Skip to content
Secure Portal
Authorised personnel only
Portal Home Privacy Terms Cookies

Privacy Policy

Last updated: 11 August 2025

1. Introduction

This Privacy Policy explains how King Civils (“King Civils,” “we,” “us,” or “our”) collects and processes personal data when you access or use the King Civils online portal and related systems (the “Portal”). This notice applies to authorised employees, workers and contractors using the Portal in the course of their work.

2. Who we are

For the purposes of UK data protection law (UK GDPR and Data Protection Act 2018), King Civils is the data controller for personal data processed via the Portal, unless stated otherwise. In certain arrangements we may act as a processor for a group company or client, in which case that entity’s privacy terms may also apply.

3. Data we collect

Depending on your role and how you use the Portal, we may process:

  • Identity & contact: name, email address, employee/contractor ID, role, team, phone.
  • Account & authentication: usernames, password hashes, SSO identifiers, MFA status.
  • Device & usage: IP address, device/browser type, OS, activity logs, crash/diagnostic data, timestamps.
  • Content you submit: forms, timesheets, messages, attachments, project data.
  • Support interactions: tickets, chat or email correspondence, feedback.
  • Cookies and similar: identifiers and telemetry required for security and session management, and (where used) analytics. See Cookies.

4. How we use your data

  • Provide, operate and secure the Portal (including SSO, MFA, access control and audit).
  • Administer your account and deliver features such as timesheets, project tools and communications.
  • Monitor performance, troubleshoot, and improve the Portal.
  • Comply with legal and regulatory obligations and exercise/defend legal claims.
  • Communicate important updates, security notices and service messages.

5. Lawful bases

We rely on one or more of the following lawful bases under UK GDPR:

  • Contract — to provide the Portal and related services you have access to as part of your role.
  • Legitimate interests — to operate, secure and improve the Portal. We balance these interests against your rights.
  • Legal obligation — where processing is necessary to comply with law (e.g., security logging, tax or audit).
  • Consent — where we rely on your consent (e.g., certain optional analytics or cookies). You can withdraw consent at any time.

6. Cookies & similar technologies

The Portal uses essential cookies and similar technologies for authentication, security and core functionality. If we use non‑essential cookies (e.g., analytics), we will provide a cookie banner and obtain consent where required. You can manage preferences via our Cookies page or your browser settings.

7. Sharing & recipients

We may share personal data with:

  • Service providers who host, support or provide components of the Portal (e.g., identity, communications, storage), under appropriate contracts and security measures.
  • Group companies where necessary for internal administration and service delivery.
  • Authorities or other parties where required by law or to protect rights, property or safety.
  • Clients where you work on client projects and information sharing is necessary for that work (as permitted by contract and policy).

8. International transfers

Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place (e.g., UK Addendum to the EU Standard Contractual Clauses or other recognised mechanisms) and conduct transfer risk assessments where required.

9. Retention

We keep personal data for as long as necessary for the purposes described above and to meet legal, accounting or reporting requirements. Retention periods vary by data type and context; audit logs, for example, may be retained for a defined security period.

10. Security

We implement technical and organisational measures designed to protect personal data, including access controls, encryption in transit, network security, monitoring and staff training. No system is completely secure; please report suspected incidents promptly.

11. Your rights

Subject to conditions and exemptions in UK law, you have rights to:

  • access a copy of your personal data;
  • rectify inaccurate or incomplete data;
  • erase data (“right to be forgotten”);
  • restrict or object to processing, including for legitimate interests;
  • port your data to another provider;
  • withdraw consent where processing is based on consent.

To exercise your rights, contact us using the details in Contact & complaints. We may need to verify your identity and may not be able to comply with a request where exemptions apply.

12. Automated decision‑making

We do not carry out decisions producing legal or similarly significant effects solely based on automated processing in the Portal. If this changes, we will inform you and explain your rights.

13. Children’s data

The Portal is for authorised personnel in a work context and is not intended for children.

14. Changes to this notice

We may update this Privacy Policy from time to time. If we make material changes, we will notify users via the Portal or by email. Please review this page periodically.

15. Contact & complaints

If you have questions or wish to exercise your rights, contact our Data Protection Lead at [email protected]..

You also have the right to complain to the UK Information Commissioner’s Office (ICO). See www.ico.org.uk for contact details. We would appreciate the opportunity to resolve your concerns first.