Integrated Facilities Management | Cleaning | Waste | Environmental ServicesProcurement-ready support for public and private sector clients

Privacy Policy

How Wolsey Facilities Group Ltd collects, uses, shares and protects personal information.

Last updated: 10 July 2026

1. Who we are

Wolsey Facilities Group Ltd (company number 17331823) is a company registered in England and Wales. Our registered office is 70 Fuller Way, Stowmarket, England, IP14 1XJ.

For the activities covered by this policy, Wolsey Facilities Group Ltd is normally the controller of your personal information. This means we decide why and how that information is used.

For privacy questions, information-rights requests or data protection complaints, contact our privacy contact:

2. What this policy covers

This policy covers personal information used to run our own business, including information about website visitors and enquirers, prospective and current client representatives, procurement and tender contacts, suppliers, subcontractors, professional advisers, job applicants and other business contacts.

When a client instructs us to handle personal information solely to deliver a facilities-management contract, the client may be the controller and we may act as its processor. In that situation the client decides why the information is used, its privacy notice normally applies, and we follow its documented instructions. We may still act as a separate controller for our own legal, health and safety, accounting, insurance and dispute-management obligations.

3. Personal information we may collect

Depending on how you deal with us, we may collect:

Please do not submit health information, criminal-record information, payment-card details or other sensitive information through our general website form. We do not routinely request special-category or criminal-offence information through this website. If such information is genuinely required for safety, accessibility, recruitment, safeguarding or another lawful purpose, we will limit what we collect, provide any additional notice required and rely on both an Article 6 lawful basis and the additional condition required by UK law.

4. Where information comes from

We collect information directly from you, including when you submit our form, email or call us, request a quotation, take part in a tender, enter a contract or apply to join us. We may also receive information from your employer or organisation, clients, suppliers, subcontractors, referees, recruitment providers, procurement portals, professional advisers and public sources such as Companies House or other official registers.

When we obtain your information from another source, we will provide or direct you to relevant privacy information when required, normally when we first contact you and no later than the period required by law.

5. How and why we use personal information

Enquiries, quotations and business development

We use contact and enquiry information to respond, understand requirements, arrange discussions and prepare quotations. Our lawful basis is normally our legitimate interest in responding to and developing relevant business enquiries. If you are personally entering a contract with us, we may instead need the information to take steps at your request before entering that contract.

Client relationships, tenders and service delivery

We use client, procurement and site-contact information to bid for work, mobilise and manage services, communicate, report performance, handle complaints and administer contracts. We rely on legitimate interests for corporate contacts and relationship management, contract where the individual is personally a contracting party, and legal obligation where a law requires the processing.

Supplier and subcontractor management

We use supplier information to assess capability, complete due diligence, obtain quotations, onboard approved partners, coordinate work, manage quality and safety, and make payments. We rely on our legitimate interests in operating a safe, reliable and compliant supply chain, contract where applicable, and legal obligations including relevant tax, waste, employment and health-and-safety requirements.

Safety, security, incidents and legal claims

We may use personal information to manage site access, protect people and property, investigate incidents or suspected fraud, maintain insurance records and establish, exercise or defend legal claims. We rely on legal obligation and our legitimate interests in safety, security, accountability and protecting our legal rights. In a genuine emergency, vital interests may apply.

Finance, records and compliance

We use information to issue and pay invoices, maintain accounts, respond to auditors, advisers or authorities, and comply with company, tax and regulatory duties. We rely on legal obligation and legitimate interests in running and protecting our business.

Recruitment

We use applicant information to assess suitability, arrange interviews, take pre-contract steps and meet legal obligations. We rely on steps before entering an employment or engagement contract, legitimate interests in fair recruitment and defending claims, and legal obligation where applicable. Successful applicants will receive further workforce privacy information where appropriate.

Website operation and security

We and our hosting provider use limited technical information to deliver, maintain and secure the website, prevent abuse and diagnose faults. We rely on our legitimate interests in operating a secure and effective website.

Relevant business marketing

Where permitted, we may use business-contact information to send relevant information about our services. We rely on legitimate interests where this is lawful and follow the Privacy and Electronic Communications Regulations. We use consent where the law requires it. You can object to direct marketing at any time.

Where we rely on legitimate interests, those interests are operating and developing our facilities-management business; responding to enquiries, quotations and tenders; administering client, supplier and subcontractor relationships; maintaining safety and security; and establishing, exercising or defending legal claims. We balance those interests against your rights and do not use the information where your interests override ours.

6. If you do not provide information

Fields marked as required on our form are needed so that we can understand and respond to your enquiry. You do not have to provide optional information, but without essential contact, due-diligence, safety or contract information we may be unable to respond, provide a quotation, appoint a supplier or deliver a service.

7. Who we share information with

We share only what is reasonably necessary. Recipients may include:

Some service partners act as our processors, while others may be separate controllers for their own lawful purposes. We do not sell personal information.

8. International transfers

Some providers, including Netlify and its authorised providers, may process or allow access to personal information outside the UK, including in the United States. Where a restricted transfer takes place, we use a lawful transfer mechanism available under the provider agreement. This may include UK adequacy regulations, including the UK Extension to the EU-US Data Privacy Framework where applicable, or appropriate safeguards such as the UK International Data Transfer Agreement or the UK Addendum to approved contractual clauses. We also take reasonable and proportionate steps to check that the required protection applies.

Contact us if you would like more information about the safeguards relevant to your information.

9. How long we keep information

We keep information only for as long as necessary for the purpose collected, including legal, accounting, safety, insurance and dispute requirements. Our normal periods are:

Netlify form submissions, notification emails and exported copies are reviewed and deleted in line with the applicable enquiry or contract period. We may keep information longer where a legal hold, complaint, incident, insurance matter or claim requires it, and we may delete or anonymise it sooner when it is no longer needed.

10. Security

We use proportionate organisational and technical measures designed to protect personal information. These include secure website connections, access restrictions, multi-factor authentication where available, confidentiality requirements, supplier due diligence, secure transfer and deletion practices, backups and a process for managing suspected data incidents. No system can be guaranteed completely secure, but we review our safeguards as the business and risks develop.

11. Your rights

Depending on the circumstances and lawful basis, you may have the right to:

Your right to object: You can object at any time to our use of your information for direct marketing. You may also object to processing based on legitimate interests; we will stop unless we have compelling legitimate grounds to continue or need the information for legal claims.

To exercise a right, contact us using the details in section 1. We may need enough information to verify your identity and locate the relevant records. Some rights are not absolute, and we will explain if an exemption or other lawful reason affects our response.

12. Complaints

If you are concerned about our use of personal information or wish to make a data-protection complaint, contact us by email, phone, post or through our contact form. We will acknowledge a complaint within 30 days, investigate appropriately, keep you informed and tell you the outcome without undue delay.

If you remain dissatisfied, you can complain to the Information Commissioner's Office (ICO):

13. Automated decisions

Our hosting provider may use automated tools to identify spam or abusive form submissions. Wolsey Facilities Group Ltd does not currently make decisions about people based solely on automated processing that produce legal or similarly significant effects.

14. Children

This website and its form are intended for business and professional enquiries and are not designed to collect information from children. If a client contract involves information about children or vulnerable people, we handle it only under the appropriate contract, instructions, safeguards and specific privacy information.

15. Cookies and similar technologies

Our current static website does not intentionally use non-essential tracking cookies. Please read our Cookie Policy. If we introduce analytics, embedded media, chat, advertising or similar technologies, we will update our information and obtain consent where required before using them.

16. Changes to this policy

We will review this policy as our services, systems, providers and legal obligations develop. We will publish updates on this page and change the date above. Where a change materially affects how we use existing personal information, we will take reasonable steps to bring it to the attention of the people affected before the new use begins.