Privacy Policy

This policy applies to all prospective applicants, Customers, Sub-contractors & Suppliers, Website User and the owner and provider of this website SECOM Plc.

SECOM Plc takes the privacy of your information very seriously and this policy outlines our conduct of how we collect and use the Data that is provided.

This Policy does not cover companies, services or applications that are not owned or controlled by SECOM Plc and you should refer to the Privacy Notice/Policy of any such third party

Please read the policy carefully.

1. Definitions and interpretation

In this privacy policy, the following definitions are used.

Data Collectively all information that is provided to SECOM Plc. This definition incorporates, where applicable, the definitions provided in GDPR.
EAA European Economic Area is a secure server that is used to store data; this excludes any email alerts from SECOM Plc. Some of SECOM Plc suppliers based outside the EEA is strictly controlled with access of your data. By submitting your persona data, you have agreed to the terms.
GDS Government Digital Service is only accessed by authorised people and our suppliers to; improve the site by monitoring how you use it; gather feedback to improve our services e.g. email alerts; respond to any feedback received and requested; send email alerts to users who request them; allow you to access government services and make transactions; provide you with information about local services if required.
SECOM Plc A company incorporated in England Wales with registered number 2585807 whose registered office is: Secom House 52 Godstone Road Kenley, Surrey, CR8 5JF.
UK & EU Cookie Law The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.
Third Party Any third party that accesses the Website and is not either (i) employed by SECOM Plc and acting during their employment of (ii) engaged as a consultant or otherwise providing services to SECOM Plc and accessing the Website in connection with the provision of such services.
Website The website that you are currently using,, and any sub-domains of this site unless expressly excluded by their own terms and conditions.
Cookies A small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause below (Cookies).

In this policy, unless the context requires a different interpretation:

  1. the singular includes the plural and vice versa
  2. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, schedules or appendices of this privacy policy;
  3. a reference to a person includes firms, companies, government entities, trusts and partnerships;
  4. “including” is understood to mean “including without limitation”;
  5. reference to any statutory provision includes any modification or amendment of it;
  6. the headings and sub-headings do not form part of this privacy policy.
2. General

Implementing, management and assurance of SECOM Plc GDPR policy is shared amongst the DPO and the GDPR committee. SECOM Plc Data Protection Officer (DPO) will be the first point of contact for all GDPR related enquires; Data Breaches, Subject Access & Erasure and General Customer Request’s. The GDPR Committee sits behind DPO to assist and sets policy in respect of the Company’s GDPR compliance and in the absence of the DPO the committee will be the second point of contact for any enquires and request made.

GDPR Committee Members

The GDPR Committee consist of members with relevant experience in the field of corporate governance/risk, business management and IT security the members are;

  • Assurance/Data Protection Manager
  • Health & Safety Manager
  • Human Resources Manager
  • Financial Director
  • General Manager IT and Infrastructure
Data Protection Officer (DPO)

Derek Jones

Head of Compliance and Training

Any changes we make to our privacy policy in the future will be posted on SECOM Plc webpage and, where appropriate, notified to you electronically. Please check our website frequently to see any updates or changes to our privacy policy.

3. Scope

The policy outlines SECOM Plc commitment to protect personal information. It is equally important for SECOM Plc to be compliant and by doing so we have adopted regulatory, statutory and industry guidelines to manage all personal data securely. The term “Personal Data” refers to personally identifiable information about “you”, such as your name, date of birth, e-mail address or postal address etc… Where data is submitted by “you” whether it is manually or in electronically, this means that consent has been given for SECOM Plc to process.

Your personal information will only be processed;

  • In the context of SECOM Plc activities
  • For the provisions or offer of services to the individual
  • To actively monitor the behaviour of individuals

SECOM Plc are responsible for protecting your personal data at all time, this is done by;

  • Implementing policies and procedures
  • Appointing a company Data Protection Officer to deal with all GDPR enquires
  • Providing a clear, transparent and legitimate interests for processing your data
  • Adhering to legal obligations when processing your data
  • Giving you the opportunity to either request or delete your data
  • Regular compliance/assurance checks are conducted
  • Ensuring all relevant staff are trained
4. Data Collected

In accordance with SECOM Plc policy, information that is collated consist of both general and special categorised data, this may include but not limited to the following;

General Categories
  1. Name
  2. Date of Birth
  3. Email Address
  4. Telephone Numbers
  5. Address
  6. Feedback and Complaints
  7. Application for employment
Special Categories
  1. Biometrics – CCTV Images and Recording
  2. Health – Job specific
5. Our Use of Data and Data Retention

