Prime Secure Systems Ltd T/A Prime Secure (which we sometimes refer to as “Prime”, “we” or “us” in this notice) is an SIA approved contractor for the provision of manned guarding services. Prime Secure combines business management with a cost-effective and tailored security service. Through utilising expertise and experience, we provide innovative security services and systems across the UK, ensuring that your business operates and develops regardless of the environment and risks.

To fulfil our objectives and obligations, Prime Secure needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.

This policy explains our commitment to managing your personal data in accordance with current legislation. It describes what we use your personal data for, why we need to use it, how long we need to hold onto it for and what your rights are in relation to your personal data.

Prime Secure aim to avoid asking unnecessary questions beyond what is reasonably required for our purposes. Our approach is informed by the GDPR principle of data minimisation and reflects the operational objective of meeting current best practice standards when managing personal data.

As a minimum, we ensure that our staff work to the data protection principles incorporated in the GDPR, which require information to be:

• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes, and not used in any way that is incompatible with those purposes. Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and up to date.
• Kept only if necessary, for the purposes we have told you about. Held securely, in both physical and electronic systems.
• Available to you upon request.

(Please note: The above list is illustrative only)

Prime Secure may request personal data from you, for the legitimate purpose of administering contracts, fulfilling our statutory and legal obligations or to allow payment of wages and to communicate relevant information. The term ‘personal data’ means information about you that may identify you from that data.

This privacy notice covers each area of our business where we need to store, use and/or disclose your personal data. We identify the specific purposes we will use your personal data for, the individuals and organisations we may require disclosing your personal data to and the duration we will retain your personal data for. It also provides details of your rights in relation to accessing your personal data.

Information may be provided by you, by a 3rd party such as an employment agency, or acquired from published sources when we apply BS7858 standards to the vetting of prospective employees. Data may be collected in a variety of ways such as paper form, online forms, e-mails, face to face communication, telephone, text messaging or image/audio recording devices.

There are broadly two types of information that we might need:
Personal Information – such as your name, date of birth, contact details, unique customer reference number, notes about the services you have received.
Special Category Personal Information – such as your racial or ethnic origin, gender, biometric data, religion. Due to the nature of our work, we may also process information regarding criminal records and personal finances.

We need to collect, hold and process personal data for several reasons. Below are examples of some of the purposes for which we may need to keep a record of your personal data.

To confirm your identity and suitability for employment, as required by industry standards, such as BS 7858.

To keep in touch with you by post, fax, e-mail, text message, telephone, or another method. To understand your needs and to inform you of relevant services we offer.

To meet our statutory obligations including those related to equality and diversity. To meet our statutory obligations in relation to SIA, HMRC, and the Home Office.

To process financial transactions related to the services you may commission from us.

To monitor our compliance with the conditions of accreditations we hold such as SIA Approved Contractor Status (ACS)

For the management of employees, to ensure fair working practices and allow payment of wages and other benefits.

Prime Secure understand the need to ensure the integrity, validity and security of your personal data. We take all reasonable measures to keep your personal data safe and minimise the risk of accidental and/or malicious disclosure.

We achieve this through security measures such as (but not limited to):
Making sure physical records are locked away, in a secure area which can only be accessed by our nominated key holders.

Incorporating effective records management practices into our daily activities – such as promoting a ‘clear desk policy’

Controlling access rights of staff to electronic records – to make sure only those with a valid, legitimate and lawful reason can access personal information we hold on you.

Ensuring all members of staff have appropriate training and accreditations – so you can be confident in the abilities and integrity of our employees, from cleaners and security officers to our admin and CCTV control room staff.

To ensure that the systems we have in place to protect your personal data are working, we use methods such as penetration testing to assess their effectiveness and robustness.

Prime Secure only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

We employ a systematic appraisal methodology, which is applied throughout the life cycle of the records we acquire, create and maintain. This ensures we can access information when we need to.

For further information on our Information Security policy and the associated technology we use to keep your data secure, please contact us.

Under GDPR, all individuals have the following rights:

• The right to be informed – about the information we hold on you.
• The right to rectification – Of any data we hold you may feel is inaccurate.
• The right to erasure (also known as ‘The right to be forgotten’) – You can exercise this right unless we are legally required to retain your data, such as a record of the wages you earned, for HMRC).
• The right to restrict processing – You have a right to request to restrict the processing of your personal information.
• The right of access – You have the right to access your personal data. This is commonly referred to as subject access. Individuals can make a subject access request verbally or in writing.
• The right to data portability – Where we have requested your permission to process your personal information, you have a right to receive the personal information you provided to us in a portable format.
• The right to object – You must tell us your circumstances justifying your objection to processing.

Rights in relation to automated decision making and profiling:

• More detailed guidance on these rights and how to exercise them can be found on the ICO website at www.ico.uk

Where we are solely relying on consent to process your personal information (and not, for example, where we are processing your personal information to fulfil a contract with you), you may withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You are entitled to request a copy of your personal data held by Prime Secure. A request for this information is called a Subject Access Request (SAR). A SAR can be made through any channel – in writing, (letter or email), over the phone or in person. As required under the GDPR, Prime Secure will provide you with a copy of your personal data no later than 28 days after you request it. If we are unable to fulfil our obligations to you due to factors outwith our control, Prime Secure commit to ensuring you are informed every step of the way. To improve our access to information procedures and further fulfil our obligations to you under GDPR, we have designed a user-friendly SAR form. This allows you to select either specific data (such as a record of payments made to you) or to request a full copy of all personal data we hold. Please note – there is no requirement to use this form. An individual has always had the right to access their personal data under the data protection act (1988). However, we felt that this process could be made more transparent and accessible, and since March 2018 we have made this form available to those who wish to use it. Where appropriate, the information collated for your SAR will be provided to you electronically. This is in line with ICO best practise guidelines and helps us fulfil our commitment to minimising waste and energy consumption as stated in our environmental policy (available upon request).

Under the General Data Protection Regulation, organisations that process personal data must notify the Information Commissioner’s Office. The Data Controller responsible in respect of the information collected by Prime Secure is identified within the Information Commissioner’s Register under registration number ZA011291 as Prime Secure.

Our website www.Prime Secure.co.uk uses Google Analytics cookies. To opt-out of being tracked by Google Analytics across all websites please see http://tools.google.com/dlpage/gaoptout

However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

There may be times when we offer links to third party websites on www.Prime Secure.co.uk that do not operate within our privacy policy. We recommended that you review each third-party website and related privacy policy before giving them your personal data. Most web browsers allow some control of most cookies through the browser settings.

If you have a concern about the way we are handling your personal information, or the way we have dealt with a request from you in relation to any of your rights set out above, Prime Secure will offer full co-operation to remedy your concerns.

In the first instance, you can contact our DPO:

In writing:

Data Protection Officer Prime Secure 65-81 Townsend Street
Glasgow G4 0LA

By Email:

dpo@Prime-Secure.co.uk

If you remain dissatisfied with our response, you are entitled to appeal to the Information Commissioner at the following address: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow. SK9 5AF. Phone: 01625 545745 Web Site: www.ico.org.uk. Please note, you have the right to submit a complaint to the Information Commissioner at any time, but we do request that you give us the opportunity to deal with your complaint first.

We may modify this privacy policy from time to time and will publish the most current version on our website. If a modification meaningfully reduces your rights, we will notify those individuals whose personal data is affected.

Kevin McDaid
Managing Director
10/02/2023