
Subcontractors
Start with the right workflow screen
Move the guide from reading into the Zektrx area that can carry the checklist, actions and evidence.
Put this into practice
Start by reading the gdpr guide against one real project or job.
Construction software often stores worker records, subcontractor documents, client evidence, photos, certificates and commercial information. This guide helps buyers think through GDPR and data handling questions before rollout.


Subcontractors
Checklist
Identify what personal data will be stored: workers, subcontractors, clients, contacts, certificates and site records.
Confirm whether your company acts as controller for workspace content and whether the vendor acts as processor.
Review privacy notices, DPA terms, sub-processors and international transfer expectations where relevant.
Set access permissions so users only see records needed for their role.
Plan retention rules for old jobs, leavers, expired certificates, archived documents and backup cycles.
Create a route for data subject requests, exports, corrections and deletion questions.
A practical GDPR guide for construction software buyers covering controller roles, processors, worker records, documents, retention, access and DPA review.
Construction software often stores worker records, subcontractor documents, client evidence, photos, certificates and commercial information. This guide helps buyers think through GDPR and data handling questions before rollout.
Identify what personal data will be stored: workers, subcontractors, clients, contacts, certificates and site records.
Confirm whether your company acts as controller for workspace content and whether the vendor acts as processor.
Review privacy notices, DPA terms, sub-processors and international transfer expectations where relevant.
Use live Zektrx screens to manage the checklist, review tasks and supporting evidence.
Subcontractors
Start by reading the gdpr guide against one real project or job.
Documents
Identify what personal data will be stored: workers, subcontractors, clients, contacts, certificates and site records.
Reports
Privacy

Subcontractors
Move the guide from reading into the Zektrx area that can carry the checklist, actions and evidence.
Put this into practice
Start by reading the gdpr guide against one real project or job.

Documents
Keep current versions, review points, approvals and related proof attached to the same process.
Put this into practice
Identify what personal data will be stored: workers, subcontractors, clients, contacts, certificates and site records.

Reports
Use reporting and audit views to turn completed work into a cleaner management or client pack.
Put this into practice
Privacy
See the relevant Zektrx product area, the checks to complete and the practical steps for applying this guidance across your team.
Product area
Zektrx subcontractor onboarding preview
Checklist
Identify what personal data will be stored: workers, subcontractors, clients, contacts, certificates and site records.
Implementation
Start by reading the gdpr guide against one real project or job.
Related resources
Privacy / Data Processing Addendum
Connect written guidance with site activity, team briefings and the evidence records that show how the work was controlled.

Plan the work
Use each guide to decide the owners, records and review points before work starts.
Recommended check
Identify what personal data will be stored: workers, subcontractors, clients, contacts, certificates and site records.

Brief the team
Turn guidance into toolbox talks, instructions and visible actions for the people doing the work.
Recommended check
Confirm whether your company acts as controller for workspace content and whether the vendor acts as processor.

Keep proof
Connect checks, photos, sign-offs and follow-up tasks to the same operating record.
Recommended check
Review privacy notices, DPA terms, sub-processors and international transfer expectations where relevant.
For contractors, GDPR risk often comes from uncontrolled folders, old spreadsheets, over-shared documents and unclear retention. Structured software should help limit access and make records easier to manage.
A data processing addendum should explain the vendor relationship, processing purpose, confidentiality expectations, sub-processors and security commitments in a way procurement can review.
Before bringing worker, subcontractor and client files into any system, decide which roles need each record type. Permissions, project access and archived job rules should be clear before live rollout.
Construction records often need different retention approaches depending on whether they are live job records, expired certificates, support tickets or archived evidence. Buyers should document the intended process and review it with their own advisers.
Zektrx helps turn repeated checks into owned actions, linked evidence and clear reporting.
Start by reading the gdpr guide against one real project or job.
Check whether your current process covers: Identify what personal data will be stored: workers, subcontractors, clients, contacts, certificates and site records.
Check whether your current process covers: Confirm whether your company acts as controller for workspace content and whether the vendor acts as processor.
Check whether your current process covers: Review privacy notices, DPA terms, sub-processors and international transfer expectations where relevant.
Decide which items should become live actions, approvals, signatures, evidence links or reports.
Evidence question 1
Who owns this record when it is created?
Evidence question 2
What proves the latest version was reviewed or approved?
Evidence question 3
Where are photos, signatures, comments and close-out evidence stored?
Evidence question 4
Can the record be exported for a client, auditor or principal contractor without rebuilding it?
See how resources become live compliance, site, document and reporting workflows.
Explore the operating system for trade businesses managing jobs, evidence and admin.
Move from templates and checklists into controlled RAMS creation, issue and signing.
Often yes. Worker records, subcontractor contacts, training certificates, site evidence, signatures and support records may include personal data.
In many SaaS setups, the customer is controller for workspace content and the vendor acts as processor. Buyers should review the DPA and their own legal obligations.
Yes. Zektrx publishes privacy and DPA information and can support procurement questions about data handling, access control and security.