ABK Security Services Limited has created this document to demonstrate its commitment to data privacy and its alignment to the requirements of the General Data Protection Regulation 2018 (“GDPR”) in respect of handling and processing personal data.
ABK Security Services Ltd is registered with the UK Information Commissioner’s Office as a Data Controller and Data Processor.
ABK Security Services Ltd
ABK offers a range of goods and services relating to security services and training. As such, ABK has a legitimate business interest in capturing, processing and retaining data from customers who have requested services from the company for a mutually beneficial purpose.
ABK employs SIA Licensed security personnel and has a legal obligation under the Private Security Industry Act 2001 and other relevant legislation to fully vet and screen employees and prospective employees to BS 7858. This includes criminal offence data.
ABK also holds contracts with customers and service provision partners where the fulfilment of the contract depends on the capturing, processing, retaining and transfer of relevant personal data in order to establish that ABK Security Services and its service provision partners are compliant with relevant legal requirements for the provision of security services.
ABK undertakes to, capture, process and retain all data obtained from individuals and businesses in line with the requirements of all applicable Data Protection Laws, including Privacy and Electronic Communications Regulation (PECR) and the General Data Protection Regulation (GDPR).
ABK will capture, process and retain data from the following categories of Data Subjects:
Customers (based in the UK and EEA)
ABK will initially capture, process and retain customer data that is obtained through telephone, email or the ABK Security Services Ltd website when a customer requests goods, services or information. This data will be used for the purposes of:
• Processing customer orders
• Creating and issuing customer invoices
• Monitoring contract and customer account statuses
• Debt chasing
• Marketing activity (data provided may be manually profiled by ABK to produce tailored marketing messages and limited customer data will be used when these messages are sent through our secure email management system)*
• Staff training, internal auditing, dealing with complaints and customer queries (all inbound and outbound customer calls are recorded for these purposes)
ABK customers have the right to withdraw consent to hold their data at any time. However, if a customer chooses to withdraw consent, then ABK will be unable to process any further orders for goods and services.
*ABK Customers are provided with an opportunity to opt out of ABK Security Services Limited marketing messages at the time of submitting their details and when receiving all subsequent marketing communication.
Data received from Customers
We will collect and process data that is provided to us by customers. Personal data may be included in the data you provide about site contacts and key-holders. It is important that contractual arrangements with those individuals clearly set out how you will use their data and with whom it could potentially be shared. We require all our customers to comply with the GDPR.
By adding individuals’ personal data to ABK’s systems, or by sending personal data via email or by other methods to ABK, you give consent to us processing the data and you confirm that you have obtained the appropriate consent from the relevant individuals for the personal data to be processed by ABK.
ABK will retain this data for the legitimate processing of the contract while you remain an ABK customer.
We will use Customer contacts personal data for the purpose of tender application and or any other quotation purpose, once successful this data will be held securely on our systems for the duration of the contract.
We will review all unsuccessful tenders/quotations at the end of the ‘valid for’ period, usually 3 months, at which time the records would be removed.
For on-going ‘live’ contracts it is necessary to obtain and retain personal data for the fulfilment of the contracts. Data including but not limited to: names, addresses, contact details, identification documents, bank details – will be held on ABK Systems and Finance Software.
Contracts are reviewed annually, and inactive partnerships deleted from systems.
If it is necessary to share bank details with our bankers to make payments for services, ABK will always make sure that the details are only processed using secure banking systems.
ABK will never share this information elsewhere, outside of the company unless required to do so by a regulatory or legal authority.
ABK will only process and hold staff data for the legitimate purpose of employment.
Personal data including name, address, contact details, NI number, date of birth, bank details, employment history, medical history, next of kin contact details and criminal offence data is stored and processed by the HR Dept. and Sage payroll system and will be held for the duration of the employment.
On leaving the company all data will be removed from systems and personnel files and be archived for a period of 6 years before being securely destroyed.
PAYE information will be held on Sage 50 payroll for 6 years after as required by HMRC.
