GDPR Privacy Policy

Who we are

GCM Cleaning Services LTD NI is a cleaning division service within the gcm online services group ltd Our website address is


May 2018


Organization: GCM Online Services (Belfast)  Scope of policy: This policy covers the offices/warehouses of the above- named companies across Northern Ireland and Ireland.

Policy operational date: This policy is adopted May 2018

Policy prepared by MR OLoughlin – Data Advisor

Date approved by Board/ Management Committee: The Management have read and approved this policy

Policy review date: April 2021



This document is written to comply with the GDPR (EU General Data Protection Regulation) coming into force on 25th May 2018. This document also updates our PERC compliance. This document sets out clearly our commitment to follow good practice, to enable protection of data held on clients, staff and other individuals (potential clients). This document helps to protect all involved within the organization going forward.


We hold on our accounting systems the following information:

  • Name
  • Addresses
  • Delivery Addresses
  • Contact Telephones
  • Contact Mobiles
  • Contact Emails

This information is part of our contract with the individual to provide financial records, as we are legally obliged to do.

For payment by credit cards, we process your details, we do not keep your card details if written down these are immediately shredded / permanently destroyed.

Our representatives, who visit and or meet with potential clients will also take record of the following information for the purposes of providing quotations and additional information required by the client. This information may be written in a diary/notebook and will only ever contain:

  • Name
  • Address
  • Contact Telephones
  • Contact Mobiles
  • Contact Emails
  • General Requirements
  • Any emails sent/received are kept in line with this policy

Referrals from online companies may be passed to us, as per your request. We hold the data you have submitted.

For Marketing purposes, we have a separate database for the use of marketing contact. This database is only accessible by Management or senior members/representatives of the companies. We will also seek your permission before you are added to this database.

Employees – we hold:

  • Name
  • Address
  • Contact Telephone Date of Birth
  • Bank Account Details
  • NI Number
  • Email address (if provided)
  • Information provided by HMRC / Pension provider (Please see separate data statement)

We may collect the following types of information:


  • When you visit, we send one or more cookies to your computer or another device. We use cookies to improve the quality of our service, including for storing user preferences, improving search results and ad selection, and tracking user trends, such as how people search. GCM Online Services also uses cookies in its advertising services to help advertisers and publishers serve and manage ads on GCM Online Services.

Log information

  • When you access GCM Online Services via a browser our servers automatically record certain information. These server logs may include information such as your web request, your interaction with a service, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser or your account.

User communications

  • When you send an email or other communications to GCM Online Services, we may retain those communications in order to process your inquiries, respond to your requests and improve our services. We may use your email address to communicate with you about our services.

Other sites

  • This Privacy Policy applies to GCM Online Services only. We do not exercise control over the sites displayed as search results, sites that include GCM Online Services applications if any, products or services, or links from within our various services. These other sites may place their own cookies or other files on your computer, collect data or solicit personal information from you.

In addition to the above, we may use the information we collect to:

  • Provide, maintain, protect, and improve our services and develop new services; and
  • Protect the rights or property of GCM Online Services or our users. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use. GCM Online Services processes personal information on our servers in the UK.


Our company is committed to complying with both the law and good practice in protecting and respecting your privacy. When you purchase from us we need to hold the above- mentioned information in order that we can process your transaction.

We respect individuals’ rights and only hold data that is shown above on our accounting software. Hard copies of printed invoices, statements or financial reports may be printed for the use of staff/directors of the company.

All emails, correspondence and communications to and from the company can be accessed by senior management and directors. Names and telephone numbers are taken down within a notebook/diary for massage purposes and passed on. The original record of the call is kept for reference.

CCTV – across our sites we operate a CCTV system for the purposes of security, health and safety and monitoring purposes.

External suppliers – Access from time to time may be required from our external suppliers for maintenance purposes. The supplier will only have access to a limited part of the computer systems and all personal data will not be made or allowed access to.

Passwords – All computer equipment which has access to data is passworded. These passwords are to be changed regularly.

Payments – For payment by credit cards we process your details, we do not keep your card details if written down these are immediately shredded / permanently destroyed. The merchant copy is maintained for financial / accounting records in a lockable drawer. These are kept for a period of 6 months following your transaction then permanently stored in line with accounting requirements.

All telephone calls are logged for billing purposes.

In the event of a data processing error, we will notify the Information Commissioner voluntarily, even if this is not required.


When processing data we aim to do so securely, efficiently and minimize any risk involved. All data is processed in a separate area, with computer screens and desk not readily available to being overlooked.