For purposes of the General Data Protection Regulations (GDPR), SECOM Plc is the “data controller”. We will retain any Data that you have provided SECOM Plc for a minimum of 6 months where applicable;

Data Type Retention Period
Subcontractor Records 3 years
Head Office Admin 3 years
Finance 7 years
Business Systems Minimum 2 years
CCTV/ Call Recordings Minimum 12 months

Unless we are obliged or permitted by law to do so, and subject to any third-party disclosures specifically set out in this policy, your Data will not be disclosed to third parties. This includes our affiliates and/ or other companies within our group.

All personal Data is stored securely in accordance with the principles of GDPR. For more details on security see the clause below (Security).

Any or all the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:

  1. internal record keeping
  2. improvement of our products/services
  3. contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Website
  4. financial documents and statements such as invoices, credit notes etc…
  5. compelled by the court of law
  6. creating customer files
  7. third party suppliers carrying out specific functions on behalf of SECOM Plc
  8. authorising access control to various systems
  9. tax and payroll purpose

in each case, this is in accordance with this privacy policy.

6. Data Storage

All information provided are stored on SECOM Plc servers at Kenley and backed up to our secure inhouse servers in Hainault and Leeds.

Unfortunately, transmission of information via internet is not completely secure. SECOM Plc will do their best to protect your personal data, we can not guarantee the security of your data transmitted to our website: any transmission is at your own risk. However, once SECOM Plc has received your information we will use strict procedures and security protocols to try and prevent unauthorised access.

7. Legal Basis for Processing

SECOM Plc reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws;

*Refer to Section 4 – Data Collected

Data Collected SECOM Plc will use this personal data for the following purposes: Legal Grounds for SECOM Plc collection and use of your personal data
A, B, C, D, E, F, G Obtaining and using the information for contacting prospective customers, complaints, feedback and service ratings. Legitimate interest for SECOM Plc to provide quotes, assist and respond customer feedback/experience
A, B, C, D, E Obtaining customer information to process system before scanning on to SECOM Plc business management system. This use, including the collection of the personal data needed to do it, is necessary for our legitimate interest to sustain the partnership with you/the company
A, B, C, D, E Running and managing regulatory obligations where SECOM Plc will use your data to provide government officials and courts. It is SECOM Plc legal obligation to provide evidence of record.
A, B, C, D, E Invoices and statements containing personal data to trade. The purposes of obtaining and processing invoices/statements it is SECOM Plc legitimate interest as well as contractual and legal obligation to retain and use the personal information.
A, B, C, D, E To provide you with marketing communications, where you have opted in to receive such communications (including information about us, our products, solutions and services). These can be shared via electronically and post. This use, including the collection of the personal data needed to do it, is necessary for the purpose of our legitimate interest to market, promote and demonstrate our business, products and services, and any other information.
A, B, C, D, E, H, G To do other things that you have explicitly asked us to do, for example if you chose to opt in to one or more specific activities that we offer. If you have opted in to a specific activity that we offer, this use, including the collection of the personal data needed to do it, is necessary for the performance of the contract we have with you/the company – that is, our obligation to provide to you or enable you to take part in the offered activity
G, I Running and managing the process of pre-employment process; dependant on the role of the job, health status will be requested. Legitimate interest and legal obligation
8. Sharing Data

SECOM Plc performs several functions to provide the best quality service. In some cases, data may be shared based on business, legal and contractual agreement. Our reason for the sharing data varies from marketing to background checks. We ensure that all data held and processed by Secom is only accessed by employees and approved 3rd party suppliers. Outlined below are the categories of whom SECOM Plc may share personal data with and our legitimate reason for sharing.

Recipients/Categories Purpose
Data Centre Daily backup
Marketing & Sales Force Providing products and services updates
Government Tax office
Courts Compelled to comply with request
Finance, Auditors, Credit Control and Advisors Audits
Employees Accessing accounts to assist with quires
Engineers and Subcontractors Service and product installation continuous routine maintenance checks
Credit Referencing/ DBS Staff Vetting/Security Checks
Employees – Compliance Invoice payments and personnel files
9. Confidentiality

SECOM Plc acknowledges that the information that is provided may be confidential and to ensure that your data is protected SECOM Plc will maintain the confidentiality of your data and information in accordance with all applicable laws.

