Head Office Tel: 0208 646 4600 - Central Office Tel: 01562 747 207 - E:info@abksecurity.com

ABK Security Services Ltd Privacy Policy

Introduction

ABK Security Services Limited has created this document to demonstrate its commitment to data privacy and its alignment to the requirements of the General Data Protection Regulation 2018 (“GDPR”) in respect of handling and processing personal data.

ABK Security Services Ltd is registered with the UK Information Commissioner’s Office as a Data Controller and Data Processor.

Data Controller 
ABK Security Services Ltd

Legal Basis
ABK offers a range of goods and services relating to security services and training. As such, ABK has a legitimate business interest in capturing, processing and retaining data from customers who have requested services from the company for a mutually beneficial purpose.

ABK employs SIA Licensed security personnel and has a legal obligation under the Private Security Industry Act 2001 and other relevant legislation to fully vet and screen employees and prospective employees to BS 7858. This includes criminal offence data.

ABK also holds contracts with customers and service provision partners where the fulfilment of the contract depends on the capturing, processing, retaining and transfer of relevant personal data in order to establish that ABK Security Services and its service provision partners are compliant with relevant legal requirements for the provision of security services.

ABK undertakes to, capture, process and retain all data obtained from individuals and businesses in line with the requirements of all applicable Data Protection Laws, including Privacy and Electronic Communications Regulation (PECR) and the General Data Protection Regulation (GDPR).  

ABK will capture, process and retain data from the following categories of Data Subjects:

Customers (based in the UK and EEA)
ABK will initially capture, process and retain customer data that is obtained through telephone, email or the ABK Security Services Ltd website when a customer requests goods, services or information. This data will be used for the purposes of:  
•    Processing customer orders
•    Creating and issuing customer invoices 
•    Monitoring contract and customer account statuses
•    Debt chasing
•    Marketing activity (data provided may be manually profiled by ABK to produce tailored marketing messages and limited customer data will be used when these messages are sent through our secure email management system)*
•    Staff training, internal auditing, dealing with complaints and customer queries (all inbound and outbound customer calls are recorded for these purposes)

ABK customers have the right to withdraw consent to hold their data at any time. However, if a customer chooses to withdraw consent, then ABK will be unable to process any further orders for goods and services.

*ABK Customers are provided with an opportunity to opt out of ABK Security Services Limited marketing messages at the time of submitting their details and when receiving all subsequent marketing communication. 

Data received from Customers

We will collect and process data that is provided to us by customers. Personal data may be included in the data you provide about site contacts and key-holders. It is important that contractual arrangements with those individuals clearly set out how you will use their data and with whom it could potentially be shared. We require all our customers to comply with the GDPR.

By adding individuals’ personal data to ABK’s systems, or by sending personal data via email or by other methods to ABK, you give consent to us processing the data and you confirm that you have obtained the appropriate consent from the relevant individuals for the personal data to be processed by ABK.

ABK will retain this data for the legitimate processing of the contract while you remain an ABK customer.

We will use Customer contacts personal data for the purpose of tender application and or any other quotation purpose, once successful this data will be held securely on our systems for the duration of the contract.

We will review all unsuccessful tenders/quotations at the end of the ‘valid for’ period, usually 3 months, at which time the records would be removed.

For on-going ‘live’ contracts it is necessary to obtain and retain personal data for the fulfilment of the contracts. Data including but not limited to: names, addresses, contact details, identification documents, bank details – will be held on ABK Systems and Finance Software.

Contracts are reviewed annually, and inactive partnerships deleted from systems.

If it is necessary to share bank details with our bankers to make payments for services, ABK will always make sure that the details are only processed using secure banking systems.

ABK will never share this information elsewhere, outside of the company unless required to do so by a regulatory or legal authority.

Employees

ABK will only process and hold staff data for the legitimate purpose of employment.

Personal data including name, address, contact details, NI number, date of birth, bank details, employment history, medical history, next of kin contact details and criminal offence data is stored and processed by the HR Dept. and Sage payroll system and will be held for the duration of the employment.

On leaving the company all data will be removed from systems and personnel files and be archived for a period of 3 years before being securely destroyed.

PAYE information will be held on Sage 50 payroll for 6 years after as required by HMRC.

Data for successful applicants will be securely stored with employment data.

CVs and interview notes will be held for 6 months after the recruitment of a role before being securely destroyed or deleted.  

Prospective CVs will be considered on receipt, shared with internal departments and destroyed should no suitable vacancies be available.

References will be requested from former employers as part of employment terms.

Factual references for former staff will only be provided on request from future employers, ABK will only state dates of employment and final role.  On receipt of financial reference requests, HR staff will seek consent before providing information.

