top of page

Inroduction 

RPM Contractors Ltd. is committed to protecting and respecting your privacy. This Privacy Policy explains how we handle personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

RPM is a small UK-based business providing boiler installation support, waste collection, parts recovery, stock management, and related operational services to trade and commercial clients.

The Data We Collect

For the purposes of UK GDPR, RPM acts as:

  • a Data Controller in respect of personal data relating to our employees, contractors, and internal business operations; and

  • a Data Processor when handling personal data on behalf of our clients, strictly under their instructions.

Website Visitors

RPM’s website is informational. We do not knowingly collect personal data through the website, other than:

  • information you choose to provide if you contact us directly (e.g. via email).

We do not use contact forms, marketing tracking, or profiling tools.

Client & Job Related Data

When carrying out services for our clients, RPM may access limited personal data (customer name, service address, job or installation details).

This data is:

  • accessed exclusively via the client’s own systems or applications;

  • viewed only for the duration necessary to complete the assigned work; and

  • not stored, copied, or retained on RPM systems once the job is completed.

RPM processes this data only under the instructions of the Data Controller.

Employee & Contractor Data

RPM processes limited personal data for employment and operational purposes, including:

  • contact details

  • payroll and payment information

  • certification and compliance records (where applicable)

This data is collected solely to meet legal, contractual, and operational requirements.

Data Minimisation

RPM follows the principle of data minimisation. We:

  • collect and access only the minimum data required to perform our services;

  • do not retain client customer data beyond job completion where access is provided via client systems; and

  • review internal data holdings periodically to ensure relevance and necessity.

Data Security 

RPM implements appropriate technical and organisational measures to protect personal data, including:

  • restricted access to systems and devices

  • password-protected accounts

  • basic device hygiene and security practices

  • role-based access to information

  • secure storage of employment and financial records

All data processing activities are conducted within the UK.

Data Retention

Personal data is retained only for as long as necessary:

  • to fulfil the purpose for which it was collected;

  • to meet legal or contractual obligations.

Client customer data accessed via client systems is not retained by RPM.

Your Rights 

Under UK GDPR, individuals have rights including:

  • the right to access their personal data

  • the right to rectification

  • the right to erasure (where applicable)

  • the right to restrict or object to processing

Requests can be made using the contact details below.

If you have concerns about how RPM handles personal data, you may contact us directly in the first instance.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

RPM may update this Privacy Policy from time to time. Any updates will be published on this page.

bottom of page