Tutelar Security LtdAn effective and professional Security company
At Tutelar Security we take the collection, storage and use of your personal information very seriously. This Privacy Notice contains important information to help you to understand how we collect, use and share data about you. The notice is intended to help you understand:
- Who we are
- How we collect and use your data
- What data we collect
- How we use your data
- How we share your data
- How long we keep your data for
- Where we store your data
- Your rights
- Contacting us and Complaints
Who we are
Tutelar Security Ltd, are a private contract security company, registered in England and Wales. Company number 08705200, Basepoint Business Centre, Stroudley Road, Basingstoke, RG24 8UP. Tel 03302 234810. We provide contract security services throughout the UK.
For the purposes of this policy, Tutelar Security are a data controllers . This means we decide the purposes for which, and the way in which, personal data is processed. We are registered with the ICO: Membership number ZA044503.
How we collect your data.
Personal data is information that might reasonable be used to identify you. We receive this personal data from a number of sources including directly from you via employment and contractual applications with us, via emails and letters that you send to us, through telephone calls with you, SMS and messaging services to us, our own website and social media accounts and indirectly through affiliated companies and agents. You are not obligated to provide us with your personal data but without it we will be unable to provide you with our services or be able to fulfil any regulatory or contractual obligations we may have as employers and as a regulated security company.
What data do we collect?
We collect personal data [and information known as sensitive personal data] as part of providing our services to you. We may also monitor or record calls, emails, or other communications in accordance with UK Law.
The data we collect and use is:
Personal data such as:
- Names, addresses, contact details including email addresses, mobile and landline.
- Next of kin, emergency contact details including addresses and telephone numbers.
- Employment and address history, including names and addresses of any references.
- Education and work experience details.
- SIA licence details, including renewal, licence number and photographic images.
Sensitive information such as:
- Dates of birth, National insurance details and financial details including banking information.
- Passport, Driving licence, and other photographic identity documents.
- Other sensitive information such as medical fitness, CRB or DBS checks, residential status, gender, religion, Marital status.
In addition to the above personal information, we also collect non specific “Other information” Such as general geographic locations, IP addresses, log files, your browsing history from our website using cookie data.
Please be aware that email, SMS and social media sites are not a secure medium, any personal information you send to us via this method could be intercepted. If your communication contains sensitive data or attachments containing such data please ensure the connection you are using is encrypted and that your access to our website is secure.
How we use your data.
Sensitive information such as those supplied in line with employment is only ever used for the purpose it is supplied, to fulfil employment, contractual or legal obligations. For example, as part of our security screening in line with BS7858:2012 or for HMRC and payroll purposes.
It may also be necessary to use your personal data to safeguard against fraud and money laundering, and to meet our general legal and regulatory obligations.
Other Information obtained as part of this process for example, gender, health status, marital status, employment history, qualifications and education may be used as part of our monitoring and demographic records to better assist us in improving our policies and HR processes.
Names, addresses, contact details including email addresses are used to provide personal services to you for whichever role or position you are associated with our company. This includes but is not limited to.
- Providing communication on services provided to you.
- Internal opinion polls, surveys or feedback purposes.
- Emergency contact purposes.
- Internal audit management and billing purposes
- To fulfil specific requirements of service delivery contracts, to both our customers and regulating bodies. (For example supplying clients with SIA licence details and contact details of security officers assigned to them.)
A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. This data is non identifying, general data.
We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate our website; and other uses. We will use the persistent cookies to: enable our website to recognise you when you visit; and other uses.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date. The data collected is of a general nature including (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website, (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
Cookie data is only ever used to enable us to
(a) administer our website;
(b) improve your browsing experience by personalising our website;
(c) enable your use of the services available on the website;
(d) Provide us with analytical data on websites use and functionality.
No data is used for automated decision making or profiling.
How we share your data
We only disclose information about you to our own employees, managers or suppliers to the extent required for the purpose as set out in this policy. It is sometimes necessary to share your personal information with relevant third parties. We may share your information with.
- CYSONLINE – cysonline.co.uk – Employee background and screening purposes.
- First payroll services – first-payroll.com – To fulfil payroll and HMRC obligations.
- Smart Pensions – autoenrolment.co.uk – Employee pension services.