Personal data will be shared with relevant agencies for the appropriate performance of pensions schemes, tax affairs, benefit schemes, insurances, fleet management, and illness cover.  Staff participation in such services will indicate consent to share required data for the performance of the service.

Vetting and Screening of staff

Prospective employees must provide ABK with information to enable us to meet our legal obligation to complete Vetting and Screening.

As a security provider ABK will hold a substantial set of personal details about our staff. These may include:

  • Names, Email Addresses, Telephone Numbers and Other Contact Information
  • Qualification Certificates or Other Proofs, Including Unique Learner Numbers
  • Proof of Professional Qualifications
  • Employment History
  • References (Personal and Work)
  • Criminal offence data

Complainants
ABK have a Customer Complaints Policy and customers have the right to make a complaint when they are unhappy with goods or services that have been provided by ABK. When receiving the details of any complaint, ABK will use the data provided for the purposes of
•    logging and processing the details of the complaint
•    carrying out and investigating the scenario outlined in the complaint
•    making decisions based on the findings of any investigation
•    informing the complainant of the outcome of their complaint
•    informing any affected parties of the outcomes and actions required (should there be any)

Marketing

ABK maintains a marketing database that contains the basic details of individuals who have consented to ABK sendinginformation about products, qualifications, events or services, as well as general news about the ABK companiesto them via email. 

Each marketing email that is sent provides you with the ability to opt out by sending a request specifying your new choice to This email address is being protected from spambots. You need JavaScript enabled to view it.

We will at times contact you by email with important updates that you must be made aware of as an ABK customer or employee. We will also on occasion send you communications which we believe will be of legitimate interest to you regarding new products and services, which you will be able to unsubscribe to should you wish.

External Consultants, Suppliers

ABK engages the services of external freelance consultants and suppliers for various purposes within the company.

It is necessary to obtain and retain personal data for the fulfilment of contracts. Data including but not limited to: names, addresses, contact details, professional qualifications, identification documents, bank details – will be held on ABK Systems and Finance Software.

Contracts are reviewed annually, and inactive partnerships deleted from systems.

It is necessary to share bank details with our bankers to make payments for services, ABK will always make sure that the details are only processed using secure banking systems.

ABK will never share this information elsewhere, outside of the company unless required to do so by a regulatory or legal authority, or to enable the fulfilment of contractual obligations.

ABK will capture, process and retain data in the following manner in relation to:

Data sharing

Other than as set out in the next paragraph, we will never distribute or share personal data that is held on our system with any third parties.

We may share personal data with regulatory bodies in respect of:

  • security vetting and screening to BS 7858 (see ‘Vetting and Screening of Employees’ above)
  • The national Learning Record Service (“LRS”) – where unique learner numbers (ULNs) have been provided for verification or need to be issued. (also see ‘Data Transfers’ below)
  • individuals training achievements/qualifications and associated certification
  • investigations carried out by regulatory bodies

ABK has a number of suppliers of services where personal data is shared including but not limited to:

  • pension provider for the administration of the corporate pension scheme

Further information regarding specific companies/organisations can be provided on request.

Data Transfers
ABK may transfer customer data to third parties/partners in order to fulfil training provision, including production of certificates/awards and fulfil contractual obligations concerning service provision. This will not include third parties operating outside the EEA.

ABK will carry out all necessary due diligence to ensure that all data transfers to third parties/partners are carried out securely and that all necessary safeguards are in place to ensure data security. ABK will also ensure that third parties/partners are fully aware of their responsibilities to ensure GDPR compliance when processing customer data transferred to them.


ABK will not transfer personal data to any other company or organisation without your prior consent, with the exception of:-

  • Her Majesty’s Revenue and Customs (HMRC) requests for financial data (relating to customer invoicing).
  • The Education and Skills Funding Agency (ESFA)

Data Retention
When a customer enters a contract, ABK will retain the data captured for the length of the contract for the purposes of: 
•    fulfilling the contract with the customer
•    providing an auditable customer trail
•    providing historical data for accounting purposes
•    responding to HMRC financial information requests
•    reviewing and improving services and processes

Security

ABK’s systems have security measures in place to help protect against the loss or misuse of any data under our control.

When our websites are accessed by users, data traffic is encrypted using up-to-date secure socket layer (SSL) technology so that it can only be accessed by the end user.

Where we store data

ABK do not use online systems for the storage of customer, employee and service partner information.

All electronic files are stored on standalone password protected devices.

All hard copy files held are securely stored with access limited to authorised staff only.

ABK’s email data is stored with our service provider, located in EU data centres and follows Microsoft’s standard security and backup processes.

Destruction of physical data

ABK employees are trained to destroy all personal data securely.  ABK has procedures in place to have all paperwork containing personal data securely shredded on-site.

