This policy applies to all prospective applicants, Customers, Sub-contractors & Suppliers, Website User and the owner and provider of this website SECOM Plc.
SECOM Plc takes the privacy of your information very seriously and this policy outlines our conduct of how we collect and use the Data that is provided.
Please read the policy carefully.
1. Definitions and interpretation
|Data:||Collectively all information that is provided to SECOM Plc. This definition incorporates,
where applicable, the definitions provided in GDPR
|EEA||European Economic Area is a secure server that is used to store data; this excludes any email alerts from SECOM Plc. Some of SECOM Plc suppliers based outside the EEA is strictly controlled with access of your data. By submitting your persona data, you have agreed to the terms.|
|GDS||Government Digital Service is only accessed by authorised people and our suppliers to; improve the site by monitoring how you use it; gather feedback to improve our services e.g. email alerts; respond to any feedback received and requested; send email alerts to users who request them; allow you to access government services and make transactions; provide you with information about local services if required.|
|SECOM Plc||A company incorporated in England Wales with registered number 2585807 whose registered office is: Secom House 52 Godstone Road Kenley, Surrey, CR8 5JF|
|UK & EU Cookie Law||The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011|
|Third Party||Any third party that accesses the Website and is not either (i) employed by SECOM Plc and acting during their employment of (ii) engaged as a consultant or otherwise providing services to SECOM Plc and accessing the Website in connection with the provision of such services|
|Website||The website that you are currently using, www.secom.plc.uk, and any sub-domains of this site unless expressly excluded by their own terms and conditions.|
|Cookies||A small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause below (Cookies)|
In this policy, unless the context requires a different interpretation:
a) the singular includes the plural and vice versa
c) a reference to a person includes firms, companies, government entities, trusts and partnerships;
d) “including” is understood to mean “including without limitation”;
e) reference to any statutory provision includes any modification or amendment of it;
Implementing, management and assurance of SECOM Plc GDPR policy is shared amongst the DPO and the GDPR committee.
SECOM Plc Data Protection Officer (DPO) will be the first point of contact for all GDPR related enquires; Data Breaches, Subject Access & Erasure and General Customer Request’s.
The GDPR Committee sits behind DPO to assist and sets policy in respect of the Company’s GDPR compliance and in the absence of the DPO the committee will be the second point of contact for any enquires and request made.
GDPR Committee Members
The GDPR Committee consist of 6 members with relevant experience in the field of corporate governance/risk, business management and IT security the members are;
- Assurance/Data Protection Officer
- Head of Assurance
- Compliance Manager
- Human Resources Manager
- Financial Director
- General Manager IT and Infrastructure
Data Protection Officer
Assurance and Data Protection Officer GDPR@secom.plc.uk
The policy outlines SECOM Plc commitment to protect personal information. It is equally important for SECOM Plc to be compliant and by doing so we have adopted regulatory, statutory and industry guidelines to manage all personal data securely.
The term “Personal Data” refers to personally identifiable information about “you”, such as your name, date of birth, e-mail address or postal address etc…
Where data is submitted by “you” whether it is manually or in electronically, this means that consent has been given for SECOM Plc to process.
Your personal information will only be processed;
- In the context of SECOM Plc activities
- For the provisions or offer of services to the individual
- To actively monitor the behaviour of individuals
SECOM Plc are responsible for protecting your personal data at all time, this is done by;
- Implementing policies and procedures
- Appointing a company Data Protection Officer to deal with all GDPR enquires
- Providing a clear, transparent and legitimate interests for processing your data
- Adhering to legal obligations when processing your data
- Giving you the opportunity to either request or delete your data
- Regular compliance/assurance checks are conducted
- Ensuring all relevant staff are trained
4. Data Collected
In accordance with SECOM Plc policy, information that is collated consist of both general and special categorised data, this may include but not limited to the following;
b) Date of Birth
c) Email Address
d) Telephone Numbers
f) Feedback and Complaints
g) Application for employment
h) Biometrics – CCTV Images and Recording
i) Health – Job specific
5. Our Use of Data and Data Retention
For purposes of the General Data Protection Regulations (GDPR), SECOM Plc is the “data controller”. We will retain any Data that you have provided SECOM Plc for a minimum of 6 months where applicable;
|Data Type||Retention Period|
|Subcontractor Records||3 years|
|Head Office Admin||3 years|
|Business Systems||Minimum 2 years|
|CCTV/ Call Recordings||Minimum 12 months|
Unless we are obliged or permitted by law to do so, and subject to any third-party disclosures specifically set out in this policy, your Data will not be disclosed to third parties. This includes our affiliates and/ or other companies within our group.
