Privacy Policy – LMDEC Ltd Builders

LMDEC Ltd (referred to as “we”, “us”, or “our”) is committed to protecting your privacy and ensuring the responsible handling of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website (www.lmdec.co.uk), engage our building, renovation, or related services, or interact with us in any manner. We comply with all applicable UK data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications Regulations 2003 (PECR) as amended, and the Data (Use and Access) Act 2025 (DUAA).

By using our website, services, or providing your personal data to us, you consent to the practices described in this Policy. If you do not agree, please refrain from using our website or services. This Policy does not create any contractual rights enforceable by third parties and is subject to change as outlined below.

Effective Date: 17 January 2026

1. Information We Collect

We collect and process the following categories of information:

1.1 Personal Data

  • Identifiable information such as your name, contact details (email address, phone number, postal address), job title (for business clients), and payment details (e.g., bank or card information for transactions).
  • Project-related details, such as property addresses or specifications provided during consultations or contracts.

1.2 Non-Personal Data

  • Usage data is collected automatically via cookies, analytics tools (e.g., Google Analytics), IP addresses, browser type, device information, and navigation patterns.
  • Aggregated or anonymised data that does not identify individuals.

1.3 Special Category Data

We do not routinely collect special category personal data (e.g., health, racial or ethnic origin, political opinions, or biometric data). If such data is inadvertently provided or necessary for a project (e.g., accessibility modifications), it will only be processed with your explicit consent or where legally required, and subject to enhanced safeguards.

1.4 Data from Third Parties

We may receive data from trusted third parties, such as subcontractors, suppliers, or regulatory bodies (e.g., local councils for planning permissions), but only where essential for service delivery, contractual fulfilment, or legal compliance.

We do not collect data from children under 16 without verifiable parental consent, and our services are not directed at children.

2. How We Collect Your Information

  • Directly from you: Via website forms, quote requests, emails, phone calls, contracts, or in-person interactions.
  • Automatically: Through cookies, tracking technologies, and server logs when you access our site.
  • From third parties: As needed for projects (e.g., from architects or material suppliers) or compliance (e.g., from credit reference agencies for payment verification).

3. How We Use Your Information

We use your data for the following purposes:

  • To deliver and manage our services, including project planning, execution, invoicing, and aftercare.
  • To process payments and manage accounts.
  • To communicate with you, including responding to enquiries, providing updates, and (with consent) sending marketing materials.
  • To improve our website, services, and operations through analytics and feedback.
  • For security, fraud prevention, and dispute resolution.
  • For ADM in limited cases (e.g., automated quote generation based on non-special category data), subject to safeguards as per DUAA amendments.
  • For research and development, such as anonymised trend analysis in the building sector.

We limit use to the purposes for which data was collected, unless we obtain your consent for new uses or it falls under a recognised legitimate interest (as introduced by the DUAA).

We rely on the following legal bases under UK GDPR and DUAA:

  • Contractual necessity: To perform contracts with you (e.g., delivering renovation services).
  • Legitimate interests: For business efficiency, such as website analytics, direct marketing to existing clients (soft opt-in under PECR), fraud detection, or recognised legitimate interests like public safety in construction.
  • Consent: For non-essential marketing, cookies beyond essentials, or special category data processing.
  • Legal obligation: For compliance with laws (e.g., tax reporting, health and safety regulations).
  • Vital interests: In emergencies (e.g., sharing data for site safety).

We conduct legitimate interest assessments where required and balance them against your rights.

5. Automated Decision-Making (ADM)

Under DUAA reforms effective January 2026, we may use ADM for non-special category data where it has legal or significant effects (e.g., automated eligibility checks for quotes). You have the right to request human review, express your views, or contest decisions. We do not use ADM for special category data without explicit consent.

