1. INTRODUCTION
The Locate Global website: www.locate.global is maintained by Priavo Security Limited – Registered Office: Station Studios, 96 Ethel Street, Hove, BN3 3LL; Registration Number – 8395681. Registered in England and Wales.
You can contact us on 0207 315 4221 or write to our dedicated Data Protection Team at: dataprotection@priavosecurity.com
This Privacy Policy explains what personal information PRIAVO SECURITY LTD, PRIAVO MARITIME SECURITY INC, LOCATE GLOBAL LTD and its related entities (“Priavo”) collect about you and how we manage your data in line with both the United Kingdom (UK) and European Union (EU) General Data Protection Regulation (GDPR) and other applicable data law and regulations. Priavo is obligated by law to safeguard the personal information that we process, and this Privacy Notice outlines the actions that we take to accomplish this.
Priavo (“We”, “us”, or “our”) are strongly committed to issues of privacy and this policy sets out our approach to the collection, storage, usage and transfer or disclosure of collected personal information. All information processed by us, whether handled via our website or within our internal processes is handled lawfully in accordance with the GDPR.
2. WHAT IS PERSONAL DATA?
In this Privacy Notice and in our communication with you, the terms ‘personal data’, ‘personal information’ or ‘personally identifiable information’ may be used interchangeably. In all circumstances, and as defined by GDPR, personal refers to “any information relating to an identified or identifiable natural person (identified as ‘data subjects’ within the regulation). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical,physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. WHAT TYPES OF PERSONAL DATA DO WE COLLECT
As a security company, we frequently require personal data in line with the requirements stemming from general security services. We regularly gather and handle the following information to facilitate our services:
• First Name
• Last Name
• Date of Birth
• Address and Postcode
• Email Address
• Phone Number
• Bank Details
• SIA License Information (where applicable)
• Government ID
• Visa Information (where applicable)
• Family Details (Incl. minors)
• Medical Information
• Criminal Offence Data (where disclosed)
• Photo and Video data, which may include special category information
• Other relevant information
In the case of criminal offence data, the considerations of Articles 9 & 10 of UK GDPR are documented. The processing of such data will only occur when it is freely given, specific, informed, affirmative and unambiguous in the interest of securing employment or security services, as requested by you.
Throughout the provision of our service, we ‘may’ potentially gather additional information from you to progress our services.
4. HOW LONG DO WE KEEP YOUR DATA?
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected and processed. This retention period may vary depending on the specific purpose and the applicable legal requirements.
We typically retain your personal data for the duration of our contractual relationship with you, plus a six year period after termination to comply with legal obligations or to resolve any disputes. There are some categories of data that we hold for shorter periods, such as IP/Access Log data (30 days); employment checks (2 years); CCTV footage (3 days); health and safety data (3 years) and personal data for the use of marketing (until consent is withdrawn or 1 year after last interaction).
We will securely destroy or delete your personal data when it is no longer necessary for the purposes for which it was collected or processed.
5. OUR LAWFUL BASIS FOR COLLECTING YOUR PERSONAL DATA
A requirement of the GDPR is the mandatory identification of a lawful basis that justifies our requirement for processing your personal data. As a security company, it is usually necessary for us to process your data for the purpose of fulfilling our (employment or service) contract with you. This lawful basis is regarded as the contractual basis for processing and is our primary purpose for processing.
There are other lawful bases which we also utilise from time to time, to provide our services. These include:
• Your consent – If we have used your ‘consent’ as our lawful basis for processing of your data, then it must have been given by you freely, specifically, on an informed basis, and with a clear affirmative action (you opted in). You have the right to withdraw your consent at any time. Once we receive writhdrawral of consent we will stop processing your information immediately.
Where our clients use the Locate software application, we use consent as the lawful basis for this activity.