All personal Data is stored securely in accordance with the principles of GDPR. For more details on security see the clause below (Security).
Any or all the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:
a) internal record keeping
b) improvement of our products/services
c) contact for market research purposes which may be done using email, telephone, fax or mail.
Such information may be used to customise or update the Website
d) financial documents and statements such as invoices, credit notes etc…
e) compelled by the court of law
f) creating customer files
g) third party suppliers carrying out specific functions on behalf of SECOM Plc
h) authorising access control to various systems
i) tax and payroll purpose
6. Data Storage
All information provided are stored on SECOM Plc servers at Kenley and backed up to our secure inhouse servers in Hainault and Leeds.
Unfortunately, transmission of information via internet is not completely secure. SECOM Plc will do their best to protect your personal data, we can not guarantee the security of your data transmitted to our website: any transmission is at your own risk. However, once SECOM Plc has received your information we will use strict procedures and security protocols to try and prevent unauthorised access.
7. Legal Basis for Processing
SECOM Plc reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws;
*Refer to Section 4 – Data Collected
|SECOM Plc will use this personal
data for the following purposes:
|Legal Grounds for SECOM Plc collection and
use of your personal data
|A, B, C, D, E, F,G||Obtaining and using the information for contacting prospective customers, complaints, feedback and service ratings.||Legitimate interest for SECOM Plc to provide quotes, assist and respond customer feedback/experience|
|A, B, C, D, E||Obtaining customer information to process system before scanning on to SECOM Plc business management system.||This use, including the collection of the personal data needed to do it, is necessary for our legitimate interest to sustain the partnership with you/the company|
|A, B, C, D, E,||Running and managing regulatory obligations where SECOM Plc will use your data to provide government officials and courts.||It is SECOM Plc legal obligation to provide evidence of record.|
|A, B, C, D, E||Invoices and statements containing personal data to trade.||The purposes of obtaining and processing invoices/statements it is SECOM Plc legitimate interest as well as contractual and legal obligation to retain and use the personal information.|
|A, B, C, D, E||To provide you with marketing communications, where you have opted in to receive such communications (including information about us, our products, solutions and services).
These can be shared via electronically and post.
|This use, including the collection of the personal data needed to do it, is necessary for the purpose of our legitimate interest to market, promote and demonstrate our business, products and services, and any other information.|
|A, B, C, D, E, H||To do other things that you have explicitly asked us to do, for example if you chose to opt in to one or more specific activities that we offer.||If you have opted in to a specific activity that we offer, this use, including the collection of the personal data needed to do it, is necessary for the performance of the contract we have with you/the company – that is, our obligation to provide to you or enable you to take part in the offered activity|
|G, I||Running and managing the process of pre-employment process; dependant on the role of the job, health status will be requested.||Legitimate interest and legal obligation|
8. Sharing Data
SECOM Plc performs several functions to provide the best quality service. In some cases, data may be shared based on business, legal and contractual agreement. Our reason for the sharing data varies from marketing to background checks. We ensure that all data held and processed by Secom is only accessed by employees and approved 3rd party suppliers. Outlined below are the categories of whom SECOM Plc may share personal data with and our legitimate reason for sharing.
|Data Centre||Daily backup|
|Marketing & Sales Force||Providing products and services updates|
|Courts||Compelled to comply with request|
|Finance, Auditors, Credit Control and Advisors||Audits|
|Employees||Accessing accounts to assist with quires|
|Engineers and Subcontractors||Service and product installation continuous routine maintenance checks|
|Credit Referencing/ DBS||Staff Vetting/Security Checks|
|Employees – Compliance||Invoice payments and personnel files|
SECOM Plc acknowledges that the information that is provided may be confidential and to ensure that your data is protected SECOM Plc will maintain the confidentiality of your data and information in accordance with all applicable laws.