Data for successful applicants will be securely stored with employment data.
CVs and interview notes will be held for 6 months after the recruitment of a role before being securely destroyed or deleted.
Prospective CVs will be considered on receipt, shared with internal departments and destroyed should no suitable vacancies be available.
References will be requested from former employers as part of employment terms.
Factual references for former staff will only be provided on request from future employers, ABK will only state dates of employment and final role. On receipt of financial reference requests, HR staff will seek consent before providing information.
Personal data will be shared with relevant agencies for the appropriate performance of pensions schemes, tax affairs, benefit schemes, insurances, fleet management, and illness cover. Staff participation in such services will indicate consent to share required data for the performance of the service.
Vetting and Screening of staff
Prospective employees must provide ABK with information to enable us to meet our legal obligation to complete Vetting and Screening.
As a security provider ABK will hold a substantial set of personal details about our staff. These may include:
- Names, Email Addresses, Telephone Numbers and Other Contact Information
- Qualification Certificates or Other Proofs, Including Unique Learner Numbers
- Proof of Professional Qualifications
- Employment History
- References (Personal and Work)
- Criminal offence data
Pupils, students, learners and trainees
The information you supply is used by the Education and Skills Funding Agency, an executive agency of the Department for Education (DfE), to issue you with a Unique Learner Number (ULN) and to create your Personal Learning Record, as part of the functions of the DfE. For more information about how your information is processed, and to access your Personal Learning Record, please refer to: https://www.gov.uk/government/publications/lrs-privacy-notices
ABK have a Customer Complaints Policy and customers have the right to make a complaint when they are unhappy with goods or services that have been provided by ABK. When receiving the details of any complaint, ABK will use the data provided for the purposes of
• logging and processing the details of the complaint
• carrying out and investigating the scenario outlined in the complaint
• making decisions based on the findings of any investigation
• informing the complainant of the outcome of their complaint
• informing any affected parties of the outcomes and actions required (should there be any)
ABK maintains a marketing database that contains the basic details of individuals who have consented to ABK sendinginformation about products, qualifications, events or services, as well as general news about the ABK companiesto them via email.
We will at times contact you by email with important updates that you must be made aware of as an ABK customer or employee. We will also on occasion send you communications which we believe will be of legitimate interest to you regarding new products and services, which you will be able to unsubscribe to should you wish.
External Consultants, Suppliers
ABK engages the services of external freelance consultants and suppliers for various purposes within the company.
It is necessary to obtain and retain personal data for the fulfilment of contracts. Data including but not limited to: names, addresses, contact details, professional qualifications, identification documents, bank details – will be held on ABK Systems and Finance Software.
Contracts are reviewed annually, and inactive partnerships deleted from systems.
It is necessary to share bank details with our bankers to make payments for services, ABK will always make sure that the details are only processed using secure banking systems.
ABK will never share this information elsewhere, outside of the company unless required to do so by a regulatory or legal authority, or to enable the fulfilment of contractual obligations.
ABK will capture, process and retain data in the following manner in relation to:
Other than as set out in the next paragraph, we will never distribute or share personal data that is held on our system with any third parties.
We may share personal data with regulatory bodies in respect of:
- security vetting and screening to BS 7858 (see ‘Vetting and Screening of Employees’ above)
- The national Learning Record Service (“LRS”) – where unique learner numbers (ULNs) have been provided for verification or need to be issued. (also see ‘Data Transfers’ below)
- individuals training achievements/qualifications and associated certification
- investigations carried out by regulatory bodies
ABK has a number of suppliers of services where personal data is shared including but not limited to:
- pension provider for the administration of the corporate pension scheme
Further information regarding specific companies/organisations can be provided on request.
ABK may transfer customer data to third parties/partners in order to fulfil training provision, including production of certificates/awards and fulfil contractual obligations concerning service provision. This will not include third parties operating outside the EEA.
ABK will carry out all necessary due diligence to ensure that all data transfers to third parties/partners are carried out securely and that all necessary safeguards are in place to ensure data security. ABK will also ensure that third parties/partners are fully aware of their responsibilities to ensure GDPR compliance when processing customer data transferred to them.
ABK will not transfer personal data to any other company or organisation without your prior consent, with the exception of:-
- Her Majesty’s Revenue and Customs (HMRC) requests for financial data (relating to customer invoicing).
- The Education and Skills Funding Agency (ESFA)
When a customer enters a contract, ABK will retain the data captured for the length of the contract for the purposes of:
• fulfilling the contract with the customer
• providing an auditable customer trail
• providing historical data for accounting purposes
• responding to HMRC financial information requests
• reviewing and improving services and processes
ABK’s systems have security measures in place to help protect against the loss or misuse of any data under our control.
When our websites are accessed by users, data traffic is encrypted using up-to-date secure socket layer (SSL) technology so that it can only be accessed by the end user.
Where we store data
ABK do not use online systems for the storage of customer, employee and service partner information.
All electronic files are stored on standalone password protected devices.
All hard copy files held are securely stored with access limited to authorised staff only.
ABK’s email data is stored with our service provider, located in EU data centres and follows Microsoft’s standard security and backup processes.
Destruction of physical data
ABK employees are trained to destroy all personal data securely. ABK has procedures in place to have all paperwork containing personal data securely shredded on-site.
Data breach incidents
In line with our regulatory requirements, ABK has a set of processes for issue and incident management, including data breaches. These processes include the required notifications to be sent to the Information Commissioners Office and to customers. This is reviewed annually and may be subject to change.
The General Data Protection Regulation 2018
ABK has adapted its policies and procedures to ensure it is compliant with the GDPR. This document has been produced to represent our current status and will be reviewed annually and updated as processes are developed.
Under the GDPR, individuals have certain rights when it comes to the control of personal data:
The right to be informed. Each individual has the right to be given information about how their data is being processed and why. ABK has provided this policy to show how we handle your data.
The right of access. ABK has a duty to comply with the requirements of Subject Access Requests (SAR)
The right to rectification. The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.
The right to be forgotten. You have the right to ask ABK to remove your data.
The right to restrict processing. You may restrict processing for a legitimate reason, we would still have the right to hold that information.
The right to data portability. You may be able to obtain the information we hold about you and use it for your own purposes. Conditions apply.
Relationship to Subject
Full details of information relating to your request
Reason for request and the right being exercised
You will be asked to verify your identity if you are the subject, alternatively you will be asked to provide consent from the subject if you are a representative.
Should we require further information we will contact you.
Your request will be dealt with within 1 month of receipt of your request.
Under the GDPR you have further rights in relation to automated decision-making and profiling. ABK currently does not use automated profiling for any purpose.
Should any automated processes be implemented, the policy will be reviewed and updated.
Subject Access Requests
Website use – tracking and monitoring
- your IP (internet protocol) address, your login information, your browser type, time zone settings, browsers and operating systems used
- information about your visit, such as the pages visited, or documents downloaded
Visitors to the ABK website should be aware that information and data may be automatically collected by our website through the use of "cookies." These are small text files that a website can use to recognise repeat visitors and facilitate the visitor's ongoing access to, and use of, the site. They allow us to monitor usage behaviour and compile aggregate data that will help us to make improvements to our website.
- A 'Cookie' is a small piece of information that we store on your computer. Our system will issue cookies to your computer when you access the site. There are 2 types of Cookie:
- First Party Cookies; these are our own cookies and are controlled by us.
- Third Party Cookies; these are set and controlled by other organisations.
First Party Cookies – All Users
|_SessionId||Stores server-side, user-specific data relating to a current browsing session.|
|These are first party cookies for Google analytics and track how many times a visitor has been to the site.|
|1db8ed1141e3cc47dcc3965a06ff23d4||This is used for access to ‘course list’|
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure,we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
We may change this policy from by updating this page.
You should check this page from time to time to ensure that you are happy with any changes.