Privacy Policy

Last updated: April 2026

1. Who We Are

PipsPrice Group is the trading name of the group of companies comprising PipsPrice Construction Ltd, MAM Homes Ltd, and Investinova Ltd, all registered in England and Wales.

For the purposes of data protection law, the data controller is PipsPrice Group, Spaces, 125 Deansgate, Manchester, M3 2BY.

We are registered with the Information Commissioner's Office (ICO) as a data controller. Our ICO registration reference number is [ICO REGISTRATION NUMBER].

Data Protection Officer (DPO): We are not required by law to appoint a Data Protection Officer. Data protection matters are handled directly by our management team. If you have a query about how we use your personal data, contact us at info@pipsprice.co.uk.

2. Data We Collect

We collect personal data only where it is necessary for a legitimate business purpose. All personal data we hold is collected directly from you — we do not obtain your data from third-party sources or public registers.

The categories of data we may collect are:

• Contact information — your name, email address, phone number, and company name when you submit our enquiry form.
• Enquiry content — the subject and message you send us, including any project documents or architectural plans you choose to attach (PDF, DWG, DXF, JPG, PNG).
• Server log data — your IP address, browser type, HTTP method, and the pages you visit, recorded automatically by our web server. This data is used solely for security monitoring and is not used to identify or profile individuals.

We do not collect payment card details, special-category personal data (as defined in Article 9 UK GDPR), or information about children on this website.

3. How We Use Your Information

We use the information you provide solely for the following purposes:

• Respond to your enquiry and communicate with you about your project or requirements.
• Assess whether we can provide the services you have asked about.
• Send you an automated acknowledgement confirming we have received your message.
• Maintain records of our business correspondence as required by law and good business practice.
• Monitor and protect the security and integrity of our website (server log data).

We will not use your data for marketing purposes unless you have separately given explicit consent. We will never sell, rent, or trade your personal data to third parties.

4. Legal Basis for Processing

Under the UK GDPR we are required to have a documented lawful basis for each processing activity. The table below sets out the link between the data we collect, the purpose for which we process it, and the legal basis we rely on.

Data	Purpose	Lawful Basis (UK GDPR Art. 6)
Name, email, phone, company, subject, message	Responding to and managing your enquiry; maintaining correspondence records	Legitimate interests (Art. 6(1)(f)) — responding to business enquiries you have proactively sent to us. We have conducted a balancing test and are satisfied our interests are not overridden by your fundamental rights.
Name, email, phone, company, subject, message	Progressing a potential or existing contract for construction services	Performance of a contract or pre-contractual steps (Art. 6(1)(b)) — where your enquiry relates to a project we may be contracted to deliver.
Correspondence records	Retaining business records in compliance with statutory obligations	Legal obligation (Art. 6(1)(c)) — where we are required to retain records under applicable law (e.g. Companies Act 2006).
IP address, browser type, server logs	Website security monitoring and attack prevention	Legitimate interests (Art. 6(1)(f)) — protecting our systems and users from unauthorised access and abuse.

We do not rely on consent as a lawful basis for any of our processing activities on this website. Accordingly, the right to withdraw consent does not apply. If we ever seek to use your data for a purpose that requires consent, we will ask for it separately and clearly at that time.

We do not carry out any automated decision-making or profiling using your personal data.

5. How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purpose for which it was collected, and no longer than the law requires. Our specific retention periods are:

• Enquiries that do not proceed to a project — deleted from our systems within 3 years of last contact.
• Enquiries that proceed to a contract — retained for the duration of the project plus 7 years, in line with contractual and statutory limitation periods.
• Uploaded files — retained for the same period as the associated enquiry record, then securely deleted.
• Server logs — automatically overwritten or deleted after 90 days.

When data is no longer needed, it is securely deleted from our database and file storage. We do not archive personal data indefinitely.

6. Sharing Your Information

We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances, and only with parties bound by appropriate data processing agreements:

• IONOS SE (hosting & infrastructure) — our website and database are hosted on IONOS Web Hosting Premium. IONOS processes data on our behalf as a data processor under a formal data processing agreement. IONOS servers used for this website are located within the UK and European Economic Area (EEA).
• IONOS SE (email delivery) — outgoing email notifications triggered by the contact form are sent via IONOS SMTP mail servers, using PHPMailer. Email content is transmitted over TLS-encrypted connections. IONOS operates within the UK and EEA.
• Legal and regulatory bodies — we may disclose personal data to the police, courts, or regulatory authorities where we are required to do so by law, or where disclosure is necessary to protect the safety of any person.

