Privacy policy

Last updated: April 05, 2025

Site Steps is committed to protecting and respecting the privacy of our users and their data. This privacy notice explains how we collect, use, and protect personal data through our app and related services, and outlines your rights under the UK General Data Protection Regulation (UK GDPR).

Any information you provide will be used solely to deliver the services you request and for essential administrative and operational purposes. Your data will not be shared with other users or third parties except where necessary to provide the service or where required by law.

How Do We Collect Information?

We collect information when you:

  • Register to use the Site Steps app
  • Use the app to create reports, surveys, or project records
  • Contact us for support or enquiries
  • Visit our website or request a demo

Information is stored securely within our application databases and protected cloud infrastructure.

What Information Do We Collect?

We only collect personal data necessary to provide and improve the Site Steps service.

This may include:

  • Name
  • Company name and trading name
  • Business address
  • Telephone numbers
  • Email address
  • Job role or position
  • Project and site information entered into the app
  • Photos, notes, and documentation uploaded as part of reports
  • Billing and subscription details (where applicable)
  • Communications with our support team

We do not intentionally collect sensitive personal data, and Site Steps is intended for business use by individuals over the age of 18.

Why We Collect This Information

We use your information to:

  • Provide access to the Site Steps platform
  • Enable you to create, manage, and store reports and project data
  • Deliver customer support and respond to enquiries
  • Manage subscriptions and service communications
  • Improve the performance, usability, and security of the app
  • Maintain audit trails and system integrity
  • Comply with legal and regulatory obligations

We do not sell personal data or use it for unrelated marketing purposes.

Legal Basis for Processing Data

We process personal data under one or more of the following legal bases:

  • Contract – Processing is necessary to provide the Site Steps service you have signed up for
  • Legitimate Interests – To improve, secure, and maintain our platform in ways you would reasonably expect
  • Legal Obligation – Where we must comply with applicable laws or regulatory requirements
  • Consent – Where you have given clear permission for specific uses (such as optional communications)

Who Has Access to Your Information?

Access to personal data is limited to authorised Site Steps personnel who require it to operate, support, and improve the service.

We may share data with trusted third-party service providers who help us deliver the platform (such as cloud hosting or payment processors). These providers are required to meet strict data protection and security standards and may only process data according to our instructions.

We will only disclose information to authorities or regulators where legally required.

Data Storage and Security

We take appropriate technical and organisational measures to protect your data from unauthorised access, loss, misuse, or alteration. These measures include:

  • Secure cloud hosting environments
  • Encrypted data transmission
  • Password-protected systems and role-based access
  • Regular security updates and monitoring

Staff handling data are trained in data protection responsibilities, and we maintain procedures for managing and reporting data breaches.

Data Retention

We retain personal data only for as long as necessary to:

  • Provide the Site Steps service
  • Meet contractual and legal obligations
  • Maintain necessary business and audit records

If you close your account, we will securely delete or anonymise your data unless we are legally required to retain it.

Your Rights

Under data protection law, you have the right to:

  • Request access to the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data (where no legal obligation prevents this)
  • Restrict or object to certain types of processing
  • Request transfer of your data to another service provider
  • Withdraw consent where processing is based on consent

Requests may require proof of identity for security reasons.

Data Breaches

In the unlikely event of a data breach affecting personal data, we have procedures in place to:

  • Investigate and contain the issue promptly
  • Notify affected users where required
  • Report the breach to the Information Commissioner’s Office (ICO) within required timeframes where applicable

Complaints

If you have concerns about how we handle your personal data, please contact us first and we will aim to resolve the issue promptly.

You also have the right to lodge a complaint with the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our services or legal obligations. The latest version will always be available via our website or within the Site Steps app.