We design and operate our services in line with the UK GDPR, the Data Protection Act 2018, and other relevant UK data laws.
Our platform architecture helps Principal Contractors meet their obligations as controllers under data protection law.
We continually review and improve our technical and organisational measures as legislation, security practice and industry standards evolve.
All MSite data is hosted in secure, backed-up UK cloud environments with multiple layers of protection and disaster recovery in place.
Hosting is within ISO 27001 and ISO 9001 certified data centres, ensuring compliance with UK government and industry requirements.
Within your organisation, MSite sets least-privilege access controls so teams can only view the information they need. For example, a supervisor may only see their team’s data, while a project manager can view aggregated site-wide information.
This protects personal data and supports accountability under the UK GDPR.
MSite collects only the minimum personal data required for identity verification, access control, and workforce compliance.
Our system architecture and processing activities follow the privacy-by-design principles outlined in the UK GDPR.
MSite maintains robust, documented controls aligned with ISO 27001, helping us manage information security in a consistent, auditable, and reliable manner.
We operate a continuous improvement cycle for risk management, access control, and security awareness across our business.
Our ISO 9001 certification demonstrates MSite’s commitment to service excellence and continuous improvement in delivering secure, high-quality products and support to the UK construction industry.
Biometric information such as facial recognition or fingerprints is classed as special category data under UK GDPR.
Its use is permitted under specific lawful conditions, and MSite applies strict measures to ensure full compliance on behalf of our customers.
Through the MSite Workforce App, workers can link their profile to their phone’s biometric (for example, Apple Face ID) and use Bluetooth to verify their identity on site in a contactless, GDPR-compliant way.
No biometric data is stored on the device or transferred outside the UK.
Alternative access methods are always available for workers who prefer not to use biometrics.
Principal Contractor (Controller): Decides why and how personal data is processed and provides privacy notices to workers explaining data use, lawful basis and rights.
MSite (Processor): Processes personal data only under the controller’s documented instructions, following a signed Data Protection Agreement with appropriate technical and organisational safeguards.
Workers: Should contact their Principal Contractor first for rights requests (e.g. access, rectification, deletion, or objection). The Principal Contractor manages these requests and coordinates with MSite as required.
For privacy queries, contact: dpo@msite.com or write to:
Infobric Limited t/a MSite, The Bunker, 25 Innovation Boulevard, Liverpool, Merseyside, England, L7 9PW.
No. The MSite Workforce App does not store biometric or personal data on your device.
It simply uses your phone’s native biometric function (such as Apple Face ID) to confirm identity and connect securely to MSite’s UK-hosted servers.
No biometric information leaves your device or is accessed by MSite.
In MSite’s construction workforce management system, the Principal Contractor acts as the data controller, deciding how and why data is processed.
MSite acts as the data processor, carrying out processing only under the controller’s written instructions.
This structure ensures full accountability under the UK GDPR and the Data Protection Act 2018.
MSite applies end-to-end encryption, UK-based hosting, and ISO 27001-certified information security controls.
All biometric and personal data is stored in secure environments, access is role-based, and our processing agreements align with UK GDPR and industry best practice.
Data retention periods are set by the Principal Contractor (controller).
MSite provides configurable retention settings and automated deletion routines, supporting each contractor’s policies and GDPR obligations.
Contractors should clearly state:
Guidance for construction controllers is available on the ICO’s website.
Yes. MSite’s reporting tools help evidence compliance with health and safety law, Right to Work checks, working time regulations, and Building Safety Act requirements.
Contractors can use MSite data to demonstrate adherence to framework or client standards.
MSite provides documentation and system detail on request to help Principal Contractors complete Data Protection Impact Assessments (DPIAs).
While contractors remain responsible for conducting DPIAs, MSite supplies information on processing activities, risks, and mitigations to support the process.
All MSite data is hosted in secure UK cloud environments with daily backups, disaster recovery, and 24/7 monitoring.
MSite provides a complete audit trail of workforce credentials, attendance, and access events.
This helps contractors demonstrate compliance with the Building Safety Act and maintain a reliable record for Golden Thread documentation.
