top of page
EBN_for_black_background_TRANS.png

0208 058 3551

Privacy Policy

EBN Facilities Management

Last Updated: 13 November 2025

1. Introduction

EBN Facilities Management ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website (www.ebn-fm.com) or engage with our services.

We are registered in England and Wales. Our registered office is at:

EBN Facilities Management
5 Warwick Terrace
London
SE18 1QJ
United Kingdom

Contact Details:
Email: info@ebn-fm.com
Phone: 0208 058 3551

For data protection queries, please contact:
Apar Gurung, Managing Director & Data Protection Officer
Email: apar.gurung@ebn-fm.com

This policy applies to all personal data we collect through our website, email communications, telephone calls, and in the course of providing our facilities management and cleaning services.

2. Information We Collect

2.1 Information You Provide to Us

We collect personal information that you voluntarily provide to us when you:

  • Request a quote or proposal (name, company name, email address, phone number, business address, site details)

  • Contact us via our contact form (name, email address, phone number, message content)

  • Subscribe to our newsletter or marketing communications (name, email address, company name)

  • Enter into a service contract with us (business contact details, site access information, billing information)

  • Provide feedback or make a complaint (name, contact details, feedback content)

  • Apply for employment with us (CV, contact details, employment history, references)

This information may include:

  • Full name

  • Job title

  • Company/organization name

  • Email address

  • Telephone number

  • Business address

  • Site/premises details

  • Billing and payment information

  • Communications and correspondence with us

2.2 Information We Collect Automatically

When you visit our website, we automatically collect certain information through cookies and similar technologies:

  • Technical information: IP address, browser type and version, operating system, device type

  • Usage data: Pages visited, time spent on pages, links clicked, referring website

  • Location data: General location based on IP address (city/region level only)

For more information about our use of cookies, please see our Cookie Policy.

2.3 Information We Receive from Third Parties

We may receive information about you from:

  • Credit reference agencies (for business credit checks when establishing commercial contracts)

  • Professional references (for employment applicants)

  • Subcontractors or suppliers (when coordinating services at client sites)

  • Publicly available sources (e.g., Companies House, LinkedIn for business development purposes)

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 To Provide Our Services

  • Processing and responding to quote requests and enquiries

  • Delivering cleaning and facilities management services

  • Managing service contracts and client relationships

  • Scheduling cleaning teams and managing site access

  • Conducting site assessments and quality audits

  • Communicating about service delivery, changes, or issues

Legal Basis: Contractual necessity and legitimate business interests

3.2 To Manage Our Business Operations

  • Processing invoices and payments

  • Managing accounts and credit control

  • Maintaining business records

  • Managing complaints and resolving disputes

  • Quality assurance and service improvement

  • Staff management and deployment

Legal Basis: Contractual necessity, legal obligations, and legitimate business interests

3.3 For Marketing and Business Development

  • Sending marketing communications about our services (with your consent)

  • Understanding client needs and preferences

  • Developing new services

  • Conducting market research and analysis

Legal Basis: Consent (for marketing emails) and legitimate business interests (for business development)

3.4 For Legal Compliance and Safety

  • Complying with health and safety regulations

  • Meeting insurance requirements

  • Complying with legal and regulatory obligations

  • Protecting against fraud and security threats

  • Defending legal claims

Legal Basis: Legal obligations and legitimate business interests

3.5 For Website and Technology Management

  • Administering and improving our website

  • Analyzing website usage and performance

  • Ensuring website security

  • Troubleshooting technical issues

Legal Basis: Legitimate business interests

4. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications)

  • Contract: When processing is necessary for a contract we have with you, or to take steps at your request before entering into a contract

  • Legal Obligation: When we need to process your data to comply with the law

  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided your interests and rights do not override those interests

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information with:

5.1 Service Providers

We may share your information with trusted third parties who provide services on our behalf:

  • IT and website hosting providers (for website maintenance and hosting)

  • Payment processors (for invoice processing and payment collection)

  • Accounting and bookkeeping services (for financial management)

  • Insurance providers (as required for policy purposes)

  • Professional advisors (solicitors, accountants, consultants)

  • Marketing platforms (email marketing services, CRM systems)

These service providers are contractually obligated to protect your data and only use it for the specific purposes we authorize.

5.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, including:

  • HM Revenue & Customs

  • Health and Safety Executive

  • Police or other law enforcement agencies

  • Courts and tribunals

  • Regulatory authorities

5.3 Business Transfers

If we sell, merge, or reorganize our business, your information may be transferred to the new owner or merged entity, who will continue to protect it under this Privacy Policy.

5.4 With Your Consent

We may share your information with other third parties when you have given us specific consent to do so.

6. International Transfers

We primarily operate within the United Kingdom, and your data is stored on servers located in the UK or European Economic Area (EEA).

If we need to transfer your data outside the UK/EEA, we will ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office

  • Transfers to countries with adequacy decisions

  • Other legally approved transfer mechanisms

We will inform you of any such transfers and the safeguards in place.

