Privacy & Data Protection Policy
- King Safety & Security Ltd understands that your privacy is important to you and that you care about how your personal data is used. King Safety & Security Ltd respect and value the privacy of all of our Associates and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
- The European Union (EU) General Data Protection Regulation (GDPR) places obligations on a controller of personal data (King Safety & Security Ltd.) to ensure the protection of that data when they are processed by a third party i.e. a processor (sub-contractor). In forming a controller/processor relationship, the GDPR is quite specific about the fact that a contractual agreement must be in place between the two parties, and that it should specify key items of information about the personal data involved and how it is processed.
Addressing Compliance to the GDPR
- The following actions are undertaken to ensure that King Safety & Security Ltd complies at all times with the accountability principle of the GDPR:
- The legal basis for processing personal data is clear and unambiguous.
- A Data Protection Officer is appointed with specific responsibility for data protection in the organisation.
- All staff involved in handling personal data understand their responsibilities for following good data protection practice.
- Training in data protection has been provided to all staff.
- Rules regarding consent are followed.
- Routes are available to data subjects wishing to exercise their rights regarding personal data and such enquiries are handled effectively.
- Regular reviews of procedures involving personal data are carried out.
- Privacy by design is adopted for all new or changed systems and processes.
United Kingdom’s withdrawal of the European Union
- In preparations for the United Kingdom’s withdrawal of the European Union King Safety & Security Ltd will monitor changes, prepare and continue to carry out good data protection and privacy principles after 31st January 2020. Please see the below European Commissionwebsite for further details.
- “The United Kingdom submitted on 29 March 2017 the notification of its intention to withdraw from the Union pursuant to Article 50 of the Treaty on European Union. This means that unless a ratified withdrawal agreement establishes another date, all Union primary and secondary law will cease to apply to the United Kingdom from 30 March 2019, 00:00h (CET) (‘the withdrawal date’). The United Kingdom will then become a ‘third country’” European Commission
Information About us
- King Safety & Security Ltd. Limited company registered in England & Wales under company number 5974563
Office 9 Warlies Park House, Horseshoe Hill, Waltham Abbey, England, EN9 3SL
VAT number: GB 311313760
Data Protection Officer:
Email address: Matthew@ksands.co.uk
Telephone number: 020 3 916 5145
Postal Address: King Safety & Security Ltd, 14 Ashfields, Loughton IG10 1SB
King Safety & Security Ltd are regulated by Information Commissioners Office
Registration Number: ZA022642
What Does This Notice Cover?
- This Privacy Information explains how King Safety & Security Ltd use your personal data within its operational business activities: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
What is Personal Data?
- Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
- Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
- The personal data that King Safety & Security Ltd use is set out in “How do You Use My Personal Data”
What Are My Rights?
- Under the GDPR, you have the following rights, which King Safety & Security Ltd will always work to uphold:
- The right to be informed about our collection and use of your personal data.
- The right to access the personal data King Safety & Security Ltd hold about you. Part 494 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 6 to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that King Safety & Security Ltd have. Please contact us using the details in Part 6 to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that you can ask us for a copy of your personal data held by us to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. Part 6 explains more about how King Safety & Security Ltd use your personal data, including automated decision-making and profiling.
- For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 6.
- Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
- If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
- Our timeline to comply with your rights are documented below:
Data Subject Request
The right to be informed
When data is collected (if supplied by data subject) or within one month (if not supplied by data subject)
The right of access
The right to rectification
The right to erasure
Without undue delay
The right to restrict processing
Without undue delay
The right to data portability
The right to object
On receipt of objection
Rights in relation to automated decision making and profiling.
What Personal Data Do You Collect?
- King Safety & Security Ltd may collect some or all of the following personal data (this may vary according to your relationship with us):
- Email address
- Phone number
- Business name
- IP Address
- Job title
- Professional Details
- Social Network information
- Information about your preferences and interests
- Data required as per Right to work
Where deemed appropriate you will be contacted to fulfil BS7858 check requirements. The BS7858 is a code of practice released by British Standards Institution, a business standards company which supports companies in achieving excellence within their field, and continuously boosting performance. This code in particular refers to security screening of individuals employed in a security environment. These checks might include:
- Identity checks
- ID confirmation
- Five years address history
- Right to Work check
- Character references
- SIA Licence check (if applicable)
- Financial checks
- Bankruptcy / Insolvency / IVA
- CCJ (Up to £10,000)
- Credit score
- Employment Checks
- Five or 10 years employment history
- Gap referencing (more in-depth and extended to 31 days)
- Criminal records
- Basic Disclosure
How Do You Use My Personal Data?
