Managing multiple sites, multiple contractors, and a mountain of health and safety paperwork shouldn't take up half your day.
Site Safety Compliance puts every Risk Assessment, Method Statement, F10 form, and sign-off in one place — accessible by every contractor, on every site, from their phone. Upload once, allocate to your team, and know instantly that every document has been read and accepted.
Whether you're running a construction project, a TV shoot, a catering operation, or a live event — stay compliant, stay protected, and get hours of your week back.
Site Safety Compliance
Last updated: 26 May 2026
1. Who We Are
This privacy policy applies to the Site Safety Compliance mobile application (bundle ID: com.bgsitesafety.compliance), operated by:
BG Retrofit For privacy enquiries, please contact us at: sitesafety@bgretrofit.co.uk
We are the data controller for the personal information collected and processed through this app. This policy explains what data we collect, why we collect it, how it is used, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Data We Collect
Depending on your role within the app (Admin, Contractor, or Client), we may collect and store the following personal information:
2.1 Contractors
- Full name
- Email address
- Any personal details included within Risk Assessment and Method Statements (RAMS) documents uploaded to the app
2.2 Clients
- Full name
- Email address
- Site address(es) associated with your account
2.3 Admins
- Full name
- Email address
- Login credentials (passwords are stored in encrypted form and never accessible in plain text)
2.4 Site & Operational Data
- Site names and full addresses
- RAMS documents (which may contain personal data relating to named workers or responsible persons)
- Records of which contractors are assigned to which sites
3. How We Collect Your Data
We collect personal data in two ways:
- Directly from you — when you register for an account or update your profile within the app.
- On your behalf by an Administrator — in some cases, an admin user may enter your name and email address into the system to create or manage your account.
Where data is entered by an administrator on your behalf, BG Retrofit takes reasonable steps to ensure those administrators are authorised to provide your information and are aware of this privacy policy.
4. Why We Process Your Data (Legal Basis)
We only process your personal data where we have a lawful basis to do so under UK GDPR. The bases we rely on are:
| Purpose | Legal Basis |
|---|---|
| Creating and managing user accounts | Legitimate interests / Contract performance |
| Storing and displaying site addresses and RAMS | Contract performance / Legitimate interests |
| Assigning contractors to sites | Contract performance / Legitimate interests |
| Communicating with you about your account | Contract performance |
| Complying with health, safety, and legal obligations | Legal obligation |
| Improving the app and resolving technical issues | Legitimate interests |
Our legitimate interests are the safe and efficient management of site safety compliance records on behalf of our users and their organisations.
5. How We Share Your Data
We do not sell your personal data to third parties.
We may share your data only in the following limited circumstances:
- Within the app — Admins can view all data; Contractors and Clients can view data relevant to their own accounts and assigned sites.
- Hosting providers — Your data is currently stored on servers provided by Creat.xyz. We may migrate to our own servers in future, and this policy will be updated accordingly. Any hosting provider we use is required to protect your data in line with UK GDPR standards.
- Legal compliance — Where required by law, regulation, or a court order, we may disclose data to the appropriate authorities.
We do not currently transfer personal data outside of the United Kingdom or European Economic Area. If this changes, we will update this policy and ensure appropriate safeguards are in place.
6. How Long We Keep Your Data
We retain your personal data only for as long as is necessary for the purposes described in this policy, or as required by law:
- Active accounts — data is retained for the duration of your account.
- Inactive or closed accounts — personal data is deleted or anonymised within 12 months of account closure, unless we are legally required to keep it longer (for example, health and safety records relating to RAMS may have specific statutory retention periods).
7. Data Security
We take the security of your personal data seriously. Measures in place include:
- Passwords stored using secure encryption (hashing)
- Role-based access controls to restrict who can view what data
- Secure data transmission (HTTPS/TLS)
Please be aware that no method of electronic transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay.
8. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request that we correct any inaccurate or incomplete data.
- Right to erasure — request that we delete your personal data in certain circumstances.
- Right to restriction — request that we limit how we use your data in certain circumstances.
- Right to data portability — request your data in a portable, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Rights related to automated decision-making — we do not currently make solely automated decisions about individuals.
To exercise any of these rights, please contact us at: sitesafety@bgretrofit.co.uk
We will respond to all valid requests within one month. This period may be extended by a further two months for complex or numerous requests, in which case we will inform you.
9. Cookies and Tracking
The Site Safety Compliance app does not use tracking cookies. If a web-based version of the app is introduced in future, this section will be updated.
10. Children's Privacy
This app is intended for use by professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this privacy policy from time to time to reflect changes to our practices or legal requirements. When we make significant changes, we will notify users via the app or by email. The "Last updated" date at the top of this page will always reflect the most recent revision.
We encourage you to review this policy periodically.
12. How to Complain
If you have concerns about how we handle your personal data and are not satisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO) Website: https://ico.org.uk Helpline: 0303 123 1113
This privacy policy was prepared in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.