Confidentiality Clauses in Facilities Management Contracts in New Zealand

If you run a facilities management business, confidentiality clauses can look like standard boilerplate until something goes wrong. A client asks for access to your maintenance records, your staff work on a sensitive site, or your team uses subcontractors and shared software, and suddenly the wording matters a lot. Common mistakes include signing one way clauses that only protect the client, defining confidential information too broadly, and forgetting to line up the clause with privacy, subcontractor, and data security obligations.

For New Zealand businesses, the real issue is practical: what information must stay confidential, who can use it, who can share it internally, and what happens when the contract ends. The answers are rarely clear from a quick scan of standard terms. Before you sign a facilities management contract, it is worth checking whether the confidentiality clause actually fits the way your business delivers services on site, stores information, and works with staff and contractors.

This guide explains what confidentiality clauses for facilities management company contracts usually cover in New Zealand, the legal issues to review before you sign, and the drafting traps that often create disputes later.

Overview

A confidentiality clause sets the rules for handling sensitive information shared during a facilities management relationship. In New Zealand, these clauses matter because facilities managers often receive operational, commercial, security, employee, tenant, and building data that can affect a client's business if disclosed or misused.

A good clause should protect legitimate confidential information without making ordinary service delivery unworkable. It should also line up with the rest of the contract, especially privacy, subcontracting, record-keeping, and termination terms.

• how the contract defines confidential information, including whether site information, security procedures, pricing, manuals, reports, and building data are covered
• whether the obligation applies both ways, or only protects the client
• which disclosures are allowed, such as to employees, subcontractors, advisers, insurers, or as required by law
• what security standards or handling procedures you must follow for documents, systems, keys, codes, and access credentials
• how the clause interacts with the Privacy Act 2020 if personal information is involved
• whether you can use general know how, templates, and non-client-specific learnings in your business
• what happens to information, devices, records, and copies when the contract ends
• what remedies apply if there is a breach, including indemnities, termination rights, and urgent court orders

What Confidentiality Clauses for Facilities Management Company Means For New Zealand Businesses

For a New Zealand facilities management company, a confidentiality clause is usually about operational control, client trust, and risk allocation, not just secrecy in the abstract.

Facilities management contracts often cover cleaning, maintenance, repairs, security coordination, grounds, front-of-house services, waste, HVAC, compliance checks, and contractor management. In doing that work, your business may see information that goes well beyond basic contact details.

That can include:

• building plans and access arrangements
• alarm codes and security protocols
• maintenance schedules and defect histories
• tenant complaints and incident reports
• supplier pricing and procurement terms
• health and safety processes
• energy use and site performance data
• staff rosters, names, and access logs

Some of that information is commercially sensitive. Some may be personal information under the Privacy Act 2020. Some may be security sensitive even if it is not technically secret in a commercial sense.

Why facilities management contracts need tailored confidentiality wording

Facilities management work is rarely performed by one person holding one folder of documents. Information moves through site managers, technicians, helpdesk systems, mobile devices, subcontractors, and reporting platforms. A generic confidentiality clause may not reflect that reality.

This is where founders often get caught. The contract says you must not disclose any confidential information to any third party, but your service model depends on specialist subcontractors. Or the clause requires immediate return of all records on termination, but you need to keep some records for insurance, dispute, or legal compliance purposes.

The right wording should let you perform the contract in a practical way while still protecting the client's legitimate interests.

Confidentiality is not the same as privacy

A confidentiality clause is a contract promise. Privacy obligations come from statute when personal information is involved. In a facilities management setting, those two often overlap but they are not identical.

If your team handles personal information, such as staff names, contact details, access records, CCTV-related logs, visitor information, or complaint records, the Privacy Act 2020 may affect how that information is collected, stored, used, and disclosed. A contract cannot replace those obligations.

Before you accept the provider's standard terms, check whether the confidentiality clause and any privacy clause or privacy notice deal clearly with:

• what personal information you are expected to handle
• whether you are acting on the client's instructions
• security safeguards for systems and devices
• who is responsible if there is a privacy breach
• whether offshore software or cloud storage is used

That matters in practice. A client may expect strict confidentiality, but if the clause is silent on privacy responsibilities, the parties can end up arguing about who should have notified a breach or who was responsible for weak system controls.

Mutual versus one way confidentiality clauses

Many facilities management agreements are drafted to protect the client only. That may be reasonable in some relationships, but not all. Your company may also share confidential material, such as pricing models, reporting formats, service methodologies, software workflows, and subcontractor arrangements.

