Tower Compliance Services

Who we are

We are Tower Compliance Services (Company No. 16608219), providing accreditation support to UK contractors (e.g., CHAS, Constructionline, SafeContractor, SSIP/SMAS).

Data Controller: Tower Compliance Services, Registered office:
14/2E Docklands Business Centre, 10–16 Tiller Road, London, E14 8PX.

Contact: info@towercompliance.co.uk • Website: www.towercompliance.co.uk

This notice explains what personal data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

Data we collect How we use it Lawful bases Sharing Retention Cookies Your rights Contact & complaints

Data we collect

  • Identity & contact — name, business name, role, email, postal address, billing details.
  • Accreditation materials — policies, RAMS, training/competence records, insurance evidence, and other documents supplied for applications/renewals. These may include details of your staff (e.g., qualifications/competence).
  • Communications — emails, call notes, and messages.
  • Website & device data — IP address, pages viewed, and cookie identifiers (see Cookies).
  • Payment records — invoices and transaction references (no card data stored by us; any online payments use our payment provider’s secure systems).

Special category data: we do not seek to collect sensitive data. If you choose to provide it within accreditation evidence, we process it only under your instructions and with appropriate safeguards.

How we use your data

  • Provide services — to scope requirements, prepare documentation, submit applications, and manage renewals.
  • Operate our website & business — troubleshooting, analytics, and service improvement.
  • Customer support — to respond to enquiries and provide updates on your projects.
  • Legal, compliance & accounting — to meet tax, regulatory and record-keeping obligations.
  • Marketing — with your consent (e.g., newsletters) or where our legitimate interests apply. You can opt out at any time.

Our lawful bases

  • Contract — processing necessary to deliver our services or take steps at your request before entering a contract.
  • Legitimate interests — running and improving our services, protecting our business, and communicating with existing clients and prospects in a proportionate way.
  • Consent — for optional marketing and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation — where laws require certain records (e.g., tax/audit).

Who we share data with

We only share what’s necessary, with:

  • Accreditation bodies — e.g., CHAS, Constructionline, SafeContractor, SSIP/SMAS — to submit or maintain your applications.
  • Service providers — secure hosting, email, file storage, analytics, and accounting tools that process data on our behalf under contracts.
  • Professional advisers — accountants, insurers, legal advisers, where necessary.
  • Authorities — if required by law or to protect legal rights.

Some providers may be outside the UK/EEA; where so, we rely on appropriate safeguards (e.g., ICO-approved International Data Transfer Agreement or EU Standard Contractual Clauses).

How long we keep data

We retain personal data only as long as needed for the purposes set out above, and to meet legal/accounting requirements. Typical retention periods:

DataTypical retention
Client project files (accreditation documents, correspondence)For the duration of the contract plus up to 6 years (limitation/tax).
Prospect enquiries12–24 months from last interaction.
Invoices & financial recordsAt least 6 years from end of financial year.
Website analyticsAs per tool configuration (typically 14–26 months).

We may retain data longer if required by law or to establish, exercise, or defend legal claims. You can request deletion where we’re not required to keep it.

Cookies & similar technologies

Our site uses essential cookies to function and, with your consent, analytics/marketing cookies to understand site usage and improve our content. You can change your preferences via our cookie banner or your browser settings.

Manage cookie settings Contact us

Your rights

Under UK GDPR you have the right to request access, correction, deletion, restriction, portability, and to object to certain processing (including direct marketing). Where we rely on consent, you can withdraw it at any time.

To exercise your rights, email info@towercompliance.co.uk. We will respond within one month.

Security

We use reasonable technical and organisational measures to protect personal data, including role-based access, secure storage, and encryption in transit where appropriate. No method is 100% secure; please take care when sending documents and request a secure link if needed.

Children

Our services are directed at businesses. We do not knowingly collect children’s data.

Changes to this policy

We may update this policy from time to time. We’ll post the new version here and update the “Last updated” date above.

Contact & complaints

Email: info@towercompliance.co.uk

Address: 14/2E Docklands Business Centre, 10–16 Tiller Road, London, E14 8PX

If you’re unhappy with how we handle your data, please contact us first. You also have the right to complain to the ICO: ico.org.uk/make-a-complaint.