Data breach incidents

In line with our regulatory requirements, ABK has a set of processes for issue and incident management, including data breaches. These processes include the required notifications to be sent to the Information Commissioners Office and to customers. This is reviewed annually and may be subject to change.

The General Data Protection Regulation 2018

ABK has adapted its policies and procedures to ensure it is compliant with the GDPR. This document has been produced to represent our current status and will be reviewed annually and updated as processes are developed.

Under the GDPR, individuals have certain rights when it comes to the control of personal data:

The right to be informed.  Each individual has the right to be given information about how their data is being processed and why.  ABK has provided this policy to show how we handle your data.

The right of access.  ABK has a duty to comply with the requirements of Subject Access Requests (SAR)

The right to rectification.  The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.

The right to be forgotten.  You have the right to ask ABK to remove your data.

The right to restrict processing. You may restrict processing for a legitimate reason, we would still have the right to hold that information.

The right to data portability. You may be able to obtain the information we hold about you and use it for your own purposes. Conditions apply.

Should you wish to exercise any of your rights above, please email This email address is being protected from spambots. You need JavaScript enabled to view it. stating the following information:

Name

Contact details

Relationship to Subject

Full details of information relating to your request

Reason for request and the right being exercised

You will be asked to verify your identity if you are the subject, alternatively you will be asked to provide consent from the subject if you are a representative.

Should we require further information we will contact you.

Your request will be dealt with within 1 month of receipt of your request.

Under the GDPR you have further rights in relation to automated decision-making and profiling. ABK currently does not use automated profiling for any purpose.

Should any automated processes be implemented, the policy will be reviewed and updated.

Subject Access Requests
In line with these individual rights, anyone who wishes to make a formal Subject Access Request to ABK for the purposes of requesting personal data or taking some action with respect to the personal data that is held about them should submit the request in writing to the ABK Security Services Limited. Data Protection Officer either in writing by post to ABK Security Services Ltd, Bewdley Road, Stourport, Worcestershire DY13 8XE or by emailing This email address is being protected from spambots. You need JavaScript enabled to view it.

Website use – tracking and monitoring

Our websites and online systems use cookies to distinguish you from other users of our website. For detailed information on the cookies we use please refer to the terms and conditions on the website. We may automatically collect the following information when you visit our website:

  • your IP (internet protocol) address, your login information, your browser type, time zone settings, browsers and operating systems used
  • information about your visit, such as the pages visited, or documents downloaded

Cookies
Visitors to the ABK website should be aware that information and data may be automatically collected by our website through the use of "cookies." These are small text files that a website can use to recognise repeat visitors and facilitate the visitor's ongoing access to, and use of, the site. They allow us to monitor usage behaviour and compile aggregate data that will help us to make improvements to our website.

Cookies are not programs that will enter a visitor's computer system and damage files. Generally, cookies work by assigning a unique number to the visitor that has no meaning outside the assigning site. If a visitor does not want information collected through the use of cookies, there is a simple procedure in most browsers that allows the visitor to deny or accept the cookie feature. However, please note that you may lose some features and functionality if you choose to disable cookies.

Whenever you visit our website we automatically record the IP address that you are connecting to us from and we log the pages that are visited. We also record other details such as the operating system and web browser type being used. If a link was followed to this site, details of the search engine or website that was previously visited are recorded. This data is used only to compile general statistical information. We also use cookies to measure the effectiveness of our marketing campaigns on websites such as Google, Facebook, LinkedIn and Twitter.

  • A 'Cookie' is a small piece of information that we store on your computer. Our system will issue cookies to your computer when you access the site. There are 2 types of Cookie:
  1. First Party Cookies; these are our own cookies and are controlled by us.
  2. Third Party Cookies; these are set and controlled by other organisations.

Our site uses First Party Cookies only. Cookies make it easier for you to logon to and use the site during future visits and all of the cookies we use are essential to the effective operation of the site. Some cookies allow us to monitor website traffic in order to personalise the content of the site for you and to schedule maintenance and downtime. You may set up your computer to reject cookies, if you choose to do this, you may not be able to use certain features on our site, in which case please do call us on 01562 747207 or e-mail us at This email address is being protected from spambots. You need JavaScript enabled to view it. and we will deal with your enquiry personally. 

First Party Cookies – All Users

Name Purpose
   
_SessionId Stores server-side, user-specific data relating to a current browsing session.
   

_ga

_gid

_gat

These are first party cookies for Google analytics and track how many times a visitor has been to the site.
   
1db8ed1141e3cc47dcc3965a06ff23d4 This is used for access to ‘course list’
   

 

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure,we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

 

We may change this policy from by updating this page.

You should check this page from time to time to ensure that you are happy with any changes.

accreditations

 sia approved contractor abk SafeContractor Logo Achilles Reghighfield qualifications approved centre logo  CHAS Constructonline Logo  CL 27 NEW2015