Privacy Policy
Last updated: 28 November 2025
This Privacy Policy explains how YIS Facility Services Ltd (“we”, “us”, “our”) collects, uses
and protects your personal data when you visit our website, contact us or use our security
services. We are committed to safeguarding your privacy and complying with applicable
data protection law in the United Kingdom, including the UK GDPR and the Data Protection
Act 2018.
Who We Are
YIS Facility Services Ltd is a security services provider based in England.
Registered office:
YIS Facility Services Ltd
Unit 6 Lea Road
Waltham Abbey
England, EN9 1AS
Email: [email protected]
Telephone: (+44) 111-0000-111
How To Contact Us About Data Protection
If you have any questions about this Privacy Policy or how we handle your personal data,
please contact us using the details above and mark your enquiry “Data Protection”.
Personal Data We Collect
We may collect and process the following categories of personal data:
- Identification details: name, job title, company or organisation.
- Contact details: email address, telephone number, postal address.
- Service-related information: site address or postcode, nature of your
premises, details of current security arrangements and risks. - Enquiry information: details you provide when contacting us via forms,
email, phone or in person. - Contract and billing information: purchase orders, invoices, payment
information (but not full card details if you pay via a third-party provider). - CCTV and site security data: images and recordings captured by CCTV
systems under our control, access logs and incident reports. - Recruitment information: CVs, application forms, interview notes,
references and right-to-work documentation when you apply for a role with us. - Technical data: IP address, browser type, device identifiers and other
data collected through cookies and similar technologies on our website.
How We Collect Your Personal Data
We collect personal data in a number of ways, including when:
- You complete a contact form or “Get a Quote” form on our website.
- You communicate with us by email, phone or post.
- Your organisation engages us to provide security services.
- You visit premises where our officers are deployed or where CCTV is in operation.
- You apply for a job or submit your CV to us.
- You browse our website, where cookies and similar tools may operate.
Purposes And Legal Bases For Processing
We process your personal data for the following purposes and legal bases:
- To respond to enquiries and provide quotes – we process your contact
details and enquiry information to respond to your requests. Our legal basis is
legitimate interests in running and growing our business and, where we are
preparing to enter into a contract with you, pre-contractual steps. - To provide security services – we use your data to manage contracts,
deploy officers, maintain site logs and report on incidents. Our legal basis is
performance of a contract and our legitimate interests in delivering
effective security services. - To operate CCTV and site security systems – we process images and
related data to protect people, property and assets, and to support investigations.
Our legal basis is legitimate interests in maintaining safety and security and,
where relevant, legal obligations. - To manage our relationship with clients and suppliers – including
invoicing, contract administration and service updates. Our legal basis is
performance of a contract and legal obligations relating to tax and
accounting. - To send service-related communications – such as important changes to
our terms or notifications about your security contract. Our legal basis is
performance of a contract or legitimate interests. - To consider job applications – we process recruitment data to assess
your suitability and progress your application. Our legal basis is
pre-contractual steps and our legitimate interests in recruiting staff. - To maintain and improve our website – we use technical data and usage
information to troubleshoot issues, analyse performance and improve user experience.
Our legal basis is legitimate interests. - To comply with legal and regulatory requirements – for example,
obligations relating to security regulation, health and safety or law enforcement
requests. Our legal basis is legal obligations.
Marketing Communications
We may occasionally send existing clients information about related services that we believe
will be genuinely useful. Where required by law, we will only send you marketing messages
with your consent, and you can opt out at any time by following the unsubscribe instructions
in the email or by contacting us directly.
Cookies And Website Tracking
Our website may use cookies and similar technologies to remember your preferences, analyse
how visitors use the site and improve performance. For more information about the cookies
we use and how to manage your preferences, please refer to our separate
Cookie Policy.
Sharing Your Personal Data
We will never sell your personal data. We may share it with:
- Service providers and subcontractors who support our operations,
such as IT providers, hosting companies, monitoring centres or vetted security
contractors. These parties are required to keep your data confidential and secure. - Professional advisers such as insurers, auditors, accountants and
legal advisers. - Law enforcement and regulatory bodies where we are required to do so
by law or where sharing is necessary to protect individuals, property or our legal
rights. - Clients and site owners where incident reports or CCTV footage are
required for investigations or insurance purposes, in line with applicable law.
International Transfers
In general, we aim to keep your personal data within the United Kingdom and the European
Economic Area. If we use service providers located outside these areas, we will ensure that
appropriate safeguards are in place, such as standard contractual clauses or equivalent
measures, to protect your data to UK standards.
Data Retention
We keep your personal data only for as long as is reasonably necessary for the purposes
described in this Privacy Policy and to meet legal, accounting or reporting requirements.
Retention periods vary depending on the type of data, but as a guide:
- Client and contract records are typically kept for up to 7 years after the end of
the relationship. - CCTV footage is normally retained for a short period (for example, 30 days) unless
needed longer for an investigation or legal proceedings. - Recruitment data for unsuccessful applicants is usually retained for up to 6–12
months, unless you agree to a longer period.
How We Protect Your Data
We take appropriate technical and organisational measures to protect your personal data
against unauthorised access, accidental loss, destruction or damage. These measures include
access controls, staff training, secure systems and regular review of our security
procedures. However, no method of transmission or storage is completely secure and we
cannot guarantee absolute security.
Your Data Protection Rights
Under data protection law, you have a number of rights in relation to your personal data:
- Right of access – to request a copy of the personal data we hold
about you. - Right to rectification – to have inaccurate or incomplete data
corrected. - Right to erasure – in certain circumstances, to ask us to delete
your personal data. - Right to restrict processing – to request that we limit how we use
your data in certain situations. - Right to data portability – to receive your data in a structured,
commonly used format and have it transferred to another controller where technically
feasible. - Right to object – to object to processing based on our legitimate
interests or for direct marketing purposes. - Rights related to automated decision-making – we do not carry out
automated decision-making that produces legal or similarly significant effects
about you.
If you wish to exercise any of these rights, please contact us using the details provided
above. We may need to verify your identity before responding.
Right To Complain
If you have concerns about how we handle your personal data, we would encourage you to
contact us first so we can try to resolve the issue. You also have the right to lodge a
complaint with the UK data protection regulator:
Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Third-Party Websites
Our website may contain links to other websites that are not operated by us. If you follow
a link to a third-party site, please note that those websites have their own privacy
policies and we do not accept any responsibility or liability for them.
Changes To This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices,
legal requirements or other factors. Any updates will be posted on this page with a
revised “Last updated” date. We encourage you to review this page periodically to stay
informed about how we handle your personal data.