SiteOrbit - Construction Site Management

Last Updated: February 2026

Effective Date: 01 February 2026

THIS PRIVACY POLICY DESCRIBES HOW SiteOrbit COLLECTS, USES, PROCESSES, AND PROTECTS YOUR PERSONAL INFORMATION WHEN YOU USE THE SITEORBIT APPLICATION. BY USING THE APPLICATION, YOU CONSENT TO THE PRACTICES DESCRIBED IN THIS POLICY.

1. Introduction and Controller Information

1.1. SiteOrbit, with registered office at 27 Old Gloucester Street, London WC1N 3AX ("We", "Us", "Our", or "Company"), is the data controller responsible for Your Personal Data collected through the SiteOrbit application ("Application" or "App").

1.2. We are committed to protecting Your privacy and complying with applicable data protection legislation, including the UK GDPR and the Data Protection Act 2018.

1.3. This Privacy Policy applies to all users of the Application and explains:

(a) what Personal Data We collect and why;
(b) how We use, process, and store Your Personal Data;
(c) who We share Your Personal Data with;
(d) Your rights regarding Your Personal Data;
(e) how to contact Us with privacy concerns.

2. Definitions

For the purposes of this Privacy Policy:

"Personal Data" means any information relating to an identified or identifiable natural person;
"Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion;
"Data Subject" means the individual to whom Personal Data relates;
"Special Category Data" means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation;
"Organisation" means Your employer or the entity that has granted You access to the Application;
"Third Party" means any natural or legal person, public authority, agency, or body other than the Data Subject, the Company, or the Organisation.

3. Legal Basis for Processing

3.1. We process Your Personal Data on the following legal bases:

3.1.1. Contract Performance

Processing is necessary for the performance of the employment contract between You and Your Organisation, or to take steps at Your request prior to entering into such contract. This includes:

(a) recording attendance and working hours;
(b) calculating and processing wages and payments;
(c) managing work assignments and tasks;
(d) processing expense claims and overtime requests.

3.1.2. Legal Obligation

Processing is necessary for compliance with legal obligations to which We or Your Organisation are subject, including:

(a) tax and national insurance obligations;
(b) employment law requirements;
(c) health and safety regulations;
(d) construction industry scheme (CIS) compliance;
(e) working time regulations.

3.1.3. Legitimate Interests

Processing is necessary for Our or Your Organisation's legitimate interests, except where such interests are overridden by Your fundamental rights and freedoms. Legitimate interests include:

(a) preventing fraud and ensuring security;
(b) improving and developing the Application;
(c) managing and administering the workforce effectively;
(d) communicating with You about work-related matters;
(e) ensuring compliance with internal policies.

3.1.4. Consent

Where We process Special Category Data (such as biometric data for facial recognition), We do so with Your explicit consent. You may withdraw Your consent at any time by contacting support@webmail.siteorbit.app.

4. Personal Data We Collect

4.1. Identity and Contact Information

Full name (first name, middle name, surname)
Date of birth
Gender
Nationality
Email address
Telephone number(s)
Home address and postal code
Profile photograph
Employee/staff identification number
National Insurance number

4.2. Employment and Financial Information

Job title and role
Organisation affiliation
Employment status (employee, contractor, subcontractor)
Start date and length of service
Wage rates and payment information
Bank account details for salary payments
Tax code and tax information
CIS (Construction Industry Scheme) status
UTR (Unique Taxpayer Reference) number
Pension information

4.3. Location Data

We collect precise geolocation data through the following means:

GPS coordinates when clocking in/out
Wi-Fi and cellular network positioning
Reverse-geocoded addresses (site locations)
Location history and movement patterns during working hours
Distance from designated work sites

Location data is collected continuously while You are clocked in and the Application is active. This data is used for:

(a) verifying Your presence at designated work sites;
(b) calculating accurate working hours for payroll;
(c) ensuring compliance with health and safety requirements;
(d) emergency response and worker safety;
(e) preventing time fraud and ensuring accurate timekeeping.

4.4. Biometric Data (Special Category)

With Your explicit consent, We may collect and process biometric data:

Facial recognition data for clock-in verification
Facial biometric templates stored securely
Comparison data for identity verification

Biometric data is processed only with Your explicit consent and is used solely for identity verification purposes. You may opt out of biometric authentication at any time, in which case alternative verification methods will be used.