6. Data Sharing and Third Parties

We share data only as necessary:

  • With service providers (e.g., payment processors such as Stripe and IT hosts).
  • Subcontractors and suppliers for project fulfilment.
  • Professional advisors (e.g., accountants, lawyers) for business operations.
  • Regulatory authorities (e.g., HMRC, ICO) or law enforcement when legally required.

All recipients are bound by contracts ensuring UK GDPR compliance, including data processing agreements. We do not sell, rent, or trade your data. In mergers or acquisitions, data may be transferred as a business asset, subject to equivalent protections.

7. International Data Transfers

Data is primarily processed in the UK or the EU. For transfers outside (e.g., to international suppliers), we use safeguards such as UK adequacy regulations, Standard Contractual Clauses (updated per the DUAA and EU-UK adequacy renewal), or binding corporate rules. We assess transfer risks in accordance with ICO guidance.

8. Data Security

We implement industry-standard measures:

  • Encryption for transmission (e.g., HTTPS) and storage.
  • Access controls, firewalls, and multi-factor authentication.
  • Regular security audits, vulnerability scans, and employee training.
  • Incident response plans for breaches.

Despite these, no system is infallible. LMDEC Ltd shall not be liable for losses from unauthorised access unless due to our gross negligence or wilful misconduct.

9. Data Breaches

In the event of a personal data breach, we will notify the ICO within 72 hours, if required, and inform affected individuals without undue delay if there’s a high risk to their rights and freedoms.

10. Data Retention

We retain data only as long as necessary:

  • Active client data: For the contract duration plus 7 years (for legal claims, tax, and construction defect liabilities).
  • Enquiry data: Up to 24 months.
  • Marketing data: Until consent withdrawal.
  • Legal compliance data: As mandated (e.g., 6 years for financial records).

Data is securely deleted or anonymised post-retention.

11. Your Rights

Under UK GDPR and DUAA, you have enhanced rights:

  • Access, rectification, erasure, restriction, objection (including to marketing or processing based on legitimate interests), and portability.
  • Withdrawal of consent at any time (without affecting prior processing).
  • Complaint handling: From summer 2026, we will implement formal processes; currently, we respond within 30 days.

Exercise rights by contacting our Data Protection Officer (details below). No fee unless requests are excessive. If unsatisfied, complain to the ICO (www.ico.org.uk).

12. Cookies and Tracking

We use:

  • Essential cookies for site functionality.
  • Analytics cookies for performance insights.
  • Marketing cookies (with consent).

Per DUAA/PECR updates, certain tracking exemptions apply (e.g., for audience measurement). Manage preferences via our cookie banner or browser. See our separate Cookie Policy for details. Note: PECR breaches now carry higher fines.

We are not responsible for third-party sites linked from ours. Review their policies independently.

14. Intellectual Property and Company Rights

All content on our website (e.g., designs, text) is owned by LMDEC Ltd or licensed to us. You may not reproduce it without permission. This Policy does not grant you any rights to our intellectual property. We reserve all rights to enforce against misuse, including data scraping.

15. Limitation of Liability

To the fullest extent permitted by law, LMDEC Ltd excludes liability for indirect, consequential, or incidental losses arising from data processing or this Policy. Our total liability is limited to the value of services provided to you.

16. Changes to This Policy

We may update this Policy to reflect legal changes (e.g., further DUAA implementations) or practices. Changes will be posted here with a revised effective date. Continued use constitutes acceptance.

17. Contact Us

For queries or rights exercises:

Data Protection Officer LMDEC Ltd Suite 173, Capital Business Centre, 22 Carlton Road, South Croydon CR2 0BS

Email: info@lmdec.co.uk Phone: 0204 577 2001

Effective Date: 17/01/2026

Theme: Illdy. [wa] © Copyright 2025. All Rights Reserved LMDEC LTD | Privacy Policy | A Company Number 11635394 | Full Property Renovation | Interior Decoration Services | Residential Renovation Experts | Carpentry | Plumbing | Electricial | London Renovation Specialists | Public Liability Insurance 2.000.000