Privacy Policy - Servita

Privacy Policy

Last updated: 6 January 2025

Servita is committed to protecting the privacy of individuals and handling personal data responsibly and transparently. This Privacy Policy explains how we collect, use, store, and protect personal information in the context of our business activities. It applies to all individuals we engage with, including clients, suppliers, partners, and project stakeholders, regardless of their location.

What Personal Information We Collect

We may collect and process the following types of personal information:

  • Full name

  • Job title or role

  • Business email address

  • Business phone number

  • Organisation or employer name

  • Information provided through emails, meetings, or project documentation

  • Technical data (such as usage logs or IP addresses when accessing our services)

We do not intentionally collect special category data (e.g. health, ethnicity, political beliefs) and will only process such data with appropriate legal justification and safeguards if it becomes necessary.

How We Use Personal Information

We use personal information for the following purposes:

  • Delivering and managing our services

  • Communicating with clients, suppliers, and partners

  • Administering contracts and project documentation

  • Responding to enquiries and support requests

  • Managing internal operations

  • Complying with legal, regulatory, and audit requirements

Legal Basis or Justification for Processing

We process personal data based on one or more of the following lawful grounds:

  • Performance of a contract – to provide services under a client or supplier agreement

  • Legitimate interests – where necessary for our business and not overridden by individual rights

  • Legal obligation – where required to comply with applicable laws

  • Consent – where required and voluntarily provided

We ensure that all personal data is processed lawfully, fairly, and transparently, in accordance with applicable data protection laws in the jurisdictions in which we operate.

Data Storage and Transfers

Personal data is stored securely within our enterprise systems, including our cloud-based Microsoft 365 environment.

Where personal data may be accessed or stored across different regions, we ensure that appropriate technical, contractual, and organisational safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)

  • International Data Transfer Agreements (IDTAs) or their recognised equivalents

  • Risk assessments and additional safeguards, where required by applicable laws

We monitor and manage cross-border data flows in accordance with global data protection obligations and legal developments (such as Schrems II).

Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, or contractual requirements. Data is securely deleted or anonymised when no longer required.

Data Security

We apply appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, or disclosure. These include data encryption, access restrictions, secure infrastructure, and monitoring, aligned with international best practices and standards.

Individual Rights

Depending on applicable data protection laws in your region, individuals may have the right to:

  • Access their personal data

  • Request correction or deletion

  • Object to or restrict processing

  • Request data portability

  • Withdraw consent, where applicable

We respond to individual rights requests by the relevant local laws. To raise a request or concern, please contact us at: compliance.team@servita.com

Data Subject Awareness

Where we collect personal data directly from individuals (e.g. during projects, onboarding, or communication), we ensure they are informed of how their data will be used and what rights they have. This is provided through this policy or a specific privacy notice at the point of collection.

Third Parties

We do not sell personal data. We may share data with trusted service providers and partners as necessary to deliver our services. These third parties are bound by strict confidentiality and data protection agreements and may only process data under our instructions.

Updates to This Policy

We may update this Privacy Policy to reflect changes in our services, applicable laws, or technology.