4.5. Work Activity and Attendance Data

Clock-in and clock-out timestamps
Total hours worked per day, week, and pay period
Break times and durations
Work site assignments and locations
Task assignments, status, and completion data
Work diary entries and progress notes
Photographs of work progress and site conditions
Attendance records and absence history
Late arrivals and early departures

4.6. Financial Transaction Data

Expense claims and receipts
Expense categories and amounts
Overtime requests and approvals
Payment history and wage calculations
Holiday requests and entitlements
Deductions (tax, national insurance, CIS, pension)
Payment receipts and payslips

4.7. Device and Technical Information

Device type, model, and manufacturer
Operating system and version
Unique device identifiers (UDID, IMEI)
IP address
Mobile network information
Application version and build number
Device settings and permissions
Crash reports and error logs

4.8. Usage and Analytics Data

Features accessed and frequency of use
Time spent using the Application
Navigation paths and user interactions
Search queries within the Application
Preferences and settings
Login and logout times

4.9. Communications Data

Messages sent through the Application
Notifications received and read
Bug reports and feedback submissions
Customer support communications

5. How We Use Your Personal Data

5.1. We use Your Personal Data for the following purposes:

5.1.1. Workforce Management

Recording and verifying attendance at work sites
Tracking working hours for payroll purposes
Managing work assignments and task allocation
Monitoring work progress and productivity
Scheduling and shift management

5.1.2. Payroll and Financial Processing

Calculating wages based on hours worked
Processing expense reimbursements
Managing overtime payments
Administering tax deductions (PAYE, CIS)
Processing pension contributions
Generating payslips and payment records

5.1.3. Legal and Regulatory Compliance

Fulfilling tax obligations (HMRC reporting)
Complying with employment law requirements
Meeting health and safety regulations
Maintaining working time directive compliance
Responding to legal requests and court orders

5.1.4. Health and Safety

Ensuring worker presence at safe work locations
Emergency response and worker location tracking
Documenting site conditions through photographs
Investigating accidents and incidents

5.1.5. Communication

Sending work-related notifications and updates
Communicating about schedule changes
Providing Application updates and improvements
Responding to Your inquiries and support requests

5.1.6. Application Improvement

Analyzing usage patterns to improve functionality
Identifying and fixing technical issues
Developing new features and enhancements
Conducting security testing and monitoring

6. Data Sharing and Disclosure

6.1. We share Your Personal Data with the following categories of recipients:

6.1.1. Your Organisation

Your employer or contracting organisation has access to Your Personal Data for workforce management, payroll processing, and compliance purposes. This includes administrators, site supervisors, project managers, and payroll staff.

6.1.2. Service Providers and Processors

We engage third-party service providers who process Personal Data on Our behalf:

Cloud hosting providers
Payment processing services
Analytics providers
Customer support tools
Email and notification services

6.1.3. Legal and Regulatory Authorities

We may disclose Your Personal Data to:

HMRC (Her Majesty's Revenue and Customs) for tax purposes
Law enforcement agencies when legally required
Health and Safety Executive (HSE) for safety investigations
Courts and tribunals in legal proceedings
Other regulatory bodies as required by law

6.1.4. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, Your Personal Data may be transferred to the acquiring entity, subject to the same privacy protections.

6.2. We do not sell, rent, or trade Your Personal Data to third parties for marketing purposes.

6.3. All third-party service providers are required to implement appropriate security measures and process Personal Data only in accordance with Our instructions and applicable data protection laws.

7. International Data Transfers

7.1. Your Personal Data is primarily stored and processed in the United Kingdom and the European Economic Area (EEA).

7.2. In some cases, Your Personal Data may be transferred to countries outside the UK/EEA where Our service providers are located. When We transfer Personal Data internationally, We ensure adequate safeguards are in place, including:

(a) Standard Contractual Clauses approved by the European Commission;
(b) Adequacy decisions recognizing equivalent data protection standards;
(c) Binding Corporate Rules for intra-group transfers;
(d) Certification schemes (e.g., EU-U.S. Data Privacy Framework).

8. Data Retention

8.1. We retain Your Personal Data for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

8.2. Specific retention periods:

Data Type	Retention Period
Attendance and working time records	6 months
Wage and payment records	6 months
Tax and CIS records	6 months
Health and safety records	6 months
Accident and incident reports	6 months
Employee files (general)	6 months
Biometric data	Deleted within 6 months of consent withdrawal or account termination

8.3. After the retention period expires, We will securely delete or anonymize Your Personal Data.

8.4. In some cases, We may retain Personal Data for longer periods where required by law, for legal proceedings, or to protect Our legal rights.

9. Data Security

9.1. We implement appropriate technical and organizational measures to protect Your Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage, including:

Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Access controls: Role-based access restrictions and authentication requirements
Secure infrastructure: Data hosted on certified cloud providers with ISO 27001 certification
Regular security testing: Penetration testing and vulnerability assessments
Staff training: Regular data protection training for all personnel
Incident response: Procedures for detecting and responding to data breaches
Backup and recovery: Regular backups with disaster recovery procedures

9.2. In the event of a data breach that is likely to result in a risk to Your rights and freedoms, We will notify You and the relevant supervisory authority within 72 hours of becoming aware of the breach.

