Privacy Policy

Last updated: 15 January 2026

1. Introduction

Vynorel PLC ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our construction collaboration software and visit our website at vynorel.com.

2. Data Controller Information

Vynorel PLC is the data controller responsible for your personal data. We are a company incorporated in England and Wales with registration number 45078521. Our registered address is 144 Queens Road, Cardiff, CF5M 5EA, Wales, United Kingdom.

3. Data We Collect

We collect various types of personal data to provide and improve our construction collaboration services. The data we collect includes:

  • Account Information: Name, email address, phone number, company name, job title, and billing information when you create an account
  • Usage Data: Information about how you use our software, including features accessed, time spent, and interaction patterns
  • Communication Data: Messages, files, and documents shared through our platform for project collaboration
  • Technical Data: IP address, browser type, device information, operating system, and access times
  • Marketing Data: Preferences for receiving marketing communications and information about your interests

4. How We Use Your Information

We use your personal data for various purposes based on legitimate business interests, contractual necessity, and your consent. How we use your information includes:

  • Providing and maintaining our construction collaboration software services
  • Processing payments and managing your account
  • Communicating with you about service updates, support, and account matters
  • Improving our software features and user experience
  • Ensuring security and preventing fraud or unauthorised access
  • Complying with legal obligations and regulatory requirements
  • Sending marketing communications (with your consent)

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: contractual necessity for service provision, legitimate interests for business operations and improvements, consent for marketing communications, and legal obligations for compliance requirements.

6. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our cookie usage, please refer to our Cookie Policy.

7. Data Sharing and Third Parties

We do not sell your personal data. We may share your information with trusted service providers who assist in delivering our services, including cloud hosting providers, payment processors, and analytics services. All third parties are contractually bound to protect your data and use it only for specified purposes.

8. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Account information is retained for the duration of your subscription plus seven years for financial records. Usage data is typically retained for two years for service improvement purposes. Communication data within projects is retained according to your account settings and project requirements.

9. Your Rights

Under GDPR and UK data protection law, you have several rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include encryption, secure data centres, access controls, and regular security assessments.

11. International Data Transfers

Your data is primarily processed within the UK and EU. If we transfer data outside these regions, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes through our website or by email. The current version will always be available on our website with the last updated date.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Privacy Officer

Email: [email protected]

Phone: +44 2926074156

Address: 144 Queens Road, Cardiff, CF5M 5EA, Wales, United Kingdom

14. Complaints

If you believe we have not handled your personal data in accordance with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters. You can contact the ICO through their website at ico.org.uk or by telephone on 0303 123 1113.