Privacy Policy
(UK GDPR + Data Protection Act 2018 Compliant)
Effective date: [29 November 2025]
1. Data Controller & Contact Information
Controller: FolioBuild (foliobuild.co.uk)
Support / Data-protection contact: sup.foliobuild@gmail.com
If we appoint a Data Protection Officer (DPO) in future, their contact details will be included.
2. What Personal Data We Collect
We collect and process the following categories of personal data, when you use the Service:
- Identity & Contact Data: name, email address (or other contact details if provided).
- Uploaded Data (CVs, project files, etc.): any personal data included in those documents (education history, employment history, dates, addresses, skills, contact info — whatever the CV or project content contains).
- Technical & Usage Data: IP address, browser / device information, timestamps, usage logs, session data.
- Account Data: credentials, preferences, settings.
3. Purposes of Processing and Lawful Basis
| Purpose | Data categories used | Lawful basis (UK GDPR) |
|---|---|---|
| Provide the core service: account creation, storage, parsing and presentation of CVs/projects as a portfolio. | Identity, Contact, Uploaded Data, Account Data, Usage Data | Performance of a contract (you signed up for the service) |
| Communication (account updates, support, admin). | Contact Data, Account Data | Legitimate interest or contract performance |
| (Optional) Marketing / promotional communications (only if user explicitly opts-in). | Contact Data, Account Data | Consent |
| Data storage, security, compliance, audit logging. | Account Data, Usage Data | Legitimate interest / legal obligation |
We do not collect more personal data than is necessary (data minimisation).
4. Public Portfolios
If you choose to use the "Publish" feature, your portfolio and the personal data contained within it (e.g., name, experience, projects) will be made publicly accessible on the internet via a unique URL.
- Voluntary Action: Publishing is strictly voluntary and requires your explicit action (clicking "Publish"). By default, all portfolios are private.
- Public Access: Once published, this data is accessible to anyone with the link. Please be mindful of what you choose to share (e.g., avoid sharing home addresses or sensitive personal ID numbers).
- Right to Withdraw: You can "Unpublish" your portfolio at any time via your dashboard. This will immediately make the page private and inaccessible to the public.
5. Cookies & Similar Technologies
We may use cookies or similar technologies for:
- Essential functionality (session management, login)
- Non-essential purposes (analytics, tracking) only after obtaining explicit consent in compliance with UK regulations (UK GDPR + Privacy and Electronic Communications Regulations — PECR).
We will present a cookie-banner or consent mechanism on first visit (or before non-essential cookies are enabled).
6. Who We Share Data With / Third-Party Processors
We may share data (where needed) with:
- Hosting and storage providers (e.g. database, file storage)
- Payment providers (if we offer paid features in future)
- Any third-party integrations (e.g. analytics, email providers) — only with explicit consent/user control
We will only work with third-party data processors that meet UK GDPR requirements, and will have written processing agreements in place.
We do not sell or lease your personal data.
7. International Transfers
If we store or process data outside the UK / EEA, we will ensure appropriate safeguards (e.g. standard contractual clauses) are in place, and clearly inform you.
8. Data Retention and Deletion
- We retain your account data and uploaded content only as long as needed to provide the Service or until you request deletion.
- You have the right to request deletion or export of your data at any time by contacting sup.foliobuild@gmail.com.
- On deletion request or account termination, we will delete or irreversibly anonymise personal data, unless we are legally required to retain it (e.g. for compliance, accounting, dispute resolution).
9. Your Rights (as Data Subject under UK GDPR)
You have the right to:
- Access your personal data (what we hold)
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict or object to processing (where lawful basis allows)
- Request data portability
- Withdraw consent (if processing based on consent)
- Lodge a complaint with a supervisory authority (e.g. ICO) if you believe your data is mis-used
We will respond to requests free of charge and in a timely manner.
10. Data Security & Accountability
We implement appropriate technical and organisational measures (encryption, access controls, backups, secure storage) to protect personal data against unauthorised access, loss, alteration or disclosure. We maintain records of processing activities, and are prepared to demonstrate compliance with UK GDPR principles of lawfulness, fairness, transparency, storage limitation, data minimisation, integrity and confidentiality.
If we use sub-processors, we will ensure they are bound by written agreements enforcing GDPR-level protections.
11. Automated Processing / Profiling / AI Use
If we use automated processing (e.g. parsing your CVs to extract data, build portfolio automatically), we will not use it to make decisions with legal or similarly significant effects without your explicit consent.
We will explain what data is extracted, how it is used, and for what purpose — transparently.
12. Changes to this Policy
We may update this Privacy Policy from time to time (e.g. when we change how we process data, add new features, or change storage providers). We will publish the updated version on our website, with a new “Last updated” date. If changes are material, we will notify users (e.g. via email).
13. Contact & Complaints
If you have any questions, wish to exercise your data rights, or wish to lodge a complaint, contact us at:
Email: sup.foliobuild@gmail.com
You can also lodge a complaint with the UK supervisory authority (the ICO) if you believe your rights under UK GDPR have been breached.