7. How Long We Keep Your Information

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal requirements.

Retention Periods:

Data TypeRetention PeriodReason

Quote/enquiry data (no contract)2 yearsBusiness development and records

Client contract dataDuration of contract + 6 yearsLegal obligations, contract law

Financial records (invoices, payments)6 yearsTax and accounting requirements

Health & safety records6 yearsLegal obligations

Employment applications (unsuccessful)6 monthsRecruitment records

Marketing consent dataUntil consent withdrawnOngoing marketing

Website analytics data26 monthsGoogle Analytics default

CCTV footage (if applicable)30 daysSecurity purposes

Complaint records6 yearsDispute resolution

After the retention period expires, we will securely delete or anonymize your personal data.

8. Your Rights

Under UK GDPR and Data Protection Act 2018, you have the following rights:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you (Subject Access Request).

8.2 Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

You can ask us to delete your personal data in certain circumstances, such as:

  • The data is no longer needed for its original purpose

  • You withdraw consent (where consent was the legal basis)

  • You object to processing and there are no overriding legitimate grounds

  • The data was unlawfully processed

8.4 Right to Restrict Processing

You can ask us to temporarily restrict processing of your data in certain circumstances.

8.5 Right to Data Portability

You can request your data in a commonly used, machine-readable format to transfer to another service provider.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

8.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects.

How to Exercise Your Rights

To exercise any of these rights, please contact us:

Email: info@ebn-fm.com or apar.gurung@ebn-fm.com
Phone: 0208 058 3551
Post: Apar Gurung, Data Protection Officer, EBN Facilities Management, 5 Warwick Terrace, London, SE18 1QJ

We will respond to your request within one month. In complex cases, we may extend this by up to two months and will notify you of the extension.

9. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, destruction, or alteration.

Security Measures Include:

  • Encryption: Data transmitted via our website is encrypted using SSL/TLS technology

  • Access controls: Restricted access to personal data on a need-to-know basis

  • Password protection: Strong password policies for all systems

  • Secure storage: Data stored on secure servers with regular backups

  • Staff training: All staff trained on data protection responsibilities

  • Regular reviews: Ongoing assessment and updating of security measures

  • Incident response: Procedures in place to respond to data breaches

While we take all reasonable steps to protect your data, no internet transmission is completely secure. You are responsible for keeping your passwords and login details confidential.

10. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  1. Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach (where required)

  2. Notify affected individuals without undue delay if the breach poses a high risk to their rights

  3. Provide information about the nature of the breach and steps being taken to address it

11. Children's Privacy

Our services are intended for businesses and individuals over 18 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

12. Third-Party Websites

Our website may contain links to third-party websites (e.g., social media platforms, supplier websites). We are not responsible for the privacy practices of these websites. Please review their privacy policies before providing any personal information.

13. Marketing Communications

How We Use Your Data for Marketing

With your consent, we may send you marketing communications about:

  • Our services and special offers

  • Industry news and insights

  • Client success stories and case studies

  • Company updates and announcements

Your Marketing Preferences

You can opt-out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email

  • Emailing us at info@ebn-fm.com with "Unsubscribe" in the subject line

  • Calling us on 0208 058 3551

  • Writing to us at our registered address

Please note that even if you opt-out of marketing, we may still need to send you service-related communications (e.g., about your existing contract, invoices, or important service updates).

14. Cookies and Tracking Technologies

We use cookies and similar technologies on our website. For detailed information about the cookies we use and how to manage them, please see our separate Cookie Policy.

In summary:

  • Essential cookies: Necessary for website functionality

  • Analytics cookies: Help us understand how visitors use our website (Google Analytics)

  • Marketing cookies: Used to deliver relevant advertising (if applicable)

You can control cookies through your browser settings.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this policy

  • Notify you via email (if we have your contact details)

  • Display a prominent notice on our website

We encourage you to review this policy periodically. Your continued use of our website or services after changes are made constitutes acceptance of the updated policy.

16. Complaints

If you have any concerns about how we handle your personal data, please contact us first so we can try to resolve the issue.

Contact:
Apar Gurung, Managing Director & Data Protection Officer
Email: apar.gurung@ebn-fm.com
Phone: 0208 058 3551

You also have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113
Website: www.ico.org.uk
Report a concern: https://ico.org.uk/make-a-complaint/

17. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

EBN Facilities Management
5 Warwick Terrace
London
SE18 1QJ

Data Protection Officer: Apar Gurung, Managing Director
Email: info@ebn-fm.com or apar.gurung@ebn-fm.com
Phone: 0208 058 3551
Website: www.ebn-fm.com

We aim to respond to all enquiries within 5 working days.

Driven by care, defined by quality.

© 2025 EBN Facilities Management. All rights reserved.

Document Control

Policy Owner: Apar Gurung, Managing Director
Version: 1.0
Last Updated: 13 November 2025
Next Review Date: 13 November 2026
Approved By: Apar Gurung, Managing Director

END OF PRIVACY POLICY

bottom of page