Data Security & Retention

Thomas Charles Facilities & Maintenance Ltd takes the security and responsible handling of information seriously.

This statement explains how we approach data security, retention and disposal in relation to information handled through our website, enquiries, client communications and business operations.

Our Approach

We aim to protect the confidentiality, integrity and availability of information we hold, including client, supplier, staff, enquiry, quotation, job, service and financial records.

We handle information in a responsible and proportionate way, using practical controls that support secure business operations.

​

Scope

This statement applies to information handled by Thomas Charles Facilities & Maintenance Ltd as part of our business operations, including:

• website enquiries and support requests;

• client and site contact information;

• quotation, job and service records;

• supplier and subcontractor records;

• financial and invoice records;

• business communications;

• uploaded documents, images or supporting information provided through website forms or email.

This statement does not replace our Privacy Policy. It should be read alongside our Privacy Policy and Website Privacy & Cookies Policy.

​

Data Security Measures

We use practical and appropriate measures to help protect information from unauthorised access, loss, misuse, alteration or disclosure.

These may include:

• access controls for business systems and records;

• password protection;

• secure email, software and storage systems where appropriate;

• limiting access to information to people who need it for legitimate business purposes;

• internal procedures for handling business information;

• secure deletion or disposal where information is no longer required;

• use of reputable service providers where business systems are hosted or managed externally.

We review our working practices as systems and business requirements develop.

​

Data Retention

We only keep information for as long as it is needed for the purpose it was collected, or where retention is required for legal, accounting, insurance, operational or compliance reasons.

Retention periods may vary depending on the type of record and the reason it is held.

Typical examples may include:

• website enquiries and support requests: retained for a reasonable period to manage and review enquiries;

• quotation, job and service records: retained where needed for contract, service history, legal, accounting or insurance purposes;

• invoice and finance records: retained in line with accounting and tax requirements;

• supplier and subcontractor records: retained where needed for business, contract, compliance or accounting purposes;

• uploaded files or photos: retained only where relevant to the enquiry, work, record or service provided.

Where information is no longer required, we will delete, anonymise or securely archive it as appropriate.

​

Data Disposal

When information is no longer required, we aim to dispose of it securely.

This may include deleting electronic records, removing files from business systems, securely disposing of physical paperwork, or archiving records where they must be retained for legal, insurance, accounting or compliance purposes.

​

Access to Information

Access to business information is limited to authorised personnel who require it for legitimate business purposes.

Where information needs to be shared with staff, subcontractors, suppliers or service partners, we aim to share only what is necessary for the relevant task or service.

​

Suppliers and Third Parties

We may use third-party providers for website hosting, email, software, cloud storage, invoicing, payment processing, IT support or other business systems.

Where third parties process information on our behalf, we aim to use reputable providers and appropriate safeguards.

​

Security Incidents

If we become aware of an actual or suspected information security incident, we will review the matter and take appropriate action.

Where a personal data breach is likely to result in a risk to individuals’ rights and freedoms, we will follow applicable UK data protection requirements, including notifying the Information Commissioner’s Office where required.

​

Review

We may update this statement as our systems, services, website, legal requirements or business processes change.

​

Contact

For questions about data security, retention or data protection requests, please contact:

Thomas Charles Facilities & Maintenance Ltd
Email: info@thomascharlesfm.co.uk
Telephone: 0344 544 1788