1.INTRODUCTION:

HK9 Security Services Ltd [Company Number 10964995] is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all our legal obligations. We hold personal data about our employees, clients, suppliers and other individuals for a variety of business purposes.

Our registered address is:

HK9 Security Services Limited
Jhumat House, 160 London Road Barking, England
IG11 8BB
We are committed to safeguarding your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

2. Data Controller:

‘Data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by law.

As a data controller we are responsible for deciding how we hold and use personal information about you. We are required – under data protection legislation – to notify you of the information contained in this privacy notice,if requested.

3.Data Processor:

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

When acting as a processor we will only act on the written instructions of the controller (Article 29), not use a sub-processor without the prior written authorization of the controller (Article 28.2), ensure the security of its processing in accordance with Article 32, keep records of its processing activities in accordance with Article 30.2, notify any personal data breaches to the controller in accordance with Article 33 and employ a data protection officer if required in accordance with Article 37.data processor is required to submit to audits and inspections, provide the controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.

4.WHERE WE STORE YOUR PERSONAL DATA:

We store all your personal details on a secure server, within the EU. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

5.WHAT INFORMATION DO WE COLLECT ?

a.Manned Guarding Contracts

To effectively monitor our activities, as Service Providers under the regulation of SIA, it is a requirement for us to provide the SIA or their UKAS accredited assessors with all relevant Client information to enable us to comply with their rules.

b.Employees

Regarding our Employees information regarding your personal details, employment history, next-of-kin, education, medical status and those criteria regarding statutory and regulatory obligations will be maintained securely on individual personnel files held on our secure server, under the conditions as detailed in the HK9 Security Data Protection Policy.

c.OUR PROCEDURES

Fair and lawful processing. We must process personal data fairly and lawfully in accordance with individuals’ rights under the first Principle. This generally means that we should not process personal data unless the individual whose details we are processing has consented to this happening.

If we cannot apply a lawful basis (explained below), our processing does not conform to the first principle and will be unlawful. Data subjects have the right to have any data unlawfully processed erased.

6.Special Categories of Personal Data:

Special categories of data include information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings, and genetic and biometric information — any use of special categories of personal data should be strictly controlled in accordance with this policy.

7.THE PURPOSES FOR WHICH PERSONAL DATA MAY BE USED BY US:

Personnel, administrative, financial, regulatory, payroll and business development purposes.

• Business purposes including Compliance with our legal, regulatory and corporate governance obligations and good practice
• Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
• Ensuring business policies are adhered to (such as policies covering email and internet use)
• Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking
• Investigating complaints
• Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
• Monitoring staff conduct, disciplinary matters
• Marketing our business
• Improving services

8.HOW LONG DO WE USE YOUR PERSONAL DATA FOR?

We only keep your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data – and whether we can achieve those purposes through other means – and the applicable legal requirements.

9.HOW SECURE IS YOUR DATA?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

10. YOUR RIGHTS:

1. Right to be informed of what, why, for how long and how your data will be
2. The right of access:We have processes in place to ensure that we respond to a subject access request without undue delay without fee in most cases and within one month of receipt in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
3. The right to rectification:Done within 28 working days or at maximum 2 months more if there is a complication.

4. The right to erasure:

The right to erasure is also known as ‘the right to be forgotten’. Individuals can make a request for erasure verbally or in writing

We have processes in place to ensure that we respond to a request for erasure without undue delay and within one month of receipt.

5. The right to restrict processing:

This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. We act upon the request without undue delay and at the latest within one month of receipt.

6. The right to data portability
7. The right to object: If you have any problems with the way that we are handling your personal data, you should contact the Information Commissioner’s Officer [ICO]. The ICO can be contacted by telephone on 0303 123 113 – Monday to Friday, between 9am and 5pm – or by email at casework@ico.org.uk. You can also visit the ICO’s website by following this link: https://ico.org.uk/

   
   If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, please write to us at:

   HK9 Security Services Limited
   Jhumat House, 160 London Road, Barking, England, IG11 8BB or
   email us at dataprotection@hk9security.com

You will not have to pay a fee to access your personal information [or to exercise any of the other rights]. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

11. CHANGES TO OUR PRIVACY POLICY:

We keep our privacy policy under regular review and any updates are posted on our site. This privacy policy was last updated on May 23, 2018 to comply with the new GDPR regulations.

12. ACCOUNTABILITY:

We are responsible for keeping a written record of how all the data processing activities we are responsible for comply with each of the Principles. This must be kept up to date and must be approved by the DPO.

We have implemented technical and organizational measures to ensure, and demonstrate, compliance with the GDPR which are reviewed and updated as necessary.

As Controllers we are liable for compliance with the GDPR and only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.

13. OUR RESPONSIBILITIES

• Analysing and documenting the type of personal data we hold
• Checking procedures to ensure they cover all the rights of the individual
• Identify the lawful basis for processing data
• Ensuring consent procedures are lawful
• Implementing and reviewing procedures to detect, report and investigate personal data breaches
• Store data in safe and secure ways
• Assess the risk that could be posed to individual rights and freedoms should data be compromised

14.YOUR RESPONSIBILITIES

• Fully understand your data protection obligations
• Check that any data processing activities you are dealing with comply with our policy and are justified
• Do not use data in any unlawful way
• Do not store data incorrectly, be careless with it or otherwise cause us to breach data protection laws and our policies through your actions
• Comply with this policy at all times
• Raise any concerns, notify any breaches or errors, and report anything suspicious or contradictory to this policy or our legal obligations without delay

15. DATA CONTROLLER

The data controller responsible for your personal data is HK9 Security Ltd and our data protection registration number is ZA301076, due for expiry on December 10, 2018. If you have any questions about this privacy notice or how we handle your personal information, please contact us on 02081339636

16. REPORTING BREACHES

Any breach of this policy or of data protection laws must be reported as soon as practically possible. This means as soon as you have become aware of a breach. [Our organisation] has a legal obligation to report any data breaches to [name of supervisory authority] within [72 hours]. All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to:

• Investigate the failure and take remedial steps if necessary
• Maintain a register of compliance failures

Notify the supervisory authority of any compliance failures that are material either or as part of a pattern of failures