Stellar Facilities Solutions
Stellar Facilities Solutions

Privacy Policy

 

Effective date: 15 September 2025


This Privacy Policy explains how Stellar Facilities Solutions Limited (“we”, “us”, “our”) collects, uses, shares and protects personal data when you visit our website or contact us about our services. We handle personal data fairly, lawfully and transparently in line with the UK GDPR and the Data Protection Act 2018.


1. Who we are (Data Controller)

Stellar Facilities Solutions Limited
Email: info@stellarfacilitiessolutions.com
We are the data controller for the purposes described in this policy.

2. Personal data we collect

  • Contact details (name, email, phone number, organisation).
     
  • Enquiry information you send via forms or email (message content, project scope/details).
     
  • Business documents you share (e.g., tenders, RAMS, drawings, specifications).
     
  • Recruitment data if you apply for a role (CV, cover letter, references).
     
  • Technical data from your visit (IP address, device/browser type, pages viewed).
     
  • FM site operations: site access/induction records, permits to work, toolbox-talk attendance.
     
  • Training & competence: qualifications and card numbers/expiry where relevant (e.g., CSCS/ECS, Gas Safe, NICEIC, F-Gas).
     
  • Subcontractor info: business contacts, insurances, accreditations, RAMS authorship details.
     
  • Health & safety: accident/near-miss reports (including RIDDOR where applicable).
     
  • Safeguarding/DBS checks where legally required for education settings and specific roles.
     
  • CCTV images on sites we operate (if any). Where CCTV is operated by a client, they are the controller.
     

We do not intentionally collect data from children and our website is not directed at children.


3. How we use personal data (and legal bases)

  • Respond to enquiries and provide proposals (legitimate interests / steps to enter a contract).
     
  • Deliver services and manage client/supplier relationships (contract).
     
  • Manage safe site operations (inductions, permits, access control) and statutory compliance (legal obligation).
     
  • Evidence audits and contracts, including PFI payment-mechanism performance, output specifications and handback standards (contract / legitimate interests).
     
  • Vet and manage subcontractors (competence, insurance, accreditations) (contract / legitimate interests).
     
  • Support decarbonisation programmes aligned to lifecycle goals (e.g., fabric-first measures, controls optimisation, targeted MEP upgrades) (legitimate interests / contract).
     
  • Improve our website and services (legitimate interests).
     
  • Where we rely on consent (e.g., some analytics/marketing), you can withdraw consent at any time.
     
  • Where safeguarding/DBS checks are required: legal obligation / substantial public interest.
     

4. Sharing your data

We may share personal data with trusted service providers (e.g., website hosting, email, cloud storage) under contracts that require them to protect your data. We may also share data where required by law or to establish, exercise or defend legal claims.
For service delivery we may share relevant information with clients, SPVs/Authorities (PFI), principal contractors, auditors and insurers, and with vetted subcontractors working on our behalf—always under appropriate contractual safeguards.

5. International transfers

Some providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place (e.g., UK-approved standard contractual clauses).

6. Data retention

  • Enquiries: typically up to 24 months.
     
  • Client & project records: for the contract term and a period afterwards to meet legal, tax and insurance obligations.
     
  • Health & safety records (accident/near-miss): at least 3 years, or longer where law/contract requires.
     
  • Training/competence & subcontractor vetting: contract term + up to 6 years.
     
  • PFI handback/expiry documentation: for the concession duration and any agreed period after expiry.
     
  • Recruitment: up to 12 months unless you ask us to keep it longer.
     
  • CCTV (if we operate it): retained for a short, defined period unless needed for an investigation.
     

7. Security

We implement appropriate technical and organisational measures (access controls, encryption where appropriate, staff awareness, supplier due diligence). No system is completely secure, but we take reasonable steps to protect your data.

8. Your rights

Subject to conditions, you may request access, rectification or erasure of your data; restrict or object to processing; and data portability. You can withdraw consent where consent is relied upon. To exercise these rights, contact us at info@stellarfacilitiessolutions.com. You may complain to the UK Information Commissioner’s Office: https://ico.org.uk

9. Cookies

Our site uses essential cookies to operate. If we use non-essential cookies (e.g., analytics), we will ask for your consent via a cookie banner. Most browsers let you control cookies in settings.

10. Third-party links

Our website may link to third-party sites. We are not responsible for their privacy practices and recommend you read their notices.

11. Changes to this policy

We may update this policy from time to time. The latest version will be posted on this page.

12. Contact us

For questions about this policy or your data, contact:
Stellar Facilities Solutions Limited
Email: info@stellarfacilitiessolutions.com

Copyright © 2025 Stellar Facilities Solutions - All Rights Reserved.

  • Privacy Policy

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept