PRIVACY POLICY

Nserv Ltd. (“we”, “us”, or “our”) is strongly committed to protecting personal data.  This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights.  It applies to personal data provided to us, both by individuals themselves or by others.  We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person. Nserv processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please refer to the sections below.

WHO WE ARE

Nserv Ltd. is a Facilities Management company, based in Essex, England, at the following address:

Registered Company Name:
Nserv Limited

Registered Company Number:
XXXXXXXXX

Registered Office Address:
Design House
Stanhope Industrial Estate
Wharf Road
Stanford-le-Hope
Essex
SS17 0EH

THE INFORMATION WE COLLECT

The information we collect when undertaking FM activities, some of which is personally identifiable, is identified below:

  • Client site / building location; including opening hours, and other essential key facts about the building;
  • Date of job/task; log date, and any status update date/times;
  • Details of the job/task, e.g. engineering discipline, type of problem, asset identification and categorisations such as H&S. Any images or relevant documentation are also stored against the job, e.g. ‘photo of problem’, or 3PPrdPP party notices/audits, or similar materials;
  • Name of the person raising the job/task; name and contact details (either email of phone number, whichever is shared at the time);
  • Escalation contact details e.g. Regional Managers, including escalation levels/triggers;
  • Asset information; key data about critical assets, such as location, warranty dates, accessibility, images of state of asset before/after;
  • Event history for the task, including any Nserv-Client-Supplier event note communications which may contain names of Nserv employees, or the person who logged the job, or the engineer or administrator responding to an event note query;
  • Company allocated to the job/task; one of ‘tier’ of supply chain partner companies, or an approved sub-contractor
  • Details of engineer allocated to or performing the task; name and contact details, plus photo for site security/identification, irrespective of whether they are an Nserv engineer, or one of our sub-contractors;
  • Engineer check-in/check-out of site location details; geolocation information is captured whilst the Engineer App is running;
  • Financial details of the task, and/or uplifts, and/or quotes;
  • Quotations; details of quote offers and acceptances, and any associated benchmarking checks;
  • Compliance certificates for buildings and key assets;
  • Invoices and certificates for billing purposes, and the necessary details for payment of those (which may include bank details of payees, and company or individual names, especially in the case of single-handed suppliers);
  • Reporting and analysis; aggregations and collation of statistics for performance management, across all parts of the system;
  • Sub-contractor/supplier details, for purposes of formal registration with Nserv (which includes verification of insurances, certifications etc);
  • Skills and expertise of Engineers, including certifications, for the purposes of correct job allocation and compliance with best practice and regulatory requirements;
  • Correspondence between Nserv, Clients, suppliers and others in relation to the facilities management works, contracts, invoices or similar matters;
  • We collect general information about the types of web-browser, IP addresses and operating systems using cookies and/or web-statistics to help us better understand how people are using our systems. Cookies are also used in managing user sessions when logged on to Cloudfm systems;
  • For security purposes our buildings have CCTV installed which records images of anyone entering our premises.
  • We keep telephone call recordings and call logs for anyone that telephones our Helpdesk.

All of the above information is held securely, and information is only used in the context of the specific processing purpose, and by individuals with the relevant rights of access to that information, for example payment/bank information is limited to finance department colleagues, whereas engineer / task information is limited to our help desk and client-support teams. We will not transfer your data outside of the EEA.

LAWFUL BASIS FOR DATA PROCESSING

In compliance with the GDPR legislation we have a lawful and legitimate interest in collecting and processing information which allows us to:

  1. provide efficient and effective Facilities Management (FM) services for our clients
  2. improve the quality of our work, and the performance of our staff, and of contractors / suppliers / partners who work on our behalf
  3. keep relevant records of our activities, as is necessary for fulfilling our contractual and other legal obligations, for example to regulatory bodies

 

We recognise that the correct and lawful treatment of personal data will maintain confidence in our organisation and will provide for successful business operations.  To that extent whenever we process personal data we will do so in reliance of one of the lawful basis:

  • Contractual obligations – we need to collect personal data to fulfil our obligation under our contracts with clients to provide facilities management services.
  • Legitimate interest – in specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedoms or interests.
  • Consent – in specific situations, we can collect and process your data with your consent.
  • Legal Compliance – if the law requires us to, we may need to collect and process your data e.g. for the prevention of fraud or criminal activities.

 

WHO DO WE SHARE INFORMATION WITH?

Many of our services are provided by our sub-contractors/suppliers on our behalf, and we therefore need to share information such as that identified above with them.  This ensures that they can perform facilities management services effectively.

We limit the amount of information to only that necessary for the performance of the specific service, and they are only allowed to use the data in the context of performing services for Nserv and its clients. Suppliers are all contractually bound to terms no less stringent than our own terms, which includes storing, processing and managing personal data in compliance with the regulations.

We do not use the information that you have shared with us in the course of delivering facilities management services for marketing purposes.  Neither do we share it with any third parties engaged in marketing or related activities. Where we do undertake any marketing activities, then information is sourced specifically for that purpose either directly from individuals with their explicit consent, or from third party agencies or providers that can demonstrate that consent has been given for that purpose.

 

HOW LONG DO WE KEEP INFORMATION?

By law we are required to keep certain information for a minimum of 7 years, for example company details, invoices, tax records etc. Our standard retention period for all other non-statutory information, such as facilities management service records, attendance information etc is also 7 years, after which time it may either be archived or destroyed (depending upon client preference).

 

IF YOU WISH TO EXERCISE YOUR RIGHTS

If you wish to exercise any of the rights under the terms of GDPR, as set out in the sections above, then please write or email, stating clearly which right(s) you wish to exercise:

Data Protection Officer
Nserv Limited
Design House
Stanhope Industrial Estate
Wharf Road
Stanford-le-Hope
Essex
SS17 0EH

[email protected]

We will acknowledge your letter / email and will respond to the request within the required statutory period.

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113, or by going online at www.ico.org.uk/concerns

 

PRIVACY POLICY REVIEW

This Nserv Privacy Policy will be reviewed and amended if applicable from time to time to take into account new laws, technology, changes to our operations and practices. Any information we hold will be governed by the most recent version of the policy on our website.