top of page

/ Privacy Policy /

Last updated: 22 September 2025

This Privacy Policy explains how the Alexander James Group of companies ("we", "our", "us") collect, use, store, and protect personal information. It applies to the following companies (each a separate data controller):

  • Alexander James Group Ltd (Company no. 15062411)

  • Alexander James Contracts Ltd (Company no. 07943890)

  • Alexander James Facades Ltd (Company no. 13938419)

  • Alexander James Utilities Ltd (Company no. 15626357)

  • Total Construction Ltd (Company no. 03846247)

Registered office (group correspondence): Suite D, Tower House, Latimer Park Farm, Little Chalfont, Buckinghamshire, England, HP5 1TU

Contact: info@alexanderjamesltd.co.uk

We are committed to handling personal information in a fair, lawful, and transparent way and to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

​

1) Scope

This notice covers personal information processed through our websites, social media channels, contact forms, emails, phone lines, construction project sites we control, our offices and events, supplier and subcontractor onboarding, recruitment and job applications, and day‑to‑day business operations in the UK. Where one of our companies is not the controller (for example, where a client is the controller for a project‑specific system), we will act as a processor in line with our contract with that client.

2) Who is the controller?

Each company listed above is a separate data controller for the personal information it determines the purposes and means of processing. Where two or more of our companies jointly determine purposes (e.g., group marketing), they may be joint controllers and will make the essence of the arrangement available on request. For central enquiries and to exercise your rights, please use info@alexanderjamesltd.co.uk.

3) What information we collect

We collect the following categories of personal information (depending on your relationship with us):

a) Contact & identity details

Name, job title, employer/organisation, email, phone, postal address, project reference, enquiry details; identity documents where necessary for site access, right‑to‑work checks for applicants/employees (handled under a separate HR privacy notice).

b) Business & project information

Correspondence, proposals, specifications, project/site records, method statements, permits‑to‑work, toolbox talk registers, RAMS acknowledgements, delivery notes, progress photographs (which may incidentally include people), and stakeholder contact lists.

c) Health & safety / incident data

Accident/incident reports, near‑miss reports, RIDDOR‑related information, emergency contact details, medical/health information shared with us for welfare or safety reasons (e.g., allergy information for site inductions), and site induction test results.

d) Website & device data

IP address, device and browser type, referrer, pages visited, time on page, interaction data, cookie identifiers, and error logs. See our Cookie Policy.

e) Marketing & communications

Your marketing preferences and records of opt‑in/opt‑out, event RSVPs, and interactions with our campaigns.

f) Supplier & subcontractor due diligence

Contact and business details; insurance certificates; accreditations; training records (e.g., CSCS, NRSWA); references; bank details for payments; and, where proportionate, basic background screening/credit checks (trade credit only).

g) Recruitment & job applications

CVs, cover letters, interview notes, qualifications, right‑to‑work documentation, and referees’ contact details.

h) CCTV and site security systems

Images and video from CCTV at our offices or sites we control, access control logs, visitor sign‑in records, and (if used) ANPR at compound gates.

We do not intentionally collect children’s data via our websites or marketing. If you believe a child has provided personal data to us online, please contact us to delete it.

4) Special category data

We do not seek to collect special category data. However, we may process it where necessary and lawful, for example:

  • Health data to ensure site safety/welfare, first‑aid response, or to record incidents (legal obligation; health & safety; vital interests; legal claims).

  • Equality information supplied voluntarily for monitoring, where aggregated or processed under an appropriate policy document and/or with your consent.

5) How we collect information

  • Directly from you (web forms, email, phone, business cards, meetings, site inductions, training, events, surveys, tendering and contracting processes).

  • Automatically via our websites and systems (cookies, analytics, logs, security and access control systems).

  • From third parties (clients, main contractors, subcontractors, referees, recruitment agencies, accrediting bodies, credit reference agencies, public sources such as Companies House and professional registers).

6) Why we use your information (purposes)

  • To respond to enquiries and provide quotations.

  • To tender for, plan, deliver, and manage construction projects and after‑care.

  • To manage supplier and subcontractor relationships and payments.

  • To operate and improve our websites, IT, and security systems.

  • To manage health, safety and environmental obligations, including incident response and statutory reporting.

  • To protect our people, property, and information through access control and CCTV.

  • To send service updates and marketing communications (with consent or as otherwise permitted by law) and to run events.

  • To comply with legal and regulatory obligations (e.g., tax, insurance, audit, RIDDOR, CDM, financial record‑keeping).

