Privacy Policy

Introduction

Welcome to Sonic Security Solutions Ltd ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our security services, or engage with our company. As a security services provider, we understand the importance of data protection and handle all personal information with the utmost care and in full compliance with UK GDPR and the Data Protection Act 2018.

Information We Collect

Personal Information You Provide:

• Contact Details: Name, email address, phone number, business address
• Business Information: Company name, job title, company registration number
• Site Information: Premises addresses, site plans, access requirements
• Contract Information: Service agreements, proposals, invoices
• Payment Information: Bank details, billing information (processed securely)
• Emergency Contacts: Key holder details, site manager contacts
• Communication Data: Emails, phone calls, meeting notes, correspondence

Information About Security Personnel:

• Employee records (for our staff)
• SIA licence numbers and verification
• Training records and certifications
• DBS check information
• Right to work documentation
• Emergency contact details

Operational Data:

• Incident Reports: Details of security incidents (may include personal data of individuals involved)
• Access Logs: Entry/exit records, visitor logs
• Patrol Records: Mobile patrol check-in data, timestamps
• CCTV Footage: Where we provide monitoring services (see Section 9)
• Alarm Response Data: Alarm activation records, response times
• Key Holding Records: Key collection/return logs

Information Collected Automatically:

• Website Usage Data: IP address, browser type, pages visited, time spent
• Device Information: Device type, operating system, unique identifiers
• Cookies and Tracking: See our Cookie Policy for details
• Location Data: Approximate location for service area verification

Information from Third Parties:

• SIA (Security Industry Authority): Licence verification
• DBS (Disclosure and Barring Service): Background checks for personnel
• Credit Reference Agencies: For business credit checks
• Insurance Companies: Claims information
• Emergency Services: Incident information
• Clients: Information about individuals at client sites (where we process on their behalf)

Special Category Data:

In limited circumstances, we may process special category data:

• CCTV Footage: May capture images revealing racial/ethnic origin, health data
• Incident Reports: May include information about health, injuries
• DBS Checks: Criminal conviction data (for our employees only)

We process special category data only when necessary and with appropriate safeguards.

How We Use Your Information

Service Delivery:

• To provide security guarding, patrols, and monitoring services
• To allocate appropriate security personnel to your site
• To manage access control and key holding
• To respond to alarms and incidents
• To prepare incident reports and documentation
• To communicate about your security requirements
• To coordinate with emergency services when needed

Contract Management:

• To prepare proposals and quotes
• To manage service agreements and contracts
• To process invoices and payments
• To maintain client records
• To conduct account reviews and meetings
• To manage contract renewals

Regulatory Compliance:

• To comply with SIA (Security Industry Authority) regulations
• To maintain licence requirements
• To meet ICO (Information Commissioner's Office) obligations
• To comply with health and safety legislation
• To meet data protection requirements
• To respond to regulatory inquiries

Security Operations:

• To vet and train security personnel
• To conduct DBS checks for employees
• To verify SIA licences
• To monitor service quality
• To investigate incidents
• To improve security procedures

Business Operations:

• To manage our business operations
• To maintain financial records
• To prevent fraud and ensure security
• For internal record keeping
• To improve our services
• To develop new services

Marketing and Communications (with consent):

• To send newsletters and security updates
• To inform you about new services
• To request feedback or testimonials
• To send service updates and notices
• You can opt-out of marketing communications at any time

Legal Basis for Processing (UK GDPR)

Contractual Necessity:

Processing necessary to perform our security services under a contract with you (e.g., providing guards, patrols, monitoring, incident response).

Legal Obligation:

Processing necessary to comply with legal requirements:

• SIA licensing and regulatory requirements
• Health and Safety at Work etc. Act 1974
• Data Protection Act 2018 / UK GDPR
• Tax and accounting obligations
• Employment law requirements

Legitimate Interests:

Processing for our legitimate business interests, including:

• Providing effective security services
• Preventing crime and ensuring safety
• Marketing our services to prospective clients
• Network and information security
• Quality assurance and service improvement
• Fraud prevention

Consent:

Where you have given explicit consent, particularly for:

• Marketing communications
• Non-essential cookies
• Processing of special category data (where applicable)
• Sharing information with third parties (beyond service delivery)

Vital Interests:

Processing necessary to protect someone's life (e.g., emergency situations, medical incidents).

Data Sharing and Disclosure

We Do Not Sell Personal Data:

Sonic Security Solutions Ltd does not sell your personal information to third parties.

Service Providers:

We may share information with trusted third-party service providers:

• Payroll and Accounting: For payment processing
• IT Services: For website hosting, data storage, software
• Communication Services: For SMS alerts, email systems
• Training Providers: For staff training and certification
• Insurance Companies: For claims and coverage
• Legal Advisors: For legal compliance

All service providers are bound by confidentiality and data protection obligations.

Regulatory Authorities:

We may share information with:

• SIA (Security Industry Authority): Licence compliance, inspections
• ICO (Information Commissioner's Office): Data protection compliance
• HSE (Health and Safety Executive): Health and safety incidents
• Police and Emergency Services: Incident response, crime prevention
• Local Authorities: Licensing, compliance
• HMRC: Tax and financial records

Client Relationships:

When providing services to clients:

• We may process personal data on behalf of clients (as data processor)
• Client is the data controller
• We process only according to client instructions
• Governed by Data Processing Agreements (DPAs)
• Examples: CCTV footage, access logs, incident reports

Emergency Situations:

We may disclose information without consent when:

• Necessary to protect someone's life or safety
• Required by law or court order
• To prevent or investigate crime
• To respond to emergencies

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

International Data Transfers

Transfers Outside the UK:

Some of our service providers may process data outside the UK.

Safeguards:

We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Adequacy decisions by the UK government
• Data processing agreements with all third parties
• Encryption