​

1. Introduction

Pareto Facilities Management Ltd (“Pareto”, “we”, “us” or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share and protect personal data when you interact with us, including as a website user, client, supplier, contractor, visitor or other business contact.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Pareto Facilities Management Ltd is the data controller for the purposes of data protection law.

1. IMPORTANT INFORMATION AND WHO WE ARE
 

2. What Personal Data We Collect

We may collect and process the following categories of personal data:
       A. Identity and contact data

• Name, job title and employer

• Postal address, email address and telephone number
  B. Business and contractual data

• Contractual information

• Records of communications and meetings

• Service delivery and supplier information
  C. Website and technical data

• IP address

• Browser type and version

• Device information

• Usage data and cookies
  D. Financial data

• Bank account and payment details

• Invoices and transaction records
  E. CCTV and security data

• CCTV footage at our offices or managed sites, where signage is displayed
  F.  Special category data (where applicable)

• Health and safety incident information

• Accident reports

• Equality and diversity data

• Special category data is processed only where lawful, necessary and subject to appropriate safeguards.

​

3. How We Collect Personal Data

We collect personal data:- Directly from you when you contact us or use our services- From your employer or organisation- From suppliers, subcontractors and business partners- From publicly available sources (e.g. Companies House, professional networking sites)- Through cookies, CCTV systems and other automated technologies

​

4. How We Use Your Personal Data

We use personal data to:- Provide and manage our facilities management services- Enter into and perform contracts- Manage supplier and client relationships- Communicate with you- Process payments and manage accounts- Ensure site safety and security- Manage complaints, incidents and insurance claims- Improve our website and services- Comply with legal and regulatory obligations

​

5. Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:- Contractual necessity – to perform a contract or take steps prior to entering a contract- Legal obligation – to comply with applicable laws and regulations- Legitimate interests – to operate and improve our business (where your rights are not overridden)- Consent – where required, and you may withdraw consent at any time

Special category data is processed in accordance with Article 9 UK GDPR and relevant legislation.

​

6. Data Sharing

We may share personal data with:- Employees and managers within Pareto- Clients, suppliers and subcontractors where necessary- Professional advisers (legal, financial, HR and insurance)
- IT and cloud service providers- Regulators, law enforcement agencies or public authorities where required by law

All third parties are required to process personal data securely and lawfully.

​

7. International Data Transfers

Where personal data is transferred outside the UK, appropriate safeguards will be implemented, such as adequacy regulations or approved contractual clauses.

​

8. Data Security

We have appropriate technical and organisational security measures in place to protect personal data against loss, misuse, unauthorised access, alteration or disclosure. Access to personal data is limited to those who have a legitimate business need.

​

9. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, including legal, regulatory, contractual and insurance requirements.

​

10. Your Data Protection Rights

You have the right to:- Request access to your personal data- Request rectification of inaccurate or incomplete data- Request erasure of personal data (in certain circumstances)- Request restriction of processing- Object to processing based on legitimate interests- Request data portability- Withdraw consent at any time, where consent is the lawful basis

​

11. How to Exercise Your Rights

To exercise your rights or raise any questions about this Privacy Policy, please contact: Tina Swan

Group Head of People

Email: tina.swan@sowga.co.uk

​

12. Complaints

If you are unhappy with how we handle your personal data, we encourage you to contact us first so we can resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk Telephone: 0303 123 1113

 

13. Updates to This Policy

This Privacy Policy may be updated from time to time. The most recent version will always be available on this website.

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

 

 

​

​