- KMZ Bookeeping – kmzbookkeeping.co.uk – Our accounts and payroll contractor.
- Our regulators SIA- sia.homeoffice.gov.uk – For background and fraud prevention checks.
- Law enforcement agencies for the prevention and detection of crime.
Your data is not transferred outside of the EEA
Unless expressly requested and consented to by you, or requested by us separately to this policy with your consent, your data is not sold, transferred or held for the purposes of marketing either directly by us or any of our associated companies.
How long do we retain your data?
We will keep your data for as long as is necessary for the purposes for which it was originally collected.
- For information obtained via our website contact pages, this information is only kept until the reason for the contact has been successfully completed. This information is kept for no more than 31 days. If further contact is made following the initial request from our website where services are then obtained, records will be kept up to 2 years.
- Data obtained via Social Media Accounts will be stored for 2 months for business purposes.
- Information obtained via SMS, Whatsapp or other messaging services will be stored for 6 months.
- Information collected from Telephone calls is recorded and stored for 30 days, follow on or additional communications may be kept on file for 2 years depending on the nature of the call.
- Electronic mail including attachments are kept for as long as 3 years as required in line with business use and for reasons of security and compliance. Where such communications are part of employment or contractual agreements they may be stored for up to 7 years
- Information obtained as part of employment or contractual agreements can be retained for up to 7 years after the termination or expiry of any such obligation or employment. Where an applicant or contract was not successful, information is held for 2 years. No hard copies of personal or sensitive data are retained any longer than necessary to either transfer such information into electronic form or for fraud, security, prevention purposes.
Where we keep your data.
All personal data is stored in a secure location within our offices, in secure filing systems. Only authorised senior Managers or Directors have access to this information and any such access is recorded and controlled in line with GDPR guidelines.
All electronic communications, including email, phone logs and website data is stored securely with our Webservice and IT associate www.sowebdesigns.co.uk using SSL encrypted and firewalled servers. Local and cloud based encrypted backups are maintained for all electronic data and communications.
All personal data accessed via electronic devices such as PC, tablet, phones is done so via password protected and suitably firewalled devices.
Social Media accounts are only accessed and controlled by Tutelar Security Ltd Managing Director using password and fingerprint access controlled devices. Any data transfer is with need to know persons only, all data is backed up to cloud drives that only senior managers have access to.
Our website www.tutelarsecurity.co.uk and emails use SSL encryption to protect all data and data transfer.
Deletion of data is controlled and recorded, paper copies of data are shredded. Electronic data is destroyed in line with GDPR guidelines.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: You have the right to:
- Know what specific personal data we hold on you in our records, and request a copy of that data
- Have your personal data corrected or removed if it is inaccurate or incomplete.
- Have your personal data deleted from our systems.
- Restrict the processing of your data.
- To withdraw your consent to our processing of your data.
- Object to the processing of your personal data.
- Have your personal data transferred to another company.
- Withdraw or consent at any time to having your personal information used for marketing purposes.
- Lodge a complaint with the Information Commissioners Office.
If you choose to restrict the processing of your data, we may not be able to continue to provide you with our services. Tutelar Security Ltd can only process personal data with the consent of the individual and if the data is sensitive, express consent must be obtained and all such information will only be shared with our own staff on a need to know basis only.
We have a duty of care to our staff, clients and consumers. Therefore, all prospective staff will be asked to consent to their data being processed when an offer of employment is made. A refusal to give such consent may result in any offer being withdrawn.
We will comply with any restriction on the processing of your data unless fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted or required by law to keep.
If you would like a copy of some or all of the personal information that we hold about you, or to update or correct any of said information, or exercise any of your rights under the GDPR, please email our Data Protection Officer at firstname.lastname@example.org , Tel: 03302 234810 or write to us at DPO, Tutelar Security Ltd, Basepoint Business Centre, Basingstoke, RG24 8UP.
If you would like to make a complaint about our handling of your personal data, please contact our compliance officer at the address and email above and we will do our best to deal with the issues that you have raised as quickly and fairly as possible. If you are still unhappy you can complain to the Information Commissioners office through https://ico.org.uk/concerns or Information Commissioners Office 0303 123 1113, or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.