Privacy policy


VM Building Solutions (the Company) is committed to protecting the privacy of your personal information. For the purpose of applicable data protection law, including the Data Protection Act 1998 and, from its entry into force on 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) (together, DP Law), the Company is the data controller. Our Privacy Notice explains what we do with any personal information which we collect from you, including when you use our website and when you interact with us in other ways offline, for example if requesting samples, literature etc. If you have any questions regarding our Privacy Notice, please contact us. This Privacy Notice explains how we collect and use personal information about you when you visit our website and when you contact us by e-mail, post, fax or telephone.


Information collected

The personal information we collect from you with the forms are restricted in order to be able to answer your questions and they are also used to send you technical updates, product updates and industry events. Personal information can include the following:

-      your title, forename and surname.

-      your work-related e-mail address (for some people, e.g. homeowners, self-builders etc., this may be a home email address – should you wish to submit this)

-      your profession

-      your contact and marketing preferences

-      Other than the information listed above, we hold no other personal information.

The company does not share your personal information with any other external third parties.

Personal data collected for subscription to the newsletter and emailings are treated according to secured protocols and allow VM Building Solutions to manage the demands received in software applications.


Use of the collected information

Having downloaded and/or requested technical information, technical drawings, literature, samples etc. we use your personal data to update you on technical information, products, literature and case studies when applicable. We also occasionally hold regional architectural events or training events which you may wish to attend. Your email addresses are used to invite you to such events.

By filling in the forms provided (request to be contacted or for documentation), you acknowledge and agree to the collection of information about you. Likewise, by having access to our Internet site, you acknowledge and agree to the collection of IT information about you. This information is gathered so that we can to get to know you better and provide you with personalised answers.

You are able at any time not to receive any longer our information by exercising your rights of unsubscribing on the occasion of a sending or by contacting us : We also use the information to establish statistics on visits to our site in order to improve its content according to your profile.

The personal information we hold may be transferred abroad internally (within The Company), purely for the purposes of utilising group database management tools. For example, product updates or invites to architectural events are delivered through a platform based in France. This is the only reason such data would be transferred and would always remain within The Company.

The company would not use your personal data to send Newsletters, Literature or any other marketing information by post (unless specifically requested to do so). Neither would we use your personal data to run telephone marketing campaigns. Any telephone contact would be specific to a project, technical enquiry, CPD Seminar or technical or product update. We would primarily contact you by email. If you prefer no future contact from The Company, you can UNSUBSCRIBE, here or on our website,

Retention period

Data related to forms carried out on our site will be kept for maximum 24 months unless commercial relation begins between you and the company VM Building Solutions or you decide to exercise your rights of unsubscribing.

Your rights

It is your right under GDPR to complain to such authority should you feel The Company is processing your personal data in any way other than those listed above, or changes it’s GDPR policies without informing you.

1.The right to be informed

  • Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
  • The Company must provide individuals with information including: your purposes for processing their personal data, your s for that personal data, and who it will be shared with. This is known as ‘privacy information’.
  • The Company must provide privacy information to individuals at the time you collect their personal data from them.
  • If The Company were to obtain personal data from other sources, they must provide individuals with privacy information within a reasonable period of obtaining the data and no later than one month.
  • The information the company provides to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language.
  • Any company must regularly review, and where necessary, update your privacy information. They must bring any new uses of an individual’s personal data to their attention before they start the processing.


2.The right of access

  • Individuals have the right to access their personal data (commonly referred to as subject access).
  • Individuals can make a subject access request verbally or in writing.
  • Companies have one month to respond to a request
  • Companies cannot charge a fee to deal with a request in most circumstances.


3.The right to rectification

  • The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
  • An individual can make a request for rectification verbally or in writing.
  • The Company has one calendar month to respond to a request


4.The right to erasure

  • The GDPR introduces a right for individuals to have personal data erased
  • The right to erasure is also known as ‘the right to be forgotten’
  • Individuals can make a request for erasure verbally or in writing
  • The Company has one month to respond to a request
  • The right is not absolute and only applies in certain circumstances.
  • This right is not the only way in which the GDPR places an obligation on you to consider whether to delete personal data


5.The right to restrict processing

  • Individuals have the right to request the restriction or suppression of their personal data.
  • This is not an absolute right and only applies in certain circumstances.
  • When processing is restricted, you are permitted to store the personal data, but not use it
  • An individual can make a request for restriction verbally or in writing
  • You have one calendar month to respond to a request
  • This right has close links to the right to rectification (Article 16) and the right to object (Article 21).


6.The right to object

  • The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.
  • Individuals have an absolute right to stop their data being used for direct marketing.
  • In other cases where the right to object applies, The Company may be able to continue processing if it can show that it has a compelling reason for doing so.
  • The Company must tell individuals about their right to object.
  • An individual can make an objection verbally or in writing
  • The Company has one calendar month to respond to an objection


7.Rights in relation to automated decision making and profiling

The GDPR has provisions on

  • The GDPR has provisions on
  • automated individual decision-making (making a decision solely by automated means without any human involvement); and
  • profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process
  • The GDPR applies to all automated individual decision-making and profiling
  • Article 22 of the GDPR has additional rules to protect individuals if The Company are carrying out solely automated decision-making that has legal or similarly significant effects on them
  • The Company can only carry out this type of decision-making where the decision is
  • necessary for the entry into or performance of a contract; or
  • authorised by Union or Member state law applicable to the controller; or
  • based on the individual’s explicit consent.


You can request to access your personal data held by The Company, either via;

 The Company must provide this information within 1 month. 

Legal information