If the clause is one way, you should decide whether that reflects the real commercial position. In some negotiations, a mutual clause is more appropriate. In others, a one way clause may be acceptable if the definition of confidential information is narrower and your own intellectual property and business information are protected elsewhere in the contract.

What counts as confidential information

The definition is one of the most important parts of the clause. If it is too narrow, genuinely sensitive information may fall outside the protection. If it is too broad, everyday operational material can become impossible to use.

A balanced definition often covers information that is disclosed in connection with the contract and is confidential by its nature, marked confidential, or reasonably understood to be confidential. It should usually exclude information that:

• is already public, other than through a breach
• was already lawfully known by the receiving party
• is independently developed without use of the other party's information
• must be disclosed by law, court order, or regulatory requirement

For facilities management businesses, it also helps to be clear about grey areas, such as aggregated performance data, de-identified reporting metrics, and operational know how developed across multiple client sites.

Legal Issues To Check Before You Sign

Before you sign a facilities management contract, the main legal question is whether the confidentiality clause matches how information actually flows through your business.

1. Scope of the information covered

The clause should identify the kinds of information that need protection without swallowing everything connected to the relationship. If a contract says all information relating in any way to the client is confidential forever, that is a red flag.

Look closely at whether the wording covers:

• oral disclosures, site observations, and practical know how gained on site
• documents, reports, photos, videos, and electronic records
• security information, access credentials, and system passwords
• commercial terms, pricing, and service levels
• personal information and incident records

If the clause is too broad, ask for clearer boundaries. You do not want a dispute later because a staff member used general experience from one contract on another unrelated job.

2. Permitted use of confidential information

A sensible clause should allow use of confidential information to perform the contract and meet related legal or operational obligations. If it only says you may not use information for any purpose, without that carve out, ordinary service delivery can technically breach the clause.

Before you rely on a verbal promise that “of course you can use it to do the work”, make sure the written terms say so.

3. Internal sharing and subcontractors

Facilities management businesses often depend on internal teams and specialist subcontractors. The contract should allow disclosure on a need-to-know basis to staff, officers, contractors, advisers, and insurers, provided they are bound by equivalent confidentiality obligations.

If there is no subcontractor carve out, your company may be in breach simply by sharing a site manual with an approved technician. This is a common drafting issue in standard terms.

Check whether the contract requires:

• prior written client consent before sharing information with subcontractors
• specific confidentiality deeds from each subcontractor
• minimum security standards for devices and systems
• responsibility for subcontractor breaches, even if unauthorised

Those points affect staffing, administration, and insurance risk, so they should not be brushed aside as minor legal wording.

4. Privacy Act overlap

If personal information is involved, you should not treat the confidentiality clause as the whole answer. The Privacy Act 2020 may require additional safeguards and breach response steps.

For example, if your helpdesk logs tenant complaints that include names and contact details, or your access system records identifiable entry data, the contract should make clear who controls that information, how it may be used, and what happens if it is lost or accessed without authority.

In some cases, a separate privacy schedule or data protection clause is worth adding.

5. Security obligations and operational standards

The clause should state practical handling requirements if the work involves security-sensitive information. That may include password protocols, device restrictions, key register controls, secure disposal, or incident reporting timeframes.

Vague obligations to keep information secure can create arguments after a problem occurs. Specific drafting gives both sides a clearer standard to follow.

6. Duration of confidentiality obligations

Confidentiality obligations often continue after the contract ends, but the period should make commercial sense. Some information may justify long-term or ongoing protection, such as security plans or trade secrets. Other information may lose sensitivity quickly.

If the clause imposes indefinite obligations for all material, consider whether that is necessary and workable. You may want a fixed period for general business information, with continuing obligations for especially sensitive categories.

7. Return, deletion, and record retention

When a facilities management contract ends, the client may want all confidential material returned or destroyed. That sounds simple, but records may sit across multiple systems, devices, inboxes, backup tools, and subcontractor files.

The contract should address:

• what must be returned, destroyed, or deleted
• whether backup copies may remain in routine systems for a period
• whether you can keep records required for legal compliance, insurance, accounting, or dispute resolution
• whether a written certificate of destruction is needed

Without these details, exit can become messy, especially if the client changes providers and asks for immediate transfer of records.

8. Remedies for breach

The remedy section matters just as much as the confidentiality promise itself. Some contracts give the client broad rights to terminate immediately, claim an indemnity, and seek urgent injunctive relief for any suspected breach.

That may be reasonable for serious security failures, but the wording should still be proportionate. A minor administrative slip should not trigger unlimited liability if the actual harm is low.

