-Factor Authentication (MFA) for access to key systems

  • Role-based Access Controls to limit data access to authorised personnel only

  • Regular security audits and system reviews
     

Your Rights

You have the right to:

  • Access the personal data we hold about you

  • Request rectification or deletion of your data

  • Object to or restrict certain processing activities

  • Withdraw consent for marketing at any time

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

 

How to Complain to the ICO

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection and privacy rights.

You can contact the ICO using the following details:

  • Website: www.ico.org.uk

  • Telephone: 0303 123 1113

  • Address:

  • Information Commissioner's Office

  • Wycliffe House

  • Water Lane

  • Wilmslow

  • Cheshire

  • SK9 5AF


We encourage you to contact us first so we can try to resolve your concern directly before contacting the ICO.
 

bottom of page