• We have a legal obligation to process your data – we may use this lawful basis when we conduct surveillance and investigations necessary for the establishment, exercise, or defence of legal claims, such as in a civil or criminal case
• We process your data for your vital interest – we may use this lawful basis when we need to process your personal data to provide lifesaving services such as preventing a crime or providing medical assistance
• We need to process your data to perform a public task – we may use this lawful basis when we conduct surveillance and investigations on behalf of a public authority (e.g., the police) or for a legitimate public interest, such as preventing fraud or detecting crime
• We have a legitimate interest for processing your data – we may use this lawful basis when we identify a genuine and legitimate reason to process your data, if data processing does not override the fundamental rights and freedoms of data subjects. This could be for business purposes, such as improving customer service, marketing products, or preventing fraud.
We will process your personal data only in line with the lawful basis for which we collect it, unless we have reasonable grounds to believe that it is for a similar purpose that is compatible with the original lawful basis.
Withdrawing Consent (where consent Is the lawful basis):
You have the right to withdraw your consent at any time by emailing dataprotection@priavosecurity.com or calling us on 0207 315 4221. Once you withdraw your consent, we will immediately cease processing your data. However, please be aware that this may also result in us being unable to provide our services to you any further.
6. INVESTIGATIONS AND SURVEILLANCE UNDER THE GDPR
Investigation and surveillance operations present a unique challenge within the context of GDPR, as it often involves collecting personal data without the explicit knowledge or consent of the data subject.
While the GDPR generally requires explicit consent for data processing, there are certain exceptions that allow us to use one of the following lawful basis:
• We have a legal obligation to process your data (as above)
• We process your data for your vital interest (as above
• We need to process your data to perform a public task (as above)
Where we conduct surveillance and investigations on behalf of our clients, we ensure that the data collection processed and used are necessary and appropriate to achieve the intended purpose. Throughout these operations we consult with legal experts to ensure that our surveillance and investigation practices are fully compliant with GDPR and any other applicable laws.
7. HOW WE COLLECT AND USE YOUR INFORMATION
Priavo Security Limited typically receives personal information from clients and employees on a voluntary basis to establish a contractual relationship and provide our services or employment. Your personal information may be collected through several various channels such as phone calls, paper evaluation forms and our website.
The primary reasons that we may process your personal data include (but is not limited to):
• Providing services or employment in accordance with the performance of any agreement with you
• Delivering Residential, Maritime and Event Security and Close Protection Services
• Operating CCTV systems to monitor client premises and identify malicious intent
• Investigation and Surveillance services, including the collection of physical and digital evidence
• Disclosing security advice, risk assessments and recommendations
• Providing domestic and International Journey Management/Travel Risk Management services
• Disclosing your information with our security teams, clients, partners and other third parties, including law enforcement agencies
• Processing of financial transactions for payments
• Providing marketing, e-mails and updates to you about our Services
• Perform any other function that we believe in good faith is necessary to protect the security or proper functioning of our services.
After receiving your information, it is uploaded to our secure employee/client management software. We will securely destroy or delete your personal data when it is no longer necessary for the purposes for which it was collected or processed.
8. HOW WE HANDLE YOUR DATA
Priavo Security Limited, in its role as both data controller and data processor, is obligated to follow the data processing principles outlined in the General Data Protection Regulation.
When handling client and customer data, we abide by the following principles:
The Principle of Lawfulness Fairness and Transparency – We only collect and process Personal Information in a way that is lawfully, fair, and transparent to you
The Principle of Accountability – We take responsibility for what we do with your personal data, and are able to demonstrate our compliance to GDPR
The Purpose Limitation Principle – We only process your personal information for specified, explicit and legitimate purposes
The Data Minimisation Principle – The personal data collected that we process is adequate, relevant, and limited to what is necessary
The Data Accuracy Principle – We ensure that the data we process is accurate and, where necessary, kept up to date
The Storage Limitation Principle – We do not keep personal information (in a form which permits your identification) for any longer than is absolutely necessary
The Integrity & Confidentiality (security) Principle – We ensure that we appropriately secure your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
9. HOW WE PROTECT YOUR INFORMATION
Priavo Security Limited are committed to ensuring the security and protection of your personal information as we understand that a breach of your information may cause undue stress, worry and in extreme cases my impact your rights and freedoms. To prevent such incidents, appropriate technical and organisational security measures in place to limit accidentally loss, unauthorised access, alteration or disclosure of your information. These measures are currently being externally validated as we procure our ISO 27001 Certification.