10. Your Rights

10.1. Under applicable data protection legislation, You have the following rights:

10.1.1. Right of Access

You have the right to obtain confirmation as to whether We process Your Personal Data and, if so, to access that data and receive information about how it is processed.

10.1.2. Right to Rectification

You have the right to have inaccurate Personal Data corrected and incomplete Personal Data completed.

10.1.3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of Your Personal Data in certain circumstances, including:

(a) the data is no longer necessary for the purposes for which it was collected;
(b) You withdraw consent (where consent is the legal basis);
(c) You object to processing and there are no overriding legitimate grounds;
(d) the data has been unlawfully processed.

This right is subject to legal retention requirements (e.g., tax records must be retained for the required period).

10.1.4. Right to Restriction of Processing

You have the right to restrict processing of Your Personal Data in certain circumstances, such as when You contest the accuracy of the data or object to processing.

10.1.5. Right to Data Portability

You have the right to receive Your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

10.1.6. Right to Object

You have the right to object to processing of Your Personal Data based on legitimate interests or for direct marketing purposes.

10.1.7. Right to Withdraw Consent

Where processing is based on consent (e.g., biometric data), You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

10.1.8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the country of Your residence, place of work, or place of alleged infringement.

In the UK: Information Commissioner's Office (ICO) - www.ico.org.uk

10.2. To exercise any of these rights, please contact Our Data Protection Officer at support@webmail.siteorbit.app.

10.3. We will respond to Your request within one month of receipt. In complex cases, this may be extended by a further two months, and We will inform You of any such extension.

11. Automated Decision-Making and Profiling

11.1. We do not use Your Personal Data for automated decision-making that produces legal effects or similarly significantly affects You.

11.2. We may use automated processing for the following purposes, which do not constitute automated decision-making:

Calculating wages based on recorded working hours
Verifying location proximity to work sites
Matching facial biometric data for identity verification

These processes are subject to human oversight and review.

12. Cookies and Tracking Technologies

12.1. The mobile Application does not use cookies. However, We use the following technologies:

Local Storage: To save Your login session and app preferences on Your device
Device Identifiers: To identify Your device for security and authentication purposes
Analytics SDKs: To collect usage data and improve the Application (can be disabled in settings)
Crash Reporting: To identify and fix technical issues

12.2. The web Application uses cookies for the following purposes:

Cookie Type	Purpose	Duration
Strictly Necessary	Essential for the website to function (e.g., authentication, security)	Session / 1 year
Functional	Remember your preferences and settings	1 year
Analytics	Understand how visitors interact with our website	2 years

12.3. You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and set most browsers to prevent them from being placed. To learn more about cookies, visit www.aboutcookies.org.

13. Children's Privacy

13.1. The Application is not intended for use by individuals under the age of 18.

13.2. We do not knowingly collect or process Personal Data from individuals under 18 years of age.

13.3. If We become aware that We have collected Personal Data from a person under 18, We will take steps to delete such information as soon as possible.

13.4. If You believe We may have collected information from a person under 18, please contact Us immediately at support@webmail.siteorbit.app.

14. Changes to This Privacy Policy

14.1. We may update this Privacy Policy from time to time to reflect changes in Our practices, legal requirements, or for other operational, legal, or regulatory reasons.

14.2. When We make material changes to this Privacy Policy, We will:

(a) update the "Last Updated" date at the top of this policy;
(b) notify You through the Application or by email;
(c) provide at least 30 days' notice before the changes take effect.

14.3. Your continued use of the Application after changes take effect constitutes Your acceptance of the updated Privacy Policy.

14.4. We recommend reviewing this Privacy Policy periodically to stay informed about how We protect Your Personal Data.

15. Data Protection Officer

15.1. We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws and to handle data protection matters.

15.2. You may contact Our DPO at:

Name: SiteOrbit
Email: support@webmail.siteorbit.app
Address: 27 Old Gloucester Street, London WC1N 3AX

16. Contact Information

16.1. If You have any questions, concerns, or complaints about this Privacy Policy or Our data practices, please contact Us:

Company Name: SiteOrbit
Registered Address: 27 Old Gloucester Street, London WC1N 3AX
Email: support@webmail.siteorbit.app

16.2. We aim to respond to all inquiries within 7-10 Business Days.

17. Acknowledgment

BY USING THE APPLICATION, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED HEREIN.