Comply Block

Login Dropdown
Login / Signup

Privacy Policy

Last updated: 10-8-2025

ComplyBlock (“we”, “our”, “us”) is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use, and protect personal data in accordance with the UK GDPR, EU GDPR (where applicable), and the Data Protection Act 2018.

1. Who We Are

ComplyBlock provides building compliance management services to property managers and building owners across the UK.
We process personal data to support compliance with statutory requirements (such as fire risk assessments, asbestos surveys, and legionella testing).

We act as a:

  • Data Processor when we process personal data on behalf of our clients (e.g., property managers).

  • Data Controller when we determine the purpose and means of processing (e.g., managing our systems, security, and compliance monitoring).

2. What Data We Collect

Depending on the service provided, we may collect the following categories of personal data:

  • Contact details (name, phone number, email address, postal address)

  • Occupier or tenant information necessary for arranging surveys or works

  • Staff/contractor details for compliance reporting

  • System access and usage logs (for dashboard users)

We do not routinely collect sensitive personal data (special category data).
If such data is required for compliance purposes, it will be processed with additional safeguards.

3. How We Use Personal Data

We process personal data only where necessary and lawful, including for:

  • Carrying out statutory compliance surveys and assessments

  • Providing our compliance dashboard and reporting tools

  • Communicating with clients, tenants, and contractors about compliance actions

  • Meeting legal or regulatory obligations

  • Ensuring system security and fraud prevention

We do not sell or use personal data for unrelated marketing purposes.

4. Lawful Basis for Processing

Our processing is based on one or more of the following lawful grounds:

  • Legal obligation – to comply with statutory building safety requirements

  • Legitimate interests – to manage compliance services effectively on behalf of clients

  • Contract – where processing is necessary to deliver agreed services

5. Sharing of Data

We may share personal data with:

  • Clients (property managers and building owners) for compliance purposes

  • Approved contractors and surveyors engaged to carry out works

  • Regulators or enforcement bodies, where legally required

  • IT and cloud service providers who support our systems (subject to data protection agreements)

All third parties are contractually bound to protect personal data in line with GDPR requirements.

6. International Data Transfers

If personal data is transferred outside the UK/EU (for example, where cloud services are hosted), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

7. Data Retention

We only retain personal data for as long as necessary to fulfil compliance obligations and legal requirements. For example:

  • Compliance survey records – up to 6 years (unless longer retention is legally required)

  • Tenant/occupier contact details – deleted once surveys/works are complete

  • System access logs – retained for up to 12 months

After retention periods expire, data is securely deleted.

8. Security of Data

We use appropriate technical and organisational measures to protect personal data, including:

  • Encryption of stored and transmitted data

  • Role-based access controls

  • Audit logs and monitoring

  • Regular system testing and backups

9. Your Data Protection Rights

Under GDPR, you have the following rights:

  • Access – request a copy of your personal data

  • Rectification – correct inaccurate or incomplete data

  • Erasure – request deletion of personal data (where possible)

  • Restriction – limit processing of your data

  • Objection – object to certain types of processing

  • Data portability – request transfer of your data in a structured format

Requests can be made using the contact details below. We will respond within one month.

10. Data Breach Notification

In the event of a data breach that risks your rights and freedoms, we will notify the relevant supervisory authority (ICO in the UK) within 72 hours and inform affected individuals where legally required.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Data Protection Officer (DPO)
ComplyBlock
Suite 105, The Work Lab, Claydons Lane, Rayleigh SS6 7UP
Email: support@complyblock.co.uk
Phone: +44 (0)20 1234 5678

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
👉 www.ico.org.uk