When we make client contact, our representatives do gather information as listed above to enable them to provide the information requested. This information can be gathered in two ways, directly onto our Accounting program by way of iPhone / Iipad App or manually in a notebook / Diary. We do not use loose paper to make notes. These books are then securely stored.



They have overall responsibility for ensuring that the organization complies with its legal obligations.


All staff and volunteers have read, understand and accept these policies and procedures that relate to the personal data they may handle in the course of their work. (From now on, where ‘employees’ is used, this includes both paid employees, representatives and volunteers.)


Our key staff has received one on one training to help cover the processing of the data they need.

Continuity / Risks

Business continuity

We use a cloud-based accounting / CRM system, which allows for safe and secure off-site data holding. This enables safe continuity if required going forward.

Specific risks

Our key employees can meet with you in your chosen location and your data can be accessed there, subject to mobile internet access. They can also work on your data remotely at home, at any of our offices or locations with internet access. Every effort will be made to do this privately and they will never make available in public spaces.

Each user has a dedicated login which is logged each and every time something is undertaken or the system is logged in or out of.

Our employees will not provide your personal information over the telephone. Emailed invoices/statements and financial reports will be made available by email to you. We can send these to you as required.

Data recording and storage


We can obtain our data directly from our clients / potential clients or from online referral companies. Where contact details are requested from you we will usually ask you to check we have it right. If it is not, we will amend within 8 working hours of notice.


We need to keep data and information in line with legal requirements. We retain data on the following basis:

  • Employee Records – 6 years after the date of termination
  • Pension Records – 6 years after the date of termination
  • Photos / Videos – indefinitely
  • CCTV – each machine is on a 30-45 day loop. Downloaded material required as part of an investigation will be kept for a period of up to 3 years after the incident
  • Insurance Records – indefinitely
  • Safeguarding matters – indefinitely or until advised by the authorised authority
  • Accident books – 3 years from the date of the last entry (or, if the accident involves a child/ young adult, then until that person reaches the age of 21)
  • Customer Records – reviewed every 3 years, updated when you ask
  • Marketing Records – reviewed every 3 years
  • Access Request Letters – Held for a maximum of 1 year following completion of the request
  • Sales lead – indefinitely


We aim to hold all information digitally, in our Accounts and CRM software including MS Outlook. Employee data is held on MS One drive and online payroll software with limited access by only those who require it. Pension information is also held online, and limited access is given


Please see above


In the event we have printed personal information, this will be stored only for a limited time until the purpose of this print has been addressed and completed. Once completed the printed material is then destroyed securely.

Right of Access


Should you require access to the information we hold please make contact as stated below.


A right of access requests must be in writing. This should be addressed to the Managing Director and provide the following: –

  • Your Name
  • Your Address
  • Your Contact Number
  • Your Email address
  • Your request

We suggest that your letter is sent by recorded delivery if by post.

Post address:

GCM Online Services 55-59 Adelaide Street, Belfast, BT2 8FE

Email address:


Where the person managing the access, the procedure does not know the individual personally we will make contact with you to verify you to the best of our ability.


We hold very limited data on you, this is detailed above. We may charge £15 to process and supply your data as requested.


If the request is made electronically, we will provide the information in a commonly used electronic format.

If your request is in writing, please confirm in what way you would like your information to be provided back to you.



Our goal is to explain the type and how we use your data. This core document provides this information to you and includes

  • for what purpose it is being processed
  • what types of disclosure are likely, and
  • how to exercise their rights in relation to the data


We aim to cover this as below:

New Clients – Briefly covered by our representatives during the initial meeting

Current Clients – Data Protection Policy made available to all openly – Link on the website, mentioned on the email footers

Employees – Verbally during training and confirmation by letter.


Our key employees form part of this transparency and responsibility lies with the Managers to maintain and review in line with this policy

Lawful Basis


For employees, clients and potential clients, we only hold information which is required to complete our contracts with you and do so as required by law.

For Marketing purposes, you can opt out at any time from our online database. Every email we send will allow you to easily and quickly opt out.


We acknowledge that once given, consent can be withdrawn, but not retrospectively. There may be occasions where the organization has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn – in these cases, we may inform you.

Employee training & Acceptance of responsibilities


All employees who have access to any kind of personal data should have had their responsibilities outlined during their induction procedures


There are opportunities to raise Data Protection issues during employee training, team meetings, supervisions, etc. this is encouraged.


Each staff member has signed for a copy of this document and our Data Privacy Statement, acknowledging receipt and understanding.

Policy review


The Directors and senior team members will review this policy as stated.


A complete review of the policy is undertaken during the period specified, consulting and change in the law, systems, stakeholders and good practice.


The review will start in April 2021 and be completed by May 2021