  • To recruit, assess, and onboard staff (note: employee data is covered by a separate HR privacy notice).

7) Lawful bases for processing

Depending on the activity, we rely on one or more of the following:

  • Contract – to perform a contract with you or take steps at your request before entering into a contract.

  • Consent – for specific activities (e.g., email marketing where required by PECR) or where you choose to provide certain information.

  • Legitimate interests – to operate our business efficiently and securely in ways that do not override your rights (e.g., network security, project administration, basic supplier due diligence, business development, website analytics, and client reporting).

  • Legal obligation – to meet obligations under tax, accounting, employment, health & safety, and construction legislation (including RIDDOR/CDM).

  • Vital interests – to protect life in emergencies.

  • Legal claims – to establish, exercise, or defend legal claims.

When we rely on legitimate interests, we consider the balance between our interests and your rights and implement safeguards. You can object to processing based on legitimate interests (see Your Rights).

8) Sharing your information

We share personal information with trusted recipients, under contract, on a need‑to‑know basis:

  • IT & hosting providers (e.g., website hosting by Wix.com; email/office, backup, and cybersecurity providers; project management and file‑sharing platforms).

  • Professional advisers (lawyers, auditors, accountants, insurers, insurance brokers).

  • Project delivery partners (clients, principal contractors, subcontractors, suppliers, consultants) where needed for site access, coordination, and compliance.

  • Payment services & banking (to process invoices and payments).

  • Regulators and authorities (HSE, HMRC, police) where required by law, or to protect rights, safety, and security.

  • Group companies listed in this policy, for central administration and where joint activities are undertaken.

We do not sell personal data. If we restructure or transfer parts of the business, personal data may be shared as part of the transaction in accordance with data protection law.

International transfers. Some providers may store/process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place (e.g., UK adequacy regulations, the UK International Data Transfer Agreement or Addendum, or standard contractual clauses with supplementary measures, as applicable).

9) How we protect your information (security)

We use appropriate technical and organisational measures to protect personal data, including access controls and authentication, encryption in transit where appropriate, network monitoring, firewalls, secure configurations, staff training, and policies and procedures for incident response and data protection. While no system is completely secure, we aim to reduce risks to an acceptable level and review controls periodically.

10) Data retention

We only keep personal data for as long as necessary for the purposes collected. Typical retention periods (unless a longer period is required for legal claims or by law):

  • General enquiries: up to 2 years after last interaction.

  • Contracts, project and financial records: 7 years from the financial year end.

  • Health & safety / incident records (including RIDDOR): 3–7 years (or longer where required by law and for high‑risk incidents).

  • CCTV: typically 30–90 days, unless footage is required for an investigation.

  • Supplier and subcontractor records: duration of engagement + 7 years.

  • Recruitment (unsuccessful): 6 months – 1 year from decision; right‑to‑work copies retained in line with legal requirements.

  • Marketing lists and preferences: until you unsubscribe/opt out or the data becomes inactive.

We apply secure deletion/anonymisation at the end of the retention period.

11) Cookies and similar technologies

Our websites use cookies and similar technologies to: (i) enable core functionality, (ii) measure performance and improve the site, and (iii) personalise communications where applicable. A consent banner lets you manage non‑essential cookies. For details of cookie types, purposes, and providers (including Wix and analytics tools), please see our Cookie Policy. You can change your preferences at any time via the banner or your browser settings. Disabling certain cookies may affect site functionality.

12) Your rights

You have the following rights under UK data protection law, subject to conditions and exemptions:

  • Access – obtain a copy of your personal data and information about how we process it.

  • Rectification – ask us to correct inaccurate or incomplete data.

  • Erasure – ask us to delete your data where it is no longer needed or where you withdraw consent (where consent is relied on).

  • Restriction – ask us to limit processing in certain circumstances.

  • Portability – receive data you provided to us in a structured, commonly used format where processing is based on consent/contract and carried out by automated means.

  • Object – object to processing based on our legitimate interests (including profiling) and to direct marketing at any time.

  • Withdraw consent – where processing is based on consent, you can withdraw it at any time.

To exercise your rights, email info@alexanderjamesltd.co.uk. We may need to verify your identity. We aim to respond within one month. If requests are complex or numerous, we may extend by up to two further months and will let you know.