10. Changes of business ownership and control

SECOM Plc may, from time to time, expand or reduce our business and this may involve the sale and/ or the transfer of control of all or part of SECOM Plc. Data provided by User will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.

We may also disclose Data to a prospective purchaser of our business or any part of it.

In the above instances, we will take steps with the aim of ensuring your privacy is protected.

11. Controlling use of your Data

Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:

  • Use of Data for direct marketing purposes; and
  • Sharing Data with third parties.
12. Functionally of the Website

To use all features and functions available on the Website, you may be required to submit certain Data. You may restrict your internet browser’s use of Cookies. For more information see the clause below (Cookies)

13. Third party websites and services

SECOM Plc may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. The providers of such services do not have access to certain personal Data provided by Users of this Website.

Google may use your personal data when you give content on the site. Please see Google’s Privacy & Terms site for more information.

14. Links to other websites

This Website may, from time to time provide links to other websites. SECOM Plc has no control over such websites and are not responsible for the contents of these websites. This privacy policy does not extend to your use of websites.

When accessing GOV.UK, we may receive information from the other website/s. SECOM Plc will not use the data provided and you are advised to read the privacy policy presented on the website before continuing.

15. Cookies

This Website may place and access certain Cookies on your computer, SECOM Plc uses Cookies to improve your experience of using the Website and to improve our range of services. SECOM Plc has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.

All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.

Before the Website place Cookies on your computer, you will be presented with a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling SECOM Plc to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.

This Website may place the following Cookies:

Type of cookies Purpose
Strictly necessary cookies These cookies are essential in order for you to move around the website and use its features, for example such as accessing secure areas of the website. talk to Marketing
Analytical/performance cookies They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily
Functionality cookies These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region)
Targeting cookies These cookies record your visit to our website, the pages you have visited and the links you have followed. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers

You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser.

You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

16. Security

Data security is of great importance to SECOM Plc and to protect you Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collection via this Website. If password access is required for certain parts of the Website, you are responsible for keeping this password confidential.

We endeavour to do our best to protect your personal Data. However, transmission of information over the internet is not entirely secure and its done at your own risk. We cannot ensure the security of your Data transmitted to the Website.

17. Subject Access Request

You have the right to ask for a copy of any of your personal Data held by SECOM Plc as a Subject Access Request (SAR’s). All requests must be in writing and addressed to the ‘Data Controller’, the request may include but not limited to;

  • Alarm Handling Information
  • Copies of emails and letters
  • Statements
  • CCTV footage
  • Call recordings
  • DBS Report

SECOM Plc will aim to acknowledge any Subject Access Request within 48hrs of receipt and complete the process within 30 days. In some cases, processing SAR’s may take longer, and it is SECOM Plc’s duty to keep you informed.

This is non-chargeable request; however, SECOM Plc has the rights to charge a ‘reasonable fee’ when a request is manifestly unfounded, excessive or repetitive.

18. ‘Right to be Forgotten’

SECOM Plc Staff, Customers, Sub-contractors & Suppliers, Website User shall have the right to obtain from the Data Protection Controller to delete personal data concerning them without undue delay.

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the individual withdraws consent on which the processing is based according to Article 6 GDPR (1) or Article 9 GDPR (2), and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21 GDPR (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 GDPR (2)
  4. the personal data have been unlawfully processed;
  5. the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8 GDPR (1)

Where the controller has made the personal data public and is obliged pursuant to section 32 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform relevant data controllers which are processing the personal data that the individual has requested for deletion

The above will not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by a Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest around public health in accordance with points (h) and (i) of Article 9 GDPR (2) and (3);
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 GDPR (1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.
19. Complaints

SECOM Plc will manage all complaints in accordance with the company Complaints Management Policy. All complaints related to personal data will be reviewed, investigated and processed by SECOM Plc Data Protection Officer (DPO).

Complaints regarding the conduct of processing personal data by Secom Plc should be in writing and forwarded to the Data Protection Officer.

An investigation of the complaint will be carried out to the extent that is appropriate based on the merits of the specific case. The Data Protection Officer will inform the data subject of the progress and the outcome of the complaint within a reasonable period.

If the issue cannot be resolved or dissatisfied with the way SECOM Plc has handled your data, you have the rights to lodge a complaint with the Information Commissioner’s Office (ICO), Tel: 0303 123 1113, Website: ( However, SECOM Plc would appreciate the chance to deal with your concerns before you approach the ICO details can be found in section 2 of the policy.

20. General

You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected