Privacy policy

Cennox (the “Company”) is committed to protecting the privacy and security of your personal information. This notice applies to anyone who uses our website and to anyone who buys or uses any of our products and/or services. This notice also applies to individuals to whom we might market our services or products. We are required under data protection legislation to notify you of the information contained in this notice.

Cennox is a data controller. This means that we are responsible for deciding how we hold and use personal information about you. Cennox may also, in some instances, be a data processor. This means that we process personal data on behalf of a controller (including ourselves).

This notice does not form part of any contract to provide services or any other contract. We may update this notice at any time.

The kind of information we collect or process about you

The sort of information we hold includes:

  • Identity data: your name and job title
  • Contact data: your email, physical and mailing address, your telephone number, your employer’s name, IP address, ISP provider.
  • Financial data: bank account details, your debit or credit card information, credit reference information (which we acquire from credit reference agencies) and other banking information.
  • Transaction data: your contract for services or products, if applicable, and any amendments to it; billing history and product and services you use and anything else related to your account.
  • Profile data: including information you provide to us in your communications with us, and correspondence with or about you.
  • Marketing and communications data: including any information which will assist us in marketing our services and products to you. This information also includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Technical data: CCTV footage and other information obtained through electronic means such as telephone recordings, email, mobile phone and internet usage data, information about your use of our website, photographs.
How your information will be collected

We may collect personal information in a number of ways. Much of the information we hold will have been provided by you, but some may come from other sources, such as from third parties including credit reference agencies, our partners or business directories. We may also collect personal data which is publicly available on websites such as job boards, LinkedIn, or similar business-related websites. We may use third-party applications which store their data from publicly available websites. We will collect additional personal information in the course of performing our contract with you and in providing our products and services to you.

How your information will be used

As our customer, Cennox needs to keep and process information about you for normal business purposes. The information we hold and process will be used for our management and administrative purposes only, to assist us in providing products or services to you. We will keep and use it to enable us to run the business and manage our relationship with you efficiently, lawfully and appropriately. This includes using information to enable us to comply with any contracts, to comply with any legal requirements, pursue the legitimate interest of the company and protect our legal position in the event of legal proceedings and any information we keep and process with your consent.

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as providing you with a product or service), or we may be unable in some circumstances to comply with our legal obligations (such as ensure the health and safety of our workers) and we will tell you about the implications of that decision.

We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

As a company pursuing engaged facilities services for a variety of industries, we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purpose or reporting potential crimes. Examples of instances where we might keep and process your data include: to process and deliver your order or to perform services for you, to provide information to you, for billing purposes, to collect and recover any money owed to us, to validate you as a registered customer, to notify you about changes to our services and to make recommendations to you about goods and services which might be of interest to you, for the administration of files and records, business management and planning, accounting and auditing, to send certain communications to you, and to comply with applicable laws, regulations, and court orders.

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:

We may use your personal information to form a view on what we think you may want or need, or what might be of interest to you. This is how we decide which products, services and offers may be relevant to you.

You will receive marketing communications from us if you have requested information from us or purchased products or services from us or if you provided us with your details including if you entered a competition, draw or completed a survey, and, in any case, you have not opted out of receiving that marketing.

We will obtain your express opt-in consent before we share your personal data with any company outside of the Cennox Group of companies for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by contacting us in writing to: or by following any opt-out links on any marketing message you received.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

How your information will be shared

Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to any subcontractors, any governmental authority or insurance schemes. In very rare instances, we may share your personal information with other third parties, for example, in the context of possible restructuring or sale of the business.

Some data collected by the Company may be stored in secure hosting facilities provided by Microsoft Web Services. The Company’s contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations.

We may transfer information about you to other group companies for purposes connected with providing services or products to you or otherwise in conjunction with the needs of the efficacy of the business.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in-line with our policies. We do not allow our third-party service providers to use your data for their own purposes. We only permit them to process your personal data for specific purposes and in accordance with our instructions.

In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements and in some circumstances, there may not be an adequacy decision by the European Commission in respect of that country. This means that the country’s domestic law or international commitments have not been determined by the European Commission to provide an adequate level of protection for your personal information. Therefore, to ensure that your personal information does receive an adequate level of protection, we have put into place safeguards to ensure your personal information is treated by those third parties in a way consistent with which respects the EU and UK laws on data protection: the organisation(s) to which your personal data is sent outside of the EU have a legally binding contract with us; all personal data is kept strictly confidential and can be only disclosed as required by contract; and only those staff at those organisation(s) who need to have access to personal data for the performance of their contractual obligations are permitted to have access to it. Furthermore, in circumstances where your data is transferred outside of the EEA to group companies, additional security measures including role-based security with limited access rights, logical separation of data, and encryption at rest and in transit ensure the security of your data. A copy of the safeguards can be obtained from

How your information will be protected

The Company has adopted reasonable physical, technical and organisational safeguards which substantially mirror the EU safeguards against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, access, use or processing of the User’s data in the Company’s possession. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They may only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How long your information will be retained

The Company will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

After you no longer use our website, enquire about or purchase our products or services, or no longer receive our marketing material, the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

Your rights

(Applicable to EU citizens. If you are a citizen of a country outside the EU, your rights depend upon the laws of that country.)

Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) you have several rights about your personal data.

You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances, the right to data portability.

If you have provided consent for the processing of your data, you have the right to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. To withdraw your consent, please write to us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

You have the right to lodge a complaint to the Information Commissioners’ office if you believe that we have not complied with the requirements of the GDPR or GPA 18 about your personal data.

You will not have to pay a fee for access to your personal information or to exercise any of the other rights. However, the company may charge a reasonable fee if the request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Changes to this privacy notice

Cennox reserves the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make updates. We may also notify you in other ways from time to time, about the processing of your personal information.

Information requests or questions

If you have any concerns as to how your data is processed, or if you would like to exercise any of your rights, you can contact:

Chris Cockett, Data Protection Officer, at

Or you can email