Privacy Policy

---

Effective Date: May 2026
Company Name: ITSA (Independent Technical Site Assurance)
Contact Email: info@itsa-ltd.co.uk
Registered Address: ITSA Ltd, Clapham, MK41 6AY

1. Introduction

ITSA (“we”, “us”, “our”) provides independent Clerk of Works services, technical site assurance, inspection, and reporting across the UK. We are committed to protecting personal data and handling it in accordance with UK GDPR and the Data Protection Act 2018.

This policy explains how we collect, use, store, share, and protect personal data when delivering our services and operating our website.

2. Our Role in Data Protection

Depending on the engagement, ITSA may act as:

Data Controller – where we determine the purpose and means of processing (e.g. enquiries, business development, our website, and internal records)

Data Processor – where we process data on behalf of a client under instruction (e.g. project reporting within a client’s framework)

Where we act as a processor, we will process personal data strictly in accordance with the client’s documented instructions and applicable law.

3. Categories of Personal Data

We may process the following categories:

3.1 Identity and Contact Data

Names of client representatives, contractors, consultants, and site personnel

Job titles, employer organisations

Email addresses and telephone numbers

3.2 Technical and Usage Data

IP address, browser type, device identifiers

Website usage and interaction data

Cookie identifiers

3.3 Project and Site Data

Inspection reports, audit records, snagging lists

Site photographs, videos, and drone imagery

Drawings, specifications, and technical submissions

Records of non-compliance, defects, and safety issues

Site attendance logs and communication records

3.4 Subcontractor Data (Clerk of Works Network)

Professional credentials and qualifications

Contact details and availability

CVs and experience records

Assignment history and performance feedback

4. How We Collect Data

We collect data via:

Direct engagement with clients and project stakeholders

Site inspections and reporting activities

Subcontractor onboarding and management processes

Website forms and email correspondence

Automated technologies such as cookies and analytics tools

5. Purposes of Processing

We process personal data to:

Deliver Clerk of Works inspections and technical assurance services. Produce structured inspection reports and audit trails. Allocate and manage subcontracted Clerks of Works, Maintain quality assurance and consistency across projects. Manage contracts, billing, and commercial relationships. Respond to enquiries and develop business opportunities. Comply with legal, regulatory, and insurance requirements

6. Lawful Basis for Processing

Under UK GDPR, we rely on:

Contractual necessity – to deliver agreed services

Legitimate interests – to operate, manage subcontractors, and improve service delivery

Legal obligation – to comply with statutory duties and professional requirements

Consent – where required, including marketing communications

7. Subcontractors and Clerk of Works Network

ITSA operates a national network of subcontracted Clerks of Works. In this context:

Subcontractors may process personal data strictly for assigned project purposes

All subcontractors are subject to confidentiality obligations and data protection requirements

Data shared is limited to what is necessary for project delivery. Subcontractors must implement appropriate security measures. Where required, subcontractors act as sub-processors under formal agreements

We conduct due diligence to ensure subcontractors maintain professional and data protection standards.

8. Confidential Project Data and Reporting

Our work often involves commercially sensitive and high risk construction data, including:

Fire safety compliance and compartmentation

Structural defects and quality failures

Regulatory breaches and non-conformance. We apply strict governance: Data is collected solely for defined contractual purposes. Reports are distributed only to authorised stakeholders

Access is controlled and auditable. Sensitive findings are handled with strict professional confidentiality. No project data is published or reused without explicit written consent

9. Data Sharing

We do not sell personal data.

We may share data with:

Clients and authorised project stakeholders

Subcontracted Clerks of Works assigned to projects

Professional advisers (legal, financial, insurance)

IT providers including secure cloud storage platforms

Regulators or authorities where legally required

All third parties are required to maintain confidentiality and data security.

10. International Data Transfers

Where data is processed outside the UK, we ensure appropriate safeguards such as:

Adequacy decisions

Standard contractual clauses

11. Data Retention

We retain data in line with legal and commercial requirements:

Project and inspection data: typically 6 to 12 years (aligned with limitation periods and professional indemnity insurance)

Subcontractor records: duration of engagement plus up to 6 years

Enquiries: up to 12 months

Marketing data: until consent is withdrawn

12. Data Security

We implement appropriate technical and organisational measures, including:

Secure cloud based storage systems

Role based access controls

Controlled distribution of reports

Encryption where appropriate

Secure handling of photographic and drone data

Regular review of data protection practices

13. Cookies and Website Tracking

Our website may use cookies and analytics tools to:

Monitor performance and usage

Improve user experience

Users can manage cookie preferences through browser settings and consent mechanisms where applicable.

14. Your Rights

Under UK data protection law, individuals have the right to:

Access their personal data

Request correction or completion

Request erasure

Restrict or object to processing

Request data portability

Requests should be submitted to info@itsa-ltd.co.uk

Individuals also have the right to lodge a complaint with the Information Commissioner’s Office.

15. Third Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices.

16. Changes to This Policy

We may update this policy periodically. The latest version will always be available on our website.

17. Contact Details

For all data protection and privacy enquiries:

Email: info@itsa-ltd.co.uk
Address: ITSA Ltd, Clapham, MK41 6AY