10. Changes of business ownership and control
We may also disclose Data to a prospective purchaser of our business or any part of it.
In the above instances, we will take steps with the aim of ensuring your privacy is protected.
11. Controlling use of your Data
Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
• Use of Data for direct marketing purposes; and
• Sharing Data with third parties.
12. Functionally of the Website
To use all features and functions available on the Website, you may be required to submit certain Data.
13. Third party websites and services
SECOM Plc may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. The providers of such services do not have access to certain personal Data provided by Users of this Website.
14. Links to other websites
All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.
Before the Website place Cookies on your computer, you will be presented with a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling SECOM Plc to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.
This Website may place the following Cookies:
|Type of cookies||Purpose|
|Strictly necessary cookies:||These cookies are essential in order for you to move around the website and use its features, for example such as accessing secure areas of the website. talk to Marketing.|
|Analytical/performance cookies||They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.|
|Functionality cookies||These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).|
|Targeting cookies||These cookies record your visit to our website, the pages you have visited and the links you have followed. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.|
You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser.
You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
Data security is of great importance to SECOM Plc and to protect you Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collection via this Website.
If password access is required for certain parts of the Website, you are responsible for keeping this password confidential.
We endeavour to do our best to protect your personal Data. However, transmission of information over the internet is not entirely secure and its done at your own risk. We cannot ensure the security of your Data transmitted to the Website.
17. Subject Access Request
You have the right to ask for a copy of any of your personal Data held by SECOM Plc as a Subject Access Request (SAR’s). All requests must be in writing and addressed to the ‘Data Controller’, the request may include but not limited to;
- Alarm Handling Information
- Copies of emails and letters
- CCTV footage
- Call recordings
- DBS Report
SECOM Plc will aim to acknowledge any Subject Access Request within 48hrs of receipt and complete the process within 30 days. In some cases, processing SAR’s may take longer, and it is SECOM Plc’s duty to keep you informed.
This is non-chargeable request; however, SECOM Plc has the rights to charge a ‘reasonable fee’ when a request is manifestly unfounded, excessive or repetitive.
18. ‘Right to be Forgotten’
SECOM Plc Staff, Customers, Sub-contractors & Suppliers, Website User shall have the right to obtain from the Data Protection Controller to delete personal data concerning them without undue delay.
It is the controller’s obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the individual withdraws consent on which the processing is based according to Article 6 GDPR
(1) or Article 9 GDPR (2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21 GDPR (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 GDPR (2)
d) the personal data have been unlawfully processed;
e) the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8 GDPR (1)
Where the controller has made the personal data public and is obliged pursuant to section 32 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform relevant data controllers which are processing the personal data that the individual has requested for deletion
The above will not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by a Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest around public health in accordance with points (h) and (i) of Article 9 GDPR (2) and (3);
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 GDPR (1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defence of legal claims.
SECOM Plc will manage all complaints in accordance with the company Complaints Management Policy. All complaints related to personal data will be reviewed, investigated and processed by SECOM Plc Data Protection Officer (DPO).
Complaints regarding the conduct of processing personal data by Secom Plc should be in writing and forwarded to the Data Protection Officer.
An investigation of the complaint will be carried out to the extent that is appropriate based on the merits of the specific case. The Data Protection Officer will inform the data subject of the progress and the outcome of the complaint within a reasonable period.
If the issue cannot be resolved or dissatisfied with the way SECOM Plc has handled your data, you have the rights to lodge a complaint with the Information Commissioner’s Office (ICO), Tel: 0303 123 1113, Website: www.ico.org.uk. However, SECOM Plc would appreciate the chance to deal with your concerns before you approach the ICO details can be found in section 2 of the policy.