Select Security is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us in accordance with the data protection laws applicable in the UK, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. In this policy ‘GDPR’ means the UK GDPR except where EU GDPR is relevant to data collected before 31 December 2020. It applies to all employees, workers and contractors. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time. It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
Select Security is now part of a wider group of companies, the Allied Universal group and this updated privacy notice deals with how we manage your personal data as we integrate the Select Security businesses in the Allied Universal group. This notice will continue to be reviewed and updated as that integration process progresses.
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Select Security businesses in its work relationship with you collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the UK GDPR and we are responsible as ‘controller’ of that personal information for the purposes of those laws. The specific “controller” will usually be the Select Security employer (such as Select Security Secure Solutions (UK) Limited, or Select Security Facilities Management (UK) Limited) and this will be set out in your employment contract. Here, though, we refer to “Select Security”.
Select Security will comply with data protection law. This says that the personal information we hold about you must be:
Information collected by us;
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We do collect some Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) for the purposes of monitoring, or because that information is provided or which we become aware of during your employment. We also collect any information about criminal convictions and offences where this is a requirement for your role and to meet either our own or externally required vetting standards.
We also obtain personal information from other sources such as medical experts, from referees, for vetting and screening, or where data is shared with us by third parties in the course of your employment.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Data we collect and use is to enable us to carry out our statutory obligations as an employer and for legitimate business reasons, for example:
Sometimes we need to disclose your personal data to other people.
We are part of the Allied Universal group of companies. Therefore, we will need to share your personal data (where necessary) with other companies in the Allied Universal group for our general business and workforce management purposes, such as talent management, organisational reviews, and incentive arrangements. This type of sharing is likely to apply to more senior employees, though. Access rights between members of the Allied Universal group are limited and granted only on a need to know basis, depending on job functions and roles and the purposes that the data is provided (and we will endeavour to only provide the data that is necessary for the purposes of the sharing task).
Where any Allied Universal group companies share data (including processing your personal data on our behalf (as our processor)), we will make sure that they have appropriate security standards in place to make sure your personal data is protected.
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. We routinely share information for various legitimate reasons, including, but not limited to, pension purposes, tax & national insurance payments, statutory payments, benefits, child voucher payments, Hospital Saturday Fund payments, Trade Union subscription payments, etc (as applicable).
We will only share your personal information with any third party for legitimate reasons and we will only provide your personal information which we consider is necessary for the performance of that reason. This may include organisations outside of EEC who provide services on behalf of Select Security and third parties to support us in providing our services and to help provide our internal IT systems (including email, where the servers facilitating those systems are located in secure data centres around the world (with some outside of the European Economic Area), and personal data may be stored in any one of them). Where personal data is transferred outside of the EEA we will have arrangements with the supplier that includes provisions which provide an adequate safeguard of your personal data.
We may transfer your personal information outside the UK to Allied Universal group businesses in order to manage specific HR activities such as talent management, or to arrange benefits or incentive programmes or for other similar type activities. This will not apply to all staff but, in this respect, the Allied Universal group is a global business and so information may, for example, go to the USA, or India, or South Africa.
Such countries do not have the same data protection laws as the United Kingdom. Whilst the UK Secretary of State has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom, we are working to ensure that any transfer of your personal information is subject to appropriate or suitable relevant safeguards such as Standard Contractual Clauses (as permitted under Article 46 of the GDPR) that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that even if it is not a condition of your contract with us that you agree to any request for consent from us, if you do not provide us with such consent, we may be restricted in terms of the processing activities that we are able to perform, and we will have to make decisions based on the information that we do have.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements. We have a Data Retention Policy which is reviewed and which sets out our usual retention periods although this varies by the types of data that we hold.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee of the company we will manage your personal information in accordance with our Data Retention Policy or applicable laws and regulations.
Under the GDPR you have a number of important rights free of charge. Under certain circumstances, you have the right to:
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation which is accessible via https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights
In some circumstances you can claim compensation for damages caused by our breach of any data protection laws.
If you would like to exercise any of those rights, please:
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact info@selectsecurityservices.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
This privacy notice was published and last updated on 28 November 2022
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice via e-mail or other electronic means.
Please contact your local Data Protection Officer or info@selectsecurityservices.co.uk if you have any questions about this privacy notice or the information we hold about you.
We are registered in England & Wales under registration number 11364631.
To learn more about our services and how we can assist you, contact Select Security today!
Contact Us