Kirk Group Services Ltd

Privacy Notice

Last updated: 3 May 2026

This notice explains how Kirk Group Services Ltd (“we”, “us”, “our”) collects, uses and protects personal data when you use kirkgroup.uk and our subdomain sites (cor, handyman, care, ventilation, cleaning), the contractor and admin mobile applications, or any of our service brands.

We are the data controller for the personal data described in this notice. Our registered office and contact details are at the bottom of this page.

1. What we collect

If you book a service or request a quote

  • Your name, email address, telephone number and the postal address of the property where work is required
  • A description of the service you need
  • Any photographs or supporting information you choose to share

If you register as a contractor

  • Identity details: name, date of birth, home address, photo ID, right-to-work documentation
  • Tax details: National Insurance number, Unique Taxpayer Reference (UTR) where applicable
  • Trade qualifications and certifications (e.g. DBS, NICEIC, Gas Safe, public liability insurance)
  • Bank account details for payment
  • Emergency contact details (name, telephone, relationship)
  • Service area, travel distance and availability preferences

Automatically

  • IP address, browser type and basic device information for security and abuse prevention
  • Authentication cookies that keep you signed in (see our Cookie Policy)

2. Why we use it (lawful basis)

We process personal data on the following bases under Article 6 of the UK GDPR:

  • Performance of a contract — to deliver the service you have booked, schedule a contractor, raise quotes and invoices, and collect payment.
  • Legitimate interests — to operate, secure and improve our platform, prevent fraud, vet contractors before allocating work, and respond to enquiries. Where we rely on legitimate interests we have weighed our interests against your rights and concluded our processing is necessary and proportionate.
  • Legal obligation — to keep records HMRC requires us to retain (see retention below), to meet right-to-work checks, and to comply with health and safety law.
  • Consent — where you have explicitly opted in (e.g. marketing emails). You can withdraw consent at any time.

Some contractor data we collect is “special category” data under Article 9 (e.g. enhanced DBS results in the care sector). We only process this where you have given us explicit consent or where it is necessary for substantial public interest under safeguarding legislation.

3. Who we share it with

We share personal data only with the parties listed below:

  • Allocated contractors — when we allocate a job to a contractor we share the customer's name, address and job description so they can complete the work.
  • Customers — once a contractor accepts an allocation we share the contractor's name and contact telephone with the customer.
  • Amazon Web Services (AWS) — our hosting and storage provider. Personal data is held in AWS's eu-west-1 (London) region. AWS is bound by their Data Processing Addendum.
  • Email service (AWS SES) — for transactional and (with your consent) marketing emails.
  • HMRC and other regulators — when we are legally required to disclose data (e.g. for tax investigations, subject access requests, or law enforcement).

We never sell personal data and we do not transfer your data outside the UK or European Economic Area without an appropriate transfer mechanism (e.g. adequacy decision or Standard Contractual Clauses).

4. How long we keep it

  • Quotes, invoices and credit notes: 6 years after the end of the financial year in which they were issued (HMRC requirement).
  • Contractor records: for the duration of your engagement plus 6 years after termination.
  • Customer enquiry data: up to 24 months after last contact, unless you become a customer in which case the customer record applies.
  • Marketing consent records: for as long as you remain subscribed plus 12 months after withdrawal so we can demonstrate you opted out.
  • Audit logs: 12 months for security and abuse investigation.

5. Your rights

Under UK GDPR you have the right to:

  • Request a copy of the personal data we hold about you (a Subject Access Request)
  • Have inaccurate data corrected
  • Have your data deleted, where there is no legitimate reason to keep it
  • Restrict or object to certain processing
  • Receive the data you have given us in a portable format
  • Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, email info@kirkgroup.uk. We will respond within one month. There is no fee unless your request is manifestly unfounded or excessive.

If you are unhappy with how we have handled your data you can complain to the Information Commissioner's Office (ico.org.uk) — though we hope you will contact us first so we can put things right.

6. Security

We protect personal data with industry-standard technical and organisational measures: TLS in transit, AES-256 at rest in S3, role-based access in the admin portal, audit logging on every privileged action, and time-limited URLs for any document downloads. We review these controls regularly.

7. Children

Our services are not directed at children under 18 and we do not knowingly collect personal data from them. If you believe a child has provided us with data, please contact us so we can delete it.

8. Changes to this notice

We may update this notice from time to time. The “last updated” date at the top of the page tells you when. Material changes will be highlighted on the home page or notified by email where appropriate.

This notice was prepared in good faith but is not legal advice. We recommend reviewing it with a qualified solicitor before relying on it for compliance certifications.

Contact us about this notice

Kirk Group Services Ltd
Suite 576, 37 Westminster Buildings, Theatre Square, Nottingham, NG1 6LG
info@kirkgroup.uk · 0800 464 3404

Privacy NoticeTerms of ServiceCookie Policy