- Under the GDPR, King Safety & Security Ltd must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for one of the following purposes:
- Carrying out a contract of employment and/or subcontract.
- Carrying our verification of identity checks as required by Right to work, BPSS and BS7858 checks.
- Providing and managing your account.
- Your personal details are required in order for us to enter into a contract with you.
- Personalising and tailoring our products and services for you.
- Communicating with you. This may include responding to emails or calls from you.
- Supplying you with information by email or post that you have opted-in to (you may unsubscribe or opt-out at any time by visiting our data protection area online
Lawfulness of Processing
- The lawful basis in which we process your The European Union (EU) General Data Protection Regulation (GDPR) Article 6 (Personal) data is to allow us to prepare and into a contract with you, therefore for this type of data the legal basis is as follows:
The European Union (EU) General Data Protection Regulation (GDPR) Article 6:
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
King Safety & Security Ltd have a duty of care to our end clients, general public and our personnel. The lawful basis in which we process your Article 9 (Special Category) data is in the public interest and in a protective function that we do so, therefore for this type of data the legal basis is as follows:
The European Union (EU) General Data Protection Regulation (GDPR) Article 9:
(g) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
and as per Union or Member State law:
Data Protection Act (2018) Schedule 1, Part 6 (11) Protecting the public against dishonesty.
King Safety & Security Ltd may have to process personal data relating to criminal convictions and offences
The European Union (EU) General Data Protection Regulation (GDPR) Article 10 data:
Data Protection Act (2018) Schedule 1, Part 6 (11) Protecting the public against dishonesty and Article 9 (g) applies.
In the case exposure is to individuals under the age of 18 or deemed as “at risk”:
Data Protection Act Schedule 1 Part 68 Safeguarding of children and of individuals at risk.
- In case of children below the age of 16 (a lower age may be allowable in specific EU member states) parental consent will be obtained. Transparent information about our usage of their personal data will be provided to data subjects at the time that consent is obtained and their rights with regard to their data explained, such as the right to withdraw consent. This information will be provided in an accessible form, written in clear language and free of charge. Please see our compliance area on our websiteif you wish to withdraw consent.
- With your permission and/or where permitted by law, King Safety & Security Ltd may also use your personal data for marketing purposes, which may include contacting you by email,telephone, text message, post with information, news, and offers on our products or services.
- We may contact you indirectly or directly, by means of our social media pages, profiles and ads. By following us on social media, you agree to give consent to be contacted this way. We do not sell or pass on any data collected via social media.
- You will not be sent any unlawful marketing or spam. King Safety & Security Ltd will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
How Long Will You Keep My Personal Data?
- King Safety & Security Ltd will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- Where contracts and services have been undertaken your data is kept on file for a minimum of seven years for legal and accounting obligations.
- Periodic contact with data subjects on a yearly basis will be undertaken, all data subjects will be contacted to update their details.
- During email marketing activities King Safety & Security Ltd will provide an unsubscribe link at the bottom of the email. Your details will then be unsubscribed from our mail out system.
- Where un-subscription has not occurred, and no contracts or services have been provided, data will be kept for a maximum of three years and then removed.
How and Where Do You Store or Transfer My Personal Data?
- King Safety & Security Ltd takes every effort to store your personal data in the UK within its day to day business operations. We have acquired service providers that provide this specifically. This means that the data will be fully protected under the GDPR.
- In certain circumstances where we use service providers outside of the UK we have opted for EEA service providers. The European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein).
- King Safety & Security Ltd wherever possible will store your personal data within the European Economic Area (the “EEA”) where it is having been deemed acceptable to do so. King Safety & Security Ltd investigates the processing of data thoroughly and ensures that the correct level of data protection and privacy is there, with the relevant documentation to say so. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.
- Countries Listed within the EEA:
Cyprus Czech Republic
International Transfers of Personal Data
- Transfers of personal data outside the European Union will be carefully reviewed prior to the transfer taking place to ensure that they fall within the limits imposed by the GDPR. This depends partly on the European Commission’s judgement as to the adequacy of the safeguards for personal data applicable in the receiving country and this may change over time.
