Privacy notice

Who is responsible for your data

The construction site operator (the principal contractor or their appointed duty holder under CDM 2015) is the data controller for your check-in. SiteComply provides the software that records it on their behalf.

What we collect

• Your name and the company you work for.
• Your mobile number (used to verify it’s you by SMS code).
• Optionally, your CSCS card number, type and expiry where you choose to provide them.
• Your answers to the site induction and compliance checklist, and the date and time you check in and out.

We collect only what is needed to run a safe, compliant site. We do not use your details for marketing.

Why we can use it (lawful bases)

• Legal obligation — to meet health & safety and CDM 2015 duties, including knowing who is on site in an emergency.
• Consent — which you give at check-in, and can withdraw by asking the site administrator.

How long we keep it

We keep your check-in records only as long as needed for site safety and compliance, and to meet the operator’s legal record-keeping duties. After that they are deleted or anonymised.

Who we share it with

Your details are visible to the site’s authorised administrators. We use a UK/EU SMS provider to send your verification code. We do not sell your data.

Your rights

You have the right to:

• ask what personal data we hold about you and get a copy;
• have inaccurate details corrected;
• have your personal data erased (we may keep an anonymised record where we must retain proof of a safe induction);
• withdraw your consent.

To exercise any of these, speak to the site administrator, who can access or erase your personal data from the SiteComply dashboard. You can also complain to the Information Commissioner’s Office (ICO) at ico.org.uk.