Review the confidentiality clause together with liability caps, indemnities, insurance obligations, and termination rights. A harsh confidentiality clause can become much more serious when paired with uncapped indemnities elsewhere in the agreement.

Common Mistakes With Confidentiality Clauses for Facilities Management Company

The most common mistake is assuming the confidentiality clause is harmless standard wording when it actually shifts major operational and liability risk onto the facilities management provider.

Accepting a definition that is far too broad

Some contracts define confidential information so widely that everything connected with the client, site, staff, and services is captured without exception. That can stop your team from using ordinary know how, training materials, or non-sensitive service improvements across your business.

A better approach is to protect genuinely confidential material while excluding public information, pre-existing knowledge, independent developments, and general expertise.

Ignoring practical delivery issues

Founders often focus on price, service levels, and termination rights, and leave the confidentiality clause untouched. Then the operations team discovers they cannot legally share site information with a subcontract electrician or upload records to the software platform they actually use.

Before you sign, test the clause against your day-to-day workflows:

• who needs access to the information
• where the information is stored
• what software is used
• whether any data is stored offshore
• how records are shared on site and after hours

If the clause does not fit those workflows, it needs adjustment.

Forgetting to deal with subcontractors

Facilities management often relies on specialist trades and third party providers. A clause that ignores them is a problem waiting to happen. You should be clear about when disclosure is permitted, what written obligations they must accept, and whether the client has approval rights.

This point is especially important where the site involves health services, schools, government premises, logistics facilities, or other locations with heightened security or privacy expectations.

Overlooking the contract's other clauses

Confidentiality cannot be reviewed in isolation. Problems often come from mismatch with other clauses, such as:

• intellectual property clauses that give the client ownership of all reports, templates, and materials
• privacy clauses that impose separate breach notification duties
• publicity clauses restricting use of the client's name or site details
• record-keeping clauses requiring long retention periods
• audit clauses giving the client broad access to systems and records

One clause may appear manageable on its own, but become onerous when read with the rest of the contract.

Relying on informal understandings

A site manager may say your team can share plans with nominated subcontractors or keep copies of service records after the contract ends. If the written contract says otherwise, that informal understanding may not protect you.

Before you spend money on setup or allocate staff, get any important confidentiality carve outs into the signed agreement.

Missing end-of-contract issues

Exit is where confidentiality disputes often surface. The client may ask for immediate handover of records, deletion of backups, return of keys and devices, and removal from software systems. If the contract is unclear, there can be disagreement about what is possible and how quickly it must happen.

Spell out the exit process while the relationship is being negotiated, not after the contract has broken down.

FAQs

Do confidentiality clauses in facilities management contracts need to be mutual?

Not always, but many should be. If both sides share sensitive information, a mutual clause is often more balanced. If the clause is one way, make sure your own pricing, methods, and business information are protected somewhere in the contract.

Can a facilities management company share confidential information with subcontractors?

Usually yes, but the contract should expressly allow it on a need-to-know basis. It should also require subcontractors to follow equivalent confidentiality and security obligations.

Does a confidentiality clause cover personal information?

It can, but privacy obligations are separate. If personal information is involved, the Privacy Act 2020 may impose additional duties about collection, storage, use, disclosure, and breach response.

How long should confidentiality obligations last after the contract ends?

That depends on the type of information. Security-sensitive or trade secret information may need ongoing protection, while ordinary commercial information may justify a fixed period only. The contract should distinguish between those categories where possible.

What should happen to confidential records when the contract ends?

The contract should say whether records must be returned, deleted, or destroyed, and whether any copies can be kept for legal, insurance, or dispute purposes. It should also address backups, software systems, and subcontractor-held records.

Key Takeaways

• Confidentiality clauses for facilities management company contracts should reflect how information is actually handled across staff, subcontractors, systems, and sites.
• The definition of confidential information needs to be clear and commercially sensible, not so broad that it blocks ordinary service delivery or use of general know how.
• Before you sign, check permitted disclosures, subcontractor rights, privacy overlap, security standards, record retention, and end-of-contract obligations.
• The clause should be reviewed alongside liability caps, indemnities, intellectual property, privacy, audit, and termination clauses.
• Verbal assurances are not enough. If you need carve outs for subcontractors, software systems, retained records, or de-identified reporting, put them in the written contract.
• If you are reviewing or negotiating confidentiality clauses for facilities management company and want help with contract drafting, subcontractor confidentiality obligations, privacy and data handling terms, or liability and indemnity review, you can reach us on 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.