- Intra-group international data transfers will be subject to legally binding agreements referred to as Binding Corporate Rules (BCR) which provide enforceable rights for data subjects.
Third Countries Service Providers
- Where any of your data is processed outside of the UK and EEA, King Safety & Security Ltd investigates the processing of data thoroughly and ensures that the correct level of data protection and privacy is there, with the relevant documentation to say so.
- Third countries may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that King Safety & Security Ltd will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.
- An example would be if we use an international provider who has servers based in United States of America. In this instance before interacting with such service, we would check to see if they are part of Privacy Shield. You can check to see if a USA based company is certified company here Privacy Shield Participant check
- Once relevant checks have been undertaken, service providers will then be part of our approved provider list. Service provider Privacy Policies will be checked annually to check for adherence to our own standards, unless we are informed of changes prior to this. This document is reviewed annually and upon significant change to King Safety & Security Ltd and relevant legislation.
- King Safety & Security Ltd will not transfer your personal data which we hold as part of our marketing activities to an unstable country or one where it would be at risk.
Secure by Design
- The security of your personal data is essential to us, and to protect your data, King Safety & Security Ltd take a number of important measures.
- We have introduced best practices and procedures in house and when dealing with any personal data of our data subjects.
- Our security measures are kept confidential however our security setup is one of layered security measures, which wherever possible is designed to fail safe, as no security measures can be 100%.
- We are working towards cyber essentials and ISO:27001 compliance for our internal processes. Wherever possible service providers as minimum adhere to Article 5 of the General Data Protection Act.
Privacy by Design
- King Safety & Security Ltd has adopted the principle of privacy by design and will ensure that the definition and planning of all new or significantly changed systems that collect, or process personal data will be subject to due consideration of privacy issues, including the completion of one or more data protection impact assessments.
The data protection impact assessment will include:
- Consideration of how personal data will be processed and for what purposes
- Assessment of whether the proposed processing of personal data is both necessary and proportionate to the purpose(s)
- Assessment of the risks to individuals in processing the personal data
- What controls are necessary to address the identified risks and demonstrate compliance with legislation
- Use of techniques such as data minimization and pseudonymisation will be considered where applicable and appropriate.
Contracts involving the Processing of Personal Data
- King Safety & Security Ltd will ensure that all relationships it enters into that involve the processing of personal data are subject to a documented contract that includes the specific information and terms required by the GDPR.
Data Breach & Incident Response
- It is King Safety & Security Ltd’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 72 hours. This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling information security incidents.
Do You Share My Personal Data
- King Safety & Security Ltd believe in total transparency and want our associates to know how we interact with their data, along with how we may have to process your data with third parties for our daily business functions.
- In some cases, those third parties may require access to some or all of your personal data that King Safety & Security Ltd hold. If any of your personal data is required by a third party, King Safety & Security Ltd will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
- King Safety & Security Ltd contract with third parties and those third parties may sometimes contract with third parties (as described above) that are located outside of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). If any personal data is transferred to a third party outside of the EEA, King Safety & Security Ltd will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR, as explained above in Part 25 – 37.
- In some limited circumstances, King Safety & Security Ltd may be legally required to share certain personal data, which might include yours, if King Safety & Security Ltd are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
How can I Access My Personal Data
- If you want to know what personal data King Safety & Security Ltd have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
- All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 6. To make this as easy as possible for you, a Subject Access Request Form is available for you to use in the compliance area of our website. You do not have to use this form, but it is the easiest way to tell us everything King Safety & Security Ltd need to know to respond to your request as quickly as possible. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
- King Safety & Security Ltd will respond to your subject access request within one month of receiving it. Normally, King Safety & Security Ltd aim to provide a complete response, including a copy of your personal data within that time. In some cases, King Safety & Security Ltd, particularly if your request is more complex, more time may be required up to a maximum of three months from the date King Safety & Security Ltd receive your request. You will be kept fully informed of our progress.
How Do I Contact You
- To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the details provided in Part 6 of this document
Changes to this Privacy Notice
- King Safety & Security Ltd may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if King Safety & Security Ltd change our business in a way that affects personal data protection. Any changes will be made available on our website within our compliance area.