Cloudfm Group Ltd. (“CFM”, “we”, “us”, or “our”) is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. CFM processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please refer to the sections below.
Who Are We?
Cloudfm Group Ltd. is a Facilities Management company, headquartered in Colchester, England, at the following address:
|Registered Company Name||Cloudfm Group Limited|
|Registered Company Number||09095504|
|Registered Office Address||Cloudfm House, 3 Charter Court, Newcomen Way, Colchester, Essex, CO4 9YA|
Within the Cloudfm Group there are a number of subsidiary companies which collectively work together to deliver the FM services to clients: Cloudfm Integrated Services Ltd. (07308274), Cloudfm Shared Services Ltd. (08189233), Cloudfm Europe Ltd. (617723).
Services We Provide and the Information We Collect
Cloudfm Group provides Facilities Management services to clients across the UK, and Europe comprising:
- Reactive building and equipment maintenance
- Planned and preventative maintenance
- Property repairs, and general construction services
- Equipment purchasing, replacement and fitment
- Statutory compliance auditing, review and rectification
- Consulting and technical advisory services
In undertaking these services, we need to collect information in order to fulfil our legal and contractual obligations. But only where we have a legitimate reason to do so; we limit the amount of information to that which is necessary to perform our services effectively, and we only keep it as long is required for the completion of our duties or as a legal requirement.
The information we collect when undertaking FM activities, some of which is personally identifiable, is identified below:
- Client site / building location; including opening hours, and other essential key facts about the building;
- Date of job/task; log date, and any status update date/times;
- Details of the job/task, e.g. engineering discipline, type of problem, asset identification and categorisations such as H&S. Any images or relevant documentation are also stored against the job, e.g. ‘photo of problem’, or 3PPrdPP party notices/audits, or similar materials;
- Name of the person raising the job/task; name and contact details (either email of phone number, whichever is shared at the time);
- Escalation contact details e.g. Regional Managers, including escalation levels/triggers;
- Asset information; key data about critical assets, such as location, warranty dates, accessibility, images of state of asset before/after;
- Event history for the task, including any Cloudfm-Client-Supplier event note communications which may contain names of Cloudfm employees, or the person who logged the job, or the engineer or administrator responding to an event note query;
- Company allocated to the job/task; one of ‘tier’ of supply chain partner companies, or an approved sub-contractor
- Details of engineer allocated to or performing the task; name and contact details, plus photo for site security/identification, irrespective of whether they are a Cloudfm engineer, or one of our sub-contractors;
- Engineer check-in/check-out of site location details; geolocation information is captured whilst the Engineer App is running;
- Financial details of the task, and/or uplifts, and/or quotes;
- Quotations; details of quote offers and acceptances, and any associated benchmarking checks;
- Compliance certificates for buildings and key assets;
- Invoices and certificates for billing purposes, and the necessary details for payment of those (which may include bank details of payees, and company or individual names, especially in the case of single-handed suppliers);
- Reporting and analysis; aggregations and collation of statistics for performance management, across all parts of the system;
- Sub-contractor/supplier details, for purposes of formal registration with Cloudfm (which includes verification of insurances, certifications etc);
- Skills and expertise of Engineers, including certifications, for the purposes of correct job allocation and compliance with best practice and regulatory requirements;
- Correspondence between Cloudfm, Clients, suppliers and others in relation to the facilities management works, contracts, invoices or similar matters;
- We collect general information about the types of web-browser, IP addresses and operating systems using cookies and/or web-statistics to help us better understand how people are using our systems. Cookies are also used in managing user sessions when logged on to Cloudfm systems;
- For security purposes our buildings have CCTV installed which records images of anyone entering our premises.
- We keep telephone call recordings and call logs for anyone that telephones our Helpdesk.
All of the above information is held securely, and information is only used in the context of the specific processing purpose, and by individuals with the relevant rights of access to that information, for example payment/bank information is limited to finance department colleagues, whereas engineer / task information is limited to our help desk and client-support teams. We will not transfer your data outside of the EEA.
Lawful basis for Data Processing
In compliance with the GDPR legislation we have a lawful and legitimate interest in collecting and processing information which allows us to:
- provide efficient and effective Facilities Management (FM) services for our clients
- improve the quality of our work, and the performance of our staff, and of contractors / suppliers / partners who work on our behalf
- keep relevant records of our activities, as is necessary for fulfilling our contractual and other legal obligations, for example to regulatory bodies
We recognise that the correct and lawful treatment of personal data will maintain confidence in our organisation and will provide for successful business operations. To that extent whenever we process personal data we will do so in reliance of one of the lawful basis:
- Contractual obligations – we need to collect personal data to fulfil our obligation under our contracts with clients to provide facilities management services.
- Legitimate interest – in specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedoms or interests.
- Consent – in specific situations, we can collect and process your data with your consent.
- Legal Compliance – if the law requires us to, we may need to collect and process your data e.g. for the prevention of fraud or criminal activities.
Who Do We Share Information With?
Many of our services are provided by our sub-contractors/suppliers on our behalf, and we therefore need to share information such as that identified above with them. This ensures that they can perform facilities management services effectively. We limit the amount of information to only that necessary for the performance of the specific service, and they are only allowed to use the data in the context of performing services for Cloudfm and its clients. Suppliers are all contractually bound to terms no less stringent than our own terms, which includes storing, processing and managing personal data in compliance with the regulations.
We do not use the information that you have shared with us in the course of delivering facilities management services for marketing purposes. Neither do we share it with any third parties engaged in marketing or related activities. Where we do undertake any marketing activities, then information is sourced specifically for that purpose either directly from individuals with their explicit consent, or from third party agencies or providers that can demonstrate that consent has been given for that purpose.
How Long do We Keep Information?
By law we are required to keep certain information for a minimum of 7 years, for example company details, invoices, tax records etc. Our standard retention period for all other non-statutory information, such as facilities management service records, attendance information etc is also 7 years, after which time it may either be archived or destroyed (depending upon client preference).
Rights You Have in Relation to the Data We Hold?
If You Wish to Exercise Your Rights
If you wish to exercise any of the rights under the terms of GDPR, as set out in the sections above, then please write or email, stating clearly which right(s) you wish to exercise:
Data Protection Officer
Cloudfm Group Limited
3 Charter Court
We will acknowledge your letter / email and will respond to the request within the required statutory period.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113, or by going online at www.ico.org.uk/concerns
Policy Review / Update