Privacy Policy


Enviro Technology Services Ltd takes data protection seriously. In order to employ our staff, and operate our business we must process some personal data, processing of this data could or will become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we will obtain consent from the data subject. Personal data processing at Enviro Technology Services Ltd will always be in line with the General Data Protection Regulations 2018 (GDPR). By means of this Privacy Statement, we would like to inform both our employees and customers of why we collect and process personal data and Data Subjects rights relating to the collection and processing of Personal Data.


The data protection statement of Enviro Technology Services Ltd is based on the terms used within the General Data Protection Regulations 2018 (GDPR) but for ease of use of
understanding the following definitions apply.

Controller: A natural or legal person, public authority, agency or organisation, alone or jointly determines the purposes and means of processing of personal data.

Personal Data: any information relating to an identified natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, and identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of a natural person.

Data Subject: any identified or identifiable natural person, whose personal data is processed.

Processor: a natural or legal person, public authority, agency or organisation which processes data on behalf of the controller.

Recipient: a natural or legal person, public authority, agency or other organisation, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State Law shall not be regarded as recipients; the processing of that data by those public authorities shall follow the applicable data protection rules according to the purpose of processing.

Third Party: a natural or legal person, public authority, agency or other organisation other than the data subject, controller, processor and persons who, under direct authority of the
controller or processor, are authorised to process personal data.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data whether or not by automated means, such as collection, recording,
organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction.

Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Name and Address of the Controller

All personal data provided by you will be held by Enviro Technology Services Ltd (the Controller). Our Head Office address is: Enviro Technology Services Ltd, Unit B1 Kingfisher Business Park, London Road, Stroud, GL5 2BY
Phone: 01453 733 200
Managing Director: Duncan Mounsor
Data Controller: Jo Roy, Group Chief People Officer

Name and Address of the Lead Supervisory Authority

The Lead Supervisory Authority overseeing Enviro Technology Services Ltd is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9
5AF, United Kingdom
Phone: +44 (0) 303 123 1113

Reasons/Purposes for processing information

The following is a broad description of the way Enviro Technology Services Ltd processes personal information. Enviro Technology Services Ltd processes personal data to enable us to recruit, employ, support and manage our employees, provide adequate training, maintain the health and safety of all employees, to enable us to sell and provide a quality service to our customers, to promote our products and services, and to maintain our own accounts and records.

We collect information relating to the above reasons/purposes from the following sources:

• The Data Subject directly (e.g. from information entered into forms etc.)
• The Data Subject indirectly (e.g. information from when you browse our website)
• Social media (e.g. LinkedIn)
• Research provided by Third Party Providers including Search Engines, Recruitment Agencies etc.

We process information relating to the above reason/purpose. The information may include:
• Personal Details
• Financial Details
• Employment Details
• Education and Training Details
• Driving Licence Information
• Goods and Services provided

For employees only, we also process sensitive classes of information when necessary that may include:

• Health Information
• Offences and alleged Offences (Disclosure Barring Service)

We process personal information about our:
• Employees
• Customers
• Suppliers
• Advisors and other professional experts
• Consultants

We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA), Privacy and Electronic Communications Regulation (PECR) and the EU General Data Protection Regulation (GDPR) as it applies.

What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.


Where necessary or required we share information with:

• Private Health Providers (i.e. Westfield, BUPA)
• Financial Advisor
• Pension Provider
• Training/Education/Exam Providers or Bodies
• Customers
• Suppliers and Service Providers
• Insurance Providers
• Legal or Professional Advisors
• Current, past or prospective employers
• Life Assurance Provider


We may also share your data with other members of our group, so that they may contact you to tell you about relevant products, services and offers. Where we share such data, we do so on the basis of the legitimate interests of ourselves and the other members of our group to provide you with such information. Please see below for more information about this.

Processing outside of the UK and the EU

We may occasionally be required to process data outside of the UK and outside of the EU. As and when this situation arises the data subject will be notified, along with the reasons why.

Rights of the Data Subject

GDPR affords EU Data Subjects with rights. These rights are summarised below. In order to assert any of these rights, the data subject may contact the Data Controller.

The right of confirmation: Each data subject shall have the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.

The right of access: Each data subject shall have the right to obtain from the controller, free information about his or her personal data stored at any time and copy this information. Furthermore, the data subject shall have a right to obtain information as to whether personal data is transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. The Company will respond to your request within one month. If you have made a number of requests or your request is complex, we may need extra time to consider your request and can take up to an extra two months to respond. If we are going to do this, we would let you know within one month that more time is needed.

Right to Rectification: Each data subject shall have the right granted by the European Legislator to obtain from the controller without any undue delay the rectification of inaccurate personal data concerning him or her. Taking in to account the purpose of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (Right to be forgotten): Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay,
and the controller shall have an obligation to erase personal data without undue delay where one of the statutory grounds applies, as long as the processing is not necessary. Right of Restriction of Processing: Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where a statutory reason applies.