We do not share your data with any other third parties. Where we engage processors, we maintain written data processing agreements and conduct appropriate due diligence.

7. International Transfers

Your personal data is processed and stored entirely within the United Kingdom and European Economic Area (EEA). We do not transfer personal data to countries outside the UK or EEA in the course of our normal operations.

Both our hosting provider (IONOS SE) and our email delivery infrastructure are based and operated within the UK/EEA, meaning no international data transfers occur when you submit an enquiry or visit our website.

If this position changes, we will update this notice and implement appropriate safeguards (such as the UK International Data Transfer Agreement or equivalent standard contractual clauses) before any such transfer takes place.

8. Your Rights

Under the UK GDPR you have the following rights in relation to the personal data we hold about you. These rights are not absolute and may be subject to limitations, but we will always respond clearly and within the required timeframe.

• Right of access (Subject Access Request) — to request a copy of the personal data we hold about you.
• Right to rectification — to ask us to correct inaccurate or incomplete data without undue delay.
• Right to erasure ("right to be forgotten") — to request deletion of your data where there is no compelling reason for us to continue holding it (e.g. it is no longer necessary for the original purpose).
• Right to restriction of processing — to ask us to pause processing your data in certain circumstances, for example while we verify its accuracy.
• Right to data portability — to receive the personal data you provided to us in a structured, commonly used, machine-readable format.
• Right to object — to object at any time to processing based on legitimate interests (Article 6(1)(f)). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Rights related to automated decision-making — we do not make automated decisions about you, so this right is not currently relevant. If we introduce automated decision-making we will update this notice accordingly.
• Right to withdraw consent — we do not currently rely on consent as a lawful basis. If we do so in future, you will always have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Right to complain: If you are dissatisfied with how we have handled your personal data or how we have responded to a rights request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

• Website: ico.org.uk
• Telephone: 0303 123 1113
• Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to resolve any concern directly before you contact the ICO. Please contact us first so we can try to put things right.

9. Cookies

A cookie is a small text file placed on your device by a website. Our website uses only strictly necessary cookies. These cookies are essential for the website to function correctly and do not require your consent under the UK Privacy and Electronic Communications Regulations (PECR).

We do not use analytics cookies, advertising or targeting cookies, or any third-party tracking technologies. No cookie consent banner is therefore displayed on our website.

Cookie Name	Provider	Purpose	Duration	Type
PHPSESSID	PipsPrice (server-side)	A server-generated session identifier used to enforce rate limiting on the contact form, preventing automated spam submissions. This cookie contains no personal data and cannot be used to track you across other websites.	Session (deleted automatically when you close your browser)	Strictly Necessary

Our website does not load any third-party advertising networks, social media embeds, or tracking pixels. The only external resources loaded are font files from Google Fonts, which are served over HTTPS. Google Fonts does not set cookies when used in this way, but you may wish to review Google's Privacy Policy for completeness.

If you wish to manage or delete cookies already stored on your device, you can do so through your browser settings. Removing the PHPSESSID cookie will not affect your ability to browse our website, but may temporarily affect form submission rate limiting.

10. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, or disclosure. These measures include:

• All data transmitted between your browser and our server is encrypted via TLS/HTTPS. Our server enforces HTTPS and will redirect any unencrypted HTTP connections.
• Database credentials and API keys are stored outside the web root and excluded from version control.
• The admin area is protected by server-level HTTP Basic Authentication, in addition to application-layer controls.
• Uploaded files are stored in a directory with PHP script execution disabled, controlled by server configuration.
• Access to the database is restricted to server-side PHP scripts only; the database port is not exposed to the public internet.

No method of transmission over the internet is 100% secure. If you believe your personal data has been compromised or you suspect a data breach relating to our website, please notify us immediately at info@pipsprice.co.uk. We are required by law to report certain types of breach to the ICO within 72 hours of becoming aware of them.

11. Contact Us

If you have any questions about this Privacy Policy, how we handle your personal data, or wish to exercise any of your data subject rights, please contact us:

We aim to respond to all data protection queries within one calendar month. If your request is complex or you have made a number of requests, we may extend this period by a further two months and will notify you accordingly.

This policy may be updated from time to time to reflect changes in law, our services, or our data practices. The date at the top of this page reflects the most recent revision. Significant changes will be signposted clearly. We encourage you to review this page periodically.