13) Marketing communications

Where required by PECR, we send electronic marketing only with your consent (or to existing business contacts under the ‘soft opt‑in’, where permitted). You can unsubscribe at any time using the link in our emails or by contacting us. We maintain suppression lists to respect your opt‑out choices.

14) CCTV and site access

CCTV may operate at our offices or at sites we control for safety and security. Signage is displayed where practicable. Footage is viewed only by authorised personnel or service providers and shared with authorities where required by law or for incident investigation.

15) Links and third‑party sites

Our websites may contain links to third‑party sites and services. Those sites have their own privacy policies; we are not responsible for their content or practices.

16) Automated decision‑making / profiling

We do not conduct automated decision‑making that produces legal or similarly significant effects. We may use basic segmentation to tailor communications and measure campaign performance. You can object to marketing profiling at any time.

17) Data protection governance

We operate policies and procedures for data protection, information security, incident/breach response, retention, and supplier due diligence. We review high‑risk processing using DPIAs and document legitimate interest assessments where appropriate. For special category data processed in the course of employment or health & safety, we maintain an appropriate policy document; Email: info@alexanderjamesltd.co.uk

18) International users

Our services are intended primarily for the UK. If you access our websites from outside the UK, you do so at your own initiative and are responsible for compliance with local laws.

19) Complaints

Please contact us first if you have concerns about how we handle your data: info@alexanderjamesltd.co.uk. You also have the right to complain to the Information Commissioner’s Office (ICO): ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

20) Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our websites and will show the date of the most recent update.

​

Schedule C — How to exercise your rights (process)

  1. Email info@alexanderjamesltd.co.uk with your request and describe the data you’re seeking.

  2. We will acknowledge receipt, verify your identity where needed, and confirm the scope.

  3. We will respond within one month (extendable by up to two further months for complex requests). If we decline an unfounded or excessive request, we will explain why and inform you of your right to complain to the ICO.

Cookie Policy (summary)

We use essential cookies to make the site work and optional analytics/advertising cookies to understand performance and improve communications. On your first visit, a banner lets you accept, reject, or set preferences for non‑essential cookies. You can change your choice at any time via the banner or your browser settings. A detailed Cookie Policy listing each cookie, provider, purpose, and lifespan is available.

Questions? Email info@alexanderjamesltd.co.uk.

​

Cookie Policy

Last updated: 22 September 2025

This Cookie Policy explains how the Alexander James Group of companies (“we”, “our”, “us”) use cookies and similar technologies on our websites. It applies to the following companies:

  • Alexander James Group Ltd

  • Alexander James Contracts Ltd

  • Alexander James Facades Ltd

  • Alexander James Utilities Ltd

  • Total Construction Ltd

Our websites are hosted by Wix.com. Wix and other providers may use cookies and similar technologies to provide, secure, and improve our websites and to deliver analytics and other services.

1) What are cookies?

Cookies are small text files placed on your device when you visit a website. They help sites function, improve performance, and provide information to site owners. Some cookies are essential; others are optional and used for analytics, personalisation, or marketing.

We also use similar technologies such as pixels, tags, and scripts which work in the same way as cookies.

2) Types of cookies we use

a) Strictly necessary cookies

These cookies are essential for the website to function (e.g., security, load balancing, remembering cookie choices). They cannot be turned off in our systems.

b) Performance and analytics cookies

These cookies collect information about how visitors use our sites, such as which pages are most popular, how long people spend on site, and error messages. We use this to improve performance. For example:

  • Google Analytics – to understand visitor behaviour and traffic sources.

c) Functional cookies

These cookies allow the website to provide enhanced features and personalisation (e.g., remembering preferences). They may be set by us or by third‑party providers.

d) Marketing and advertising cookies (if applicable)

These cookies may be set by advertising partners to build a profile of your interests and show you relevant adverts on other sites. We do not currently run targeted advertising, but Wix or integrated third parties may use these technologies.

3) Consent and control

On your first visit, our cookie banner allows you to accept all cookies, reject non‑essential cookies, or manage preferences. You can change your choice at any time:

  • By revisiting the banner via the site footer link.

  • By adjusting your browser settings to block or delete cookies.

Please note: blocking some cookies may impact site functionality.

4) Third‑party cookies

Some cookies may be set by third‑party services integrated into our sites (e.g., Google, social media platforms, embedded content providers). We have no direct control over these. You should check their privacy/cookie policies for details.

5) Changes to this policy

We may update this Cookie Policy from time to time. Updates will be published on our websites with the date shown above.

​

Cookie Policy
bottom of page