GDPR and data protection

Privacy Statement

This statement explains how SiteSys uses personal information to provide secure site access, delivery bookings, approvals, notifications, reporting and construction-site management tools.

Last updated: May 2026

This is a practical privacy statement for SiteSys users. It should be reviewed alongside your company details, client requirements and legal advice before being published as your final live policy.

1. Who we are

SiteSys is a construction site operations platform used to manage site access, delivery bookings, approvals, gate activity, user accounts, notifications, work tracking and related site records.

For privacy queries, contact: admin@sitesys.co.uk.

2. Information we collect

Depending on how SiteSys is used on your site, we may collect and process:

Account details such as name, company, email address, role and approval status.
Login and security information such as hashed PINs, session records and reset-token records.
Delivery booking details such as company, contact person, contact email, phone number, vehicle information, materials, notes, booking date and slot time.
Gate and logistics records such as arrival, on-site, departure, no-show and queue-time events.
Notification subscription data needed to send browser/device push notifications.
Audit and activity records such as approvals, denials, cancellations and actions completed by authorised users.
Technical information such as browser/device information, timestamps and site code.

3. Why we use this information

We use personal information to:

create and manage user accounts;
control access to the correct site and role-based features;
process delivery booking requests and approvals;
support live gate and logistics management;
send operational notifications and reset PIN emails;
maintain site records, reports and audit trails;
keep the platform secure and prevent unauthorised access;
provide support and respond to user queries.

4. Lawful basis for processing

The lawful basis will normally be one or more of the following:

Legitimate interests: operating a secure and efficient construction site management system.
Contract: providing SiteSys services to a client, site, contractor or authorised user.
Legal obligation: where records are required for health, safety, compliance or site management duties.
Consent: where users choose to enable optional browser/device push notifications.

5. Who information is shared with

Information may be shared with authorised site administrators, project teams, contractors, suppliers and support personnel where needed to operate the site and platform. We may also use trusted service providers for hosting, database storage, email delivery and technical infrastructure.

We do not sell personal data.

6. How we protect information

SiteSys uses role-based access controls, site-scoped permissions, secure sessions, protected Worker/API routes, approved-user checks and hashed PIN storage. Users only receive access to the pages and records appropriate for their role and site.

7. How long we keep information

We keep information for as long as needed to operate SiteSys, support the relevant construction project, maintain audit records, meet contractual requirements and comply with legal or health and safety obligations. Retention periods may vary by project and client.

8. Your rights

Under UK GDPR, you may have rights to access, correct, delete, restrict or object to the processing of your personal data, and to request a copy of your data. These rights may be subject to legal, contractual or project record-keeping requirements.

9. Cookies and local storage

SiteSys uses secure session cookies to keep users signed in. The system may also use local browser storage for convenience, such as remembering the last selected site code or displaying role information in the user interface.

10. Contact

For privacy or data protection questions, contact admin@sitesys.co.uk.