Right to Data Portability: Each data subject shall have the right granted by the European Legislator, to receive the personal data concerning him or her, which was provided by the controller, in a structured, commonly used and machine-readable format. Right to object: Each data subject shall have the right to object, on grounds relating to his or her particular situation at any time, to the processing of personal data concerning him or her.

Automate Individual decision-making, including profiling: Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling.

Right to withdraw consent: Where consent forms the basis for processing, Data subjects shall have the right to withdraw his or her consent to the processing of his or her personal data at any time. Data subjects can withdraw consent at any time by contacting the Data Controller. Customers and Suppliers are able to withdraw by contacting the Data Controller.

Right to complain to the Supervisory Authority: Each data subject has the right to complain to the relative Supervisory Authority. The local Supervisory Authority for Enviro Technology Services Ltd is the Information Commissioners Office whose details can be found at the top of this Privacy Notice.

Legal Basis for processing

The legal basis for processing shall be where:

• The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• Processing is necessary for compliance with a legal obligation to which the controller is subject;
• Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
• Processing is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The Legitimate Interests pursued by the Controller or by a Third Party

Where the processing of personal data is based on our legitimate interest, it is to carry out our business in favour of the well-being of all our employees and the shareholders, or because we (or another member of our group) would like to tell you about relevant products, services and offers.

Security of Processing

As Controller, Enviro Technology Services Ltd ensures that it continually has an up to date Cyber Essentials Certificate, along with comprehensive systems and processes in place to maintain the security of our processing. Enviro Technology Services Ltd has also invested in new technology for transferring/sending and receiving personal data securely, as well as updating other software and systems as and where necessary.


It may sometimes be necessary to transfer personal information overseas. When transfers are needed, information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the General Data Protection Regulation and in accordance with the country-specific legislation applicable.

Personal Data Retention Periods

The criteria used to determine the retention period of personal data is the respective statutory retention period within the Member State.

After the expiration of that period, personal data shall be securely deleted, as long as it is no longer necessary for the fulfilment of the contract, the initiation of a contract, or in relation to other legal proceedings.

Past employee data will be kept for no longer than 6 years unless dictated otherwise by statutory requirements.

Unsuccessful candidate data will be held for no longer than 12 months.

Customer quotes will be kept indefinitely in the interest of both the customer and Enviro Technology Services Ltd.

Contractual obligation of the data subject to provide the personal data and the
possible consequences of failure to provide such data

For clarity, the provision of personal data is partly required by law or can also result from contractual provisions. Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.

Automated Decision-making and Profiling

Enviro Technology Services Ltd do not process any data for automated decision-making or profiling.


The internet pages of Enviro Technology Services Ltd use cookies. Cookies are text files that are stored in a computer system via an internet browser. Many internet sites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited internet sites and servers to differentiate an individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognised using the unique cookie ID. Enviro Technology Services Ltd has no use of the data supplied through cookies and therefore utilise technology that anonymises all cookie data.

Data Protection for Employment and Recruitment Procedures

The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by email or by means of a web form on the website to Enviro Technology Services Ltd. If Enviro Technology Services Ltd concludes an employment contract with the applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant, Enviro Technology Services Ltd will automatically erase upon the notification of refusal. Applicant data will not be kept for any longer than 12 months once a recruitment campaign has concluded, providing that no other legitimate interest including compliance with specific legislation are opposed to the erasure.


Enviro Technology Services Ltd may use your personal information to tell you about relevant products, services and offers. This is what we mean when we are referring to ‘Marketing’.

We make a judgement to form a view on what we think you may need or want or that may be of interest to you. This is how we decide which products, services and offers may be relevant to you.

We will only use your personal information to send you marketing messages if we either have your consent, or a ‘legitimate interest’. That is when we have a business or commercial reason to use your information. It must not go against what is right and best for you and will always remain within the confines of current Data Protection law.

Of course, you can ask us to stop sending you marketing emails at any time by emailing

Other than is listed within this statement we will never sell / share your personal data with any third parties.

Location Tracking

Enviro Technology Services Ltd utilises a mobile based app (Take 5) which shares an employee’s location to Head Office for safety reasons. The Company cannot access the employees Geolocation unless the employee chooses to share it through the Take 5 app, there is no function to access an employee’s location remotely.

The Company uses the data provided through the Take 5 app for operational reasons and for the safety of our employees.

Any data retrieved from the Take 5 app, is stored securely on the Company’s servers, indefinitely for external audit purposes.


You may not transfer any of your rights under this privacy notice to any other person. We may transfer our rights under this privacy notice where we reasonably believe your rights will not
be affected.

If any court or competent authority find that any provision of this privacy notice (or part of any provision) is invalid, illegal or unenforceable, that provision will, to the extent required, be
deemed to be deleted, and the validity and enforceability of the other provisions of this privacy notice will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This notice will be governed by and interpreted according to the law of England and Wales.

All disputes arising under the notice will be subject to the exclusive jurisdiction of the English and Welsh courts.