Privacy Policy

Cloudfm Group Ltd. (“CFM”, “we”, “us”, or “our”) is strongly committed to protecting personal data.  This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights.  It applies to personal data provided to us, both by individuals themselves or by others.  We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person.  CFM processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please refer to the sections below.

Who Are We?

Cloudfm Group Ltd. is a Facilities Management company, headquartered in Colchester, England, at the following address:

Registered Company Name Cloudfm Group Limited
Registered Company Number 09095504
Registered Office Address Cloudfm House, 3 Charter Court, Newcomen Way, Colchester, Essex, CO4 9YA

Within the Cloudfm Group there are a number of subsidiary companies which collectively work together to deliver the FM services to clients:  Cloudfm Integrated Services Ltd. (07308274), Cloudfm Shared Services Ltd. (08189233), Cloudfm Europe Ltd. (617723).

Services We Provide and the Information We Collect

Cloudfm Group provides Facilities Management services to clients across the UK, and Europe comprising:

  • Reactive building and equipment maintenance
  • Planned and preventative maintenance
  • Property repairs, and general construction services
  • Equipment purchasing, replacement and fitment
  • Statutory compliance auditing, review and rectification
  • Consulting and technical advisory services

In undertaking these services, we need to collect information in order to fulfil our legal and contractual obligations.  But only where we have a legitimate reason to do so; we limit the amount of information to that which is necessary to perform our services effectively, and we only keep it as long is required for the completion of our duties or as a legal requirement.

The information we collect when undertaking FM activities, some of which is personally identifiable, is identified below:

  • Client site / building location; including opening hours, and other essential key facts about the building;
  • Date of job/task; log date, and any status update date/times;
  • Details of the job/task, e.g. engineering discipline, type of problem, asset identification and categorisations such as H&S. Any images or relevant documentation are also stored against the job, e.g. ‘photo of problem’, or 3PPrdPPparty notices/audits, or similar materials;
  • Name of the person raising the job/task; name and contact details (either email of phone number, whichever is shared at the time);
  • Escalation contact details e.g. Regional Managers, including escalation levels/triggers;
  • Asset information; key data about critical assets, such as location, warranty dates, accessibility, images of state of asset before/after;
  • Event history for the task, including any Cloudfm-Client-Supplier event note communications which may contain names of Cloudfm employees, or the person who logged the job, or the engineer or administrator responding to an event note query;
  • Company allocated to the job/task; one of ‘tier’ of supply chain partner companies, or an approved sub-contractor
  • Details of engineer allocated to or performing the task; name and contact details, plus photo for site security/identification, irrespective of whether they are a Cloudfm engineer, or one of our sub-contractors;
  • Engineer check-in/check-out of site location details; geolocation information is captured whilst the Engineer App is running;
  • Financial details of the task, and/or uplifts, and/or quotes;
  • Quotations; details of quote offers and acceptances, and any associated benchmarking checks;
  • Compliance certificates for buildings and key assets;
  • Invoices and certificates for billing purposes, and the necessary details for payment of those (which may include bank details of payees, and company or individual names, especially in the case of single-handed suppliers);
  • Reporting and analysis; aggregations and collation of statistics for performance management, across all parts of the system;
  • Sub-contractor/supplier details, for purposes of formal registration with Cloudfm (which includes verification of insurances, certifications etc);
  • Skills and expertise of Engineers, including certifications, for the purposes of correct job allocation and compliance with best practice and regulatory requirements;
  • Correspondence between Cloudfm, Clients, suppliers and others in relation to the facilities management works, contracts, invoices or similar matters;
  • We collect general information about the types of web-browser, IP addresses and operating systems using cookies and/or web-statistics to help us better understand how people are using our systems. Cookies are also used in managing user sessions when logged on to Cloudfm systems;
  • For security purposes our buildings have CCTV installed which records images of anyone entering our premises.
  • We keep telephone call recordings and call logs for anyone that telephones our Helpdesk.

All of the above information is held securely, and information is only used in the context of the specific processing purpose, and by individuals with the relevant rights of access to that information, for example payment/bank information is limited to finance department colleagues, whereas engineer / task information is limited to our help desk and client-support teams. We will not transfer your data outside of the EEA.

Lawful basis for Data Processing

In compliance with the GDPR legislation we have a lawful and legitimate interest in collecting and processing information which allows us to:

  1. provide efficient and effective Facilities Management (FM) services for our clients
  2. improve the quality of our work, and the performance of our staff, and of contractors / suppliers / partners who work on our behalf
  3. keep relevant records of our activities, as is necessary for fulfilling our contractual and other legal obligations, for example to regulatory bodies

We recognise that the correct and lawful treatment of personal data will maintain confidence in our organisation and will provide for successful business operations.  To that extent whenever we process personal data we will do so in reliance of one of the lawful basis:

  • Contractual obligations – we need to collect personal data to fulfil our obligation under our contracts with clients to provide facilities management services.
  • Legitimate interest – in specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedoms or interests.
  • Consent – in specific situations, we can collect and process your data with your consent.
  • Legal Compliance – if the law requires us to, we may need to collect and process your data e.g. for the prevention of fraud or criminal activities.

Who Do We Share Information With?

Many of our services are provided by our sub-contractors/suppliers on our behalf, and we therefore need to share information such as that identified above with them.  This ensures that they can perform facilities management services effectively. We limit the amount of information to only that necessary for the performance of the specific service, and they are only allowed to use the data in the context of performing services for Cloudfm and its clients. Suppliers are all contractually bound to terms no less stringent than our own terms, which includes storing, processing and managing personal data in compliance with the regulations.

We do not use the information that you have shared with us in the course of delivering facilities management services for marketing purposes.  Neither do we share it with any third parties engaged in marketing or related activities. Where we do undertake any marketing activities, then information is sourced specifically for that purpose either directly from individuals with their explicit consent, or from third party agencies or providers that can demonstrate that consent has been given for that purpose.

How Long do We Keep Information?

By law we are required to keep certain information for a minimum of 7 years, for example company details, invoices, tax records etc. Our standard retention period for all other non-statutory information, such as facilities management service records, attendance information etc is also 7 years, after which time it may either be archived or destroyed (depending upon client preference).

Rights You Have in Relation to the Data We Hold?

Rights What does this mean?
1.      The right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.


2.      The right of access You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so that you are aware and can check that we’re using your information in accordance with data protection law.


3.       The right to rectification You are entitled to have your information corrected if its inaccurate or incomplete.


4.      The right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are legal exceptions to this rule.


5.       The right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.


6.       The right to data portability You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.


7.      The right to object to processing You have the right to object to certain types of processing including processing for direct marketing or, if you no longer want to be contacted about potential opportunities.


8.       The right to lodge a complaint You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.


9.       The right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is deemed unlawful).



If You Wish to Exercise Your Rights

If you wish to exercise any of the rights under the terms of GDPR, as set out in the sections above, then please write or email, stating clearly which right(s) you wish to exercise:

Data Protection Officer

Cloudfm Group Limited

Cloudfm House

3 Charter Court

Newcomen Way




We will acknowledge your letter / email and will respond to the request within the required statutory period.

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113, or by going online at

Policy Review / Update

This Cloudfm Privacy Policy will be reviewed and amended if applicable from time to time to take into account new laws, technology, changes to our operations and practices.  Any information we hold will be governed by the most recent version of the policy on our website.