1. Our Commitment to GDPR
Nelyqor Ltd is fully committed to complying with the UK General Data Protection Regulation (UK GDPR), retained from EU Regulation 2016/679, and the Data Protection Act 2018. We recognise the importance of protecting personal data and are dedicated to handling it responsibly, transparently and securely.
This page explains how we meet our obligations under GDPR in the context of our commercial cleaning services and business operations.
2. Data Protection Principles
We adhere to the seven key principles of UK GDPR in all our data processing activities:
Lawfulness, Fairness and Transparency
We process personal data lawfully, fairly and in a transparent manner. We clearly inform individuals about how their data will be used.
Purpose Limitation
We collect data only for specified, explicit and legitimate purposes and do not process it in ways incompatible with those purposes.
Data Minimisation
We collect only the personal data that is necessary and relevant for the purposes we have identified.
Accuracy
We keep personal data accurate and up to date, taking reasonable steps to correct or delete inaccurate information promptly.
Storage Limitation
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, after which it is securely deleted or anonymised.
Integrity and Confidentiality
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or damage.
Accountability
We take responsibility for our data processing activities and can demonstrate compliance with the above principles at all times.
3. Lawful Bases for Processing
We rely on the following lawful bases for processing personal data:
- Consent: where you have given clear, informed and unambiguous consent (e.g., marketing communications, cookie preferences).
- Contractual necessity: where processing is necessary to perform a cleaning service contract or to take pre-contractual steps at your request.
- Legitimate interests: where processing is necessary for our legitimate business interests (e.g., responding to enquiries, improving services), provided those interests do not override your rights and freedoms.
- Legal obligation: where processing is necessary to comply with a legal obligation (e.g., tax and accounting requirements, health and safety records).
4. Data We Process
4.1 Client Data
- Company name, registered address and site addresses.
- Contact person name, job title, email address and phone number.
- Billing information and payment history.
- Service specifications, cleaning schedules and correspondence.
4.2 Employee and Operative Data
- Name, address, date of birth and National Insurance number.
- DBS check references, right-to-work documentation and training records.
- Payroll data, bank details and emergency contacts.
4.3 Website Visitor Data
- IP address, browser type, device information and browsing behaviour.
- Data submitted via contact forms (name, email, phone, message content).
- Cookie preferences and consent records.
5. Data Subject Rights
Under UK GDPR, individuals whose data we process have the following rights:
- Right to be informed — about how we collect and use personal data (this page and our Privacy Policy).
- Right of access — to request a copy of the data we hold (Subject Access Request).
- Right to rectification — to have inaccurate data corrected.
- Right to erasure — to request deletion of data where no compelling reason exists for continued processing.
- Right to restrict processing — to limit how we use data in certain circumstances.
- Right to data portability — to receive data in a structured, commonly used format.
- Right to object — to object to processing based on legitimate interests or for direct marketing.
- Rights in relation to automated decision-making — we do not use automated decision-making or profiling.
To exercise any of these rights, please contact us using the details in Section 10. We will respond within one calendar month. In exceptional circumstances, we may extend this by a further two months, in which case we will notify you.
6. Data Security Measures
We have implemented comprehensive technical and organisational measures to safeguard personal data:
- SSL/TLS encryption for all website data transmission.
- Encrypted storage for sensitive data at rest.
- Role-based access controls with multi-factor authentication for staff systems.
- Regular security audits and penetration testing.
- Mandatory GDPR and data protection training for all staff.
- Secure disposal of physical documents via confidential shredding.
- Incident response procedures with documented escalation paths.
7. Data Processing Agreements
Where we engage third-party service providers who process personal data on our behalf (sub-processors), we ensure that Data Processing Agreements (DPAs) are in place. These agreements require sub-processors to:
- Process data only on our documented instructions.
- Maintain appropriate security measures.
- Notify us promptly of any data breaches.
- Delete or return data at the end of the service relationship.
- Cooperate with audits and inspections.
8. Data Breach Procedures
In the event of a personal data breach, we will:
- Assess the nature, scope and potential impact of the breach.
- Contain and mitigate the breach as quickly as possible.
- Notify the Information Commissioner's Office (ICO) within 72 hours where the breach is likely to result in a risk to individuals' rights and freedoms.
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
- Document all breaches, including those that do not require notification, in our breach register.
- Conduct a post-incident review to prevent recurrence.
9. International Transfers
We primarily store and process personal data within the United Kingdom. Where any transfer outside the UK is necessary (for example, through cloud-based service providers), we ensure that:
- The receiving country has an adequate level of data protection as recognised by the UK government, or
- Appropriate safeguards are in place, such as the International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses.
10. Contact Our Data Protection Lead
If you have any questions about our GDPR compliance, wish to exercise your data rights, or need to report a data protection concern, please contact us:
- Email: support@nelyqor.com
- Phone: 0161 706 0482
- Post: Data Protection Lead, Nelyqor Ltd, ul. Floriańska 15, 31-019 Kraków
11. Supervisory Authority
If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the UK's supervisory authority:
- Information Commissioner's Office (ICO)
- Website: ico.org.uk
- Phone: 0303 123 1113
- Post: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would appreciate the opportunity to address your concerns directly before you contact the ICO.
12. Updates to This Page
We review our GDPR compliance practices regularly and may update this page accordingly. Any changes will be published here with an updated revision date. We recommend checking this page periodically for any updates.