We use several organisational measures to ensure that only the employees and trusted partners are granted access to your data. Personal data is shared with third parties only when necessary for the provision of services and any access that is granted by Priavo (internally or externally) is done on a ‘need to know’ basis.
In the unlikely event of a data breach, we follow procedures set out by the UK’s Information Commissioners (ICO) office to investigate and handle the breach transparently and ethically. Should our data breach investigation process determine that the breach may result in an impact to your rights and freedoms, we will notify you and the ICO where we are legally required to do so.
10. INTERNATIONAL DATA TRANSFERS
Due to global span of our security operations and the travel commitments of our clients, Priavo commonly engages with trusted third parties located outside the United Kingdom (UK), both within and outside of the European Economic Area (EEA). When we work with organisations outside of the EEA, we implement measures and employ suitable safeguards such as completing Transfer Risk Assessments and implementing Intrenational Data Transfer Agreements (IDTAs) and Standard Contractual Clauses (SCCs) to uphold the security of your personal information.
If you would like to know more about the safeguards that we use to secure your information, please get in touch by emailing us at www.priavosecurity.com or via letter to Data Protection Team, Priavo Security Limited, Station Studios, 96 Ethel Street, Hove, BN3 3LL.
11. YOUR DATA RIGHTS
Both the UK & EU General Data Protection Regulation give you eight data subject rights in relation to your data. It is important that you understand your legal and regulatory rights, which you can find listed below:
The right to be informed – we must tell you what we are doing with your data. We do this via our Privacy Notice which is what you are reading right now.
The right to access – you have the right to access copies of all the personal information that we hold on you. The right to access is exercised by submitting a Subject Access Request (SAR) to the organisation. You can submit a SAR verbally, by speaking to us on the phone or in person, or in writing, including on social media platforms.
To request access to your data, you can email us at: dataprotection@priavosecurity.com; call us on: 0207 315 4221 or write to us at: Data Protection Team, Priavo Security Limited, Station Studios, 96 Ethel Street, Hove, BN3 3LL. You will be asked to authenticate your identity prior to be provided with your information.
The right to rectification – the right to ask us to rectify any information that isn’t correct.
The right to erasure – the right to have your personal information erased from all of our systems and back-ups. This is not an absolute right and is only applicable in certain circumstances.
The right to restriction of processing – the right to have processing of personal data restricted, again, in certain circumstances
The right to object to processing – the right to object to having data processed in the first place or by a specific means.
The right to data portability – the right to have information transferred from us to another organisation or be given to you directly.
Rights relating to automated decision making and profiling – the right to challenge the use of automated processing & decision making. Please note that at Priavo, we do not use any software related to automated decision making and profiling.
Please note that not all rights are absolute. There may be certain circumstances we are unable to facilitate the exercise of your right(s) due certain allowed exemptions. Should this be the case, then we will explain the exemption reason to you in our response.
12. USING LOCATE SERVICES:
Consent and Data Rights:
When using the Locate software platform, we use your consent in a variety of ways from time to time in performing the Services for you – including the following:
• we will seek to track and record your phone’s position upon Locate Global being activated in accordance with its proper use; and
• we will seek to describe your phone’s position, and your details as known to us, to the relevant ARC, your nominated contact/s and/or emergency authorities;
• those details are disclosed to any third party not being the ARC or your nominated contacts on an anonymous basis; and
• we use the location service API within your phone to determine and track your location. Disabling this setting will prevent the app from working fully and we will therefore be unable to provide assistance in the event of you being in danger.
More generally, we may also disclose your personal information:
• to send you notices or other forms of communication which are not marketing;
• on an anonymous basis, to use your information and/or supply the same to third parties, for statistical purposes;
• if we are required to do so by law, code of practice or regulation;
• in connection with actual or contemplated legal proceedings, including where we reasonably determine that a third party may apply for, and be successful in, the grant of a court (or other competent authority) order to disclose your information to that third party;
• for the protection of our legal rights, including ascertaining the nature of those rights, exercising and/or defending the same with advice from professional third parties to whom we may disclose your information for such purpose/s; and
• to any member of our group companies from time, our respective employees, directors, advisers, agents, clients and subcontractors, as reasonably required for the purposes of either this policy itself or the promotion and/or provision of our services.
The data rights described to you in this Privacy Notice extend to the use of our Locate software application. This includes rights such as the right to access, the right to rectification and the right to restriction of processing among others, to the extent permitted by law. We do not usually charge for access however we ‘may’ charge a processing fee capped at five pounds.
Application Security:
You acknowledge that you are responsible for maintaining the confidentiality of your account and password and for restricting access to your computer and mobile phone to prevent unauthorized access to your account. You agree to accept responsibility for all activities that occur under your account or password. You should take all necessary steps to ensure that the password is kept confidential and secure and should inform us immediately if you have any reason to believe that your password has become known to anyone else, or if the password is being, or is likely to be, used in an unauthorized manner. You must not allow any third party to access your account.
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorised access to systems where we store personal data
13. USING OUR WEBSITE
Priavo Security Limited (registered in England under registration no/ 8395681 and with a registered address at Station Studios, 96 Ethel Street, Hove, BN3 3LL) is the data controller of any personal data collected through the Site and will process such information in accordance with the provisions of the Data Protection Act and General Data Protection Regulation 2018 and to the applicable data protection law. Any enquiries relating to data protection issues should be sent to our Data Protection Team at dataprotection@priavosecurity.com
Cookies:
We use cookies to create a session and remember a type of user as they access this web site. We obtain consent from you through your interaction with the notification that is displayed when you visit our web site. Cookies do not contain any personal information about users but allow us to distinguish you as a separate entity and monitor your actions on our site. Once you close your browser, the cookies are automatically removed.
To find out more about cookies, please visit: www.allaboutcookies.org
You may disable cookies, but we cannot guarantee that the web site or Services will function properly. Because browsers and devices are constantly changing, we cannot provide detailed instructions on how to disable cookies on every device, however, you may find this article useful: http://www.wikihow.com/Disable-Cookies.
Third Party Websites:
We may post links to third party websites within our Services. Such posting is in no way an endorsement of the privacy terms or policies that relate to these websites. We bear no responsibility for the data collected or used by any advertiser or third-party website at these URLs.
Although you are entering into an agreement with us to disclose your information to us, we do occasionally use third party individuals and organizations to assist us for web hosting, e-newsletters and google analytics. For example, our web host stores the information that you provide us, and we may hire outside contractors to perform maintenance or assist users in securing our Services. Without limiting the parties that we that we may use, you specifically authorise us to collect, store, share, and otherwise, use your information in conjunction with Google Analytics, for further information follow this link: https://www.google.com/policies/privacy/
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
14. MAKING A COMPLAINT ABOUT OUR DATA HANDLING
Should you be unhappy with the way with which your personal data is being handled, then a formal complaint may be made to either Priavo or to the UK’s regulator, the Information Commissioners Office (ICO).
Complaints about the handling of data can be made to the Data Protection Team at dataprotection@priavosecurity.com The Data Protection Team are responsible for ensuring that data is handled in line with legal and regulatory requirements. Received complaints will result in an investigation of the data handling practices of the relevant department, prior to the issuing of a final report.
If you have any concerns about the way in which Priavo Security Limited handle your personal information, you also have the right to complain to the Information Commissioners Office, which is the United Kingdom’s data protection regulator; the contact details of which can be found below.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk