Privacy Policy 2024

**Securitop Ltd Privacy and GDPR Policy** 2024

**Securitop Privacy and GDPR Policy**

The policy is comprehensive and covers a wide range of areas that a security firm should consider, including GDPR compliance, data protection, and various relevant legal areas. Here are the key sections included:

1. **Introduction**
2. **Information We Collect**
3. **How We Use Your Information**
4. **Legal Basis for Processing Your Personal Data**
5. **Disclosure of Your Information**
6. **Data Security**
7. **Data Retention**
8. **Your Rights**
9. **Surveillance and Monitoring**
10. **Employee and Contractor Data**
11. **Client Data**
12. **Data Sharing with Law Enforcement**
13. **Incident Response and Breach Notification**
14. **Training and Awareness**
15. **Data Protection Officer (DPO)**
16. **Health and Safety Compliance**
17. **Consumer Protection and Contract Compliance**
18. **Human Rights Considerations**
19. **Criminal Law Compliance**
20. **Changes to Our Privacy Policy**
21. **Contact Information**

- **Third-Party Data Processors**: Details about third-party data processors, their roles, and the measures taken to ensure they comply with data protection laws.
- **Cookies and Tracking Technologies**: If your firm uses cookies or other tracking technologies on its website, a detailed section about their use and how users can manage their preferences.
- **Data Subject Access Requests (DSARs)**: Procedures for handling DSARs, including response timeframes and verification processes.
- **Data Privacy Impact Assessments (DPIAs)**: Information on when and how DPIAs are conducted to assess the risks associated with data processing activities.
- **Children's Data**: If applicable, policies regarding the collection and processing of data from minors.
- **International Data Transfers**: If you transfer data across borders, details on how you ensure compliance with GDPR and other regulations regarding international data transfers.

Here's a brief addition for Third-Party Data Processors, Cookies, and DSARs:

**21. Third-Party Data Processors**

21.1 **Selection Criteria**: We select third-party data processors based on their ability to comply with data protection laws and our security standards.
21.2 **Contracts**: We have contracts in place with all third-party data processors to ensure they process personal data in compliance with our instructions and applicable laws.

**22. Cookies and Tracking Technologies**

22.1 **Use of Cookies**: Our website uses cookies to enhance user experience and analyze site usage.
22.2 **Types of Cookies**: We use session cookies, persistent cookies, and third-party cookies.
22.3 **Managing Cookies**: Users can manage their cookie preferences through their browser settings.

**23. Data Subject Access Requests (DSARs)**

23.1 **Submitting a Request**: Data subjects can submit access requests by contacting us using the information provided in the Contact section.
23.2 **Response Timeframe**: We respond to DSARs within one month of receipt, extendable by two additional months if necessary.
23.3 **Verification**: We verify the identity of the requester to protect against unauthorized access to personal data.



**Introduction**

Securitop ("we", "our", "us") is committed to protecting and respecting your privacy. This policy outlines how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable laws, including employment law, consumer protection law, health and safety regulations, contract law, human rights law, and criminal law. Please read the following carefully to understand our practices regarding your personal data.

**1. Information We Collect**

We may collect and process the following data about you:

1.1 **Information You Give Us**
- Personal information such as name, address, email address, phone number, and other contact details.
- Financial and payment information, if necessary for the services provided.
- Any other information you provide when contacting us or using our services.

1.2 **Information We Collect Automatically**
- Technical information, including the IP address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform.
- Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through, and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

1.3 **Information We Receive from Other Sources**
- Information from third parties such as business partners, sub-contractors, analytics providers, search information providers, and credit reference agencies.

**2. How We Use Your Information**

We use the information held about you in the following ways:

2.1 **Information You Give Us**
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us.
- To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
- To notify you about changes to our service.
- To ensure that content from our site is presented in the most effective manner for you and your computer.

2.2 **Information We Collect Automatically**
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes.
- To improve our site to ensure that content is presented in the most effective manner for you and your computer.
- To allow you to participate in interactive features of our service, when you choose to do so.
- As part of our efforts to keep our site safe and secure.

2.3 **Information We Receive from Other Sources**
- To combine this information with information you give to us and information we collect about you for the purposes set out above.

**3. Legal Basis for Processing Your Personal Data**

We process your personal data based on the following legal grounds:

- **Performance of a Contract**: When processing is necessary for the performance of a contract to which you are a party.
- **Consent**: Where you have given clear consent for us to process your personal data for a specific purpose.
- **Legitimate Interests**: When processing is necessary for our legitimate interests or those of a third party, provided that your interests and fundamental rights do not override those interests.
- **Compliance with Legal Obligations**: When processing is necessary for compliance with a legal obligation to which we are subject.

**4. Disclosure of Your Information**

We may share your personal information with selected third parties including:

- Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you.
- Analytics and search engine providers that assist us in the improvement and optimization of our site.
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
- Law enforcement agencies, regulators, and other authorities if we are legally required to do so.

**5. Data Security**

We take appropriate measures to ensure that your personal data is kept secure, including security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.

**6. Data Retention**

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

**7. Your Rights**

Under the GDPR, you have the following rights:

- The right to access the personal data we hold about you.
- The right to have your personal data corrected if it is inaccurate or incomplete.
- The right to have your personal data erased in certain circumstances.
- The right to restrict processing of your personal data in certain circumstances.
- The right to object to the processing of your personal data in certain circumstances.
- The right to data portability, allowing you to move, copy, or transfer personal data easily from one IT environment to another.

If you wish to exercise any of these rights, please contact us using the contact details provided below.

**8. Surveillance and Monitoring**

8.1 **Surveillance Equipment**
- **Types of Equipment Used**: We use various types of surveillance equipment, including CCTV cameras, body cameras, and drones, for security purposes.
- **Data Collected**: We collect video footage and audio recordings.
- **Storage and Retention**: This data is stored securely and retained for a specific period, after which it is securely deleted.
- **Access**: Access to surveillance data is restricted to authorized personnel only.

8.2 **Monitoring Communications**
- **Types of Communications Monitored**: We may monitor or record phone calls, emails, and other communications for security and training purposes.
- **Purpose**: This monitoring is conducted to ensure the safety and security of our operations and to improve our services.

**9. Employee and Contractor Data**

9.1 **Data Collected**: We collect personal data from employees and contractors, including background checks, personal identification, and performance data.
9.2 **Usage**: This data is used for employment and contract management purposes and stored securely.
9.3 **Rights**: Employees and contractors have rights regarding their data as outlined in section 7.

**10. Client Data**

10.1 **Types of Data**: We collect personal data from clients, including contact details and security requirements.
10.2 **Purpose and Usage**: This data is used to provide tailored security services and ensure client satisfaction.
10.3 **Confidentiality**: Client data is kept confidential and protected with appropriate security measures.

**11. Data Sharing with Law Enforcement**

11.1 **Circumstances**: We may share data with law enforcement agencies when required by law or to protect our rights or the safety of our clients and employees.
11.2 **Legal Basis**: Data sharing with law enforcement is conducted in compliance with legal requirements and procedures.

**12. Incident Response and Breach Notification**

12.1 **Procedures**: We have procedures in place for responding to data breaches, including containment, investigation, and remediation.
12.2 **Notification**: Affected individuals and authorities will be notified of a data breach as required by law.

**13. Training and Awareness**

13.1 **Employee Training**: We provide regular training for employees on data protection, GDPR compliance, and other relevant legal areas.
13.2 **Awareness Programs**: We have programs to keep employees updated on best practices and new regulations.

**14. Data Protection Officer (DPO)**

14.1 **Appointment**: If required, we have appointed a Data Protection Officer who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR requirements.
14.2 **Contact Information**: You can contact our Data Protection Officer at [DPO's Email Address] for any data protection queries.

**15. Health and Safety Compliance**

15.1 **Regulations**: We comply with all relevant health and safety regulations in the use of surveillance equipment and the deployment of security personnel.
15.2 **Training**: Our employees receive training on health and safety practices to ensure a safe working environment.

**16. Consumer Protection and Contract Compliance**

16.1 **Client Contracts**: We ensure that all client contracts and service agreements comply with consumer protection laws.
16.2 **Transparency**: We maintain transparency in our contract terms and conditions, ensuring clients are fully informed about their rights and obligations.

**17. Human Rights Considerations**

17.1 **Respect for Rights**: We ensure that our surveillance practices respect the human rights and privacy of individuals.
17.2 **Compliance**: Our operations comply with applicable human rights laws and regulations.

**18. Criminal Law Compliance**

18.1 **Use of Force and Detention**: Our use of force and detention practices comply with criminal law requirements and are conducted in a manner that respects the rights and safety of individuals.
18.2 **Cooperation with Law Enforcement**: We cooperate with law enforcement agencies as required by law, ensuring that all data sharing and operational practices are legally compliant.

**19. Changes to Our Privacy Policy**

We may change this policy from time to time. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

**20. Contact**

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to:

Securitop
[Office Address:7A Radcliffe Road Bentley Doncaster DN5 0JJ]
[Email: Info@securitop.co.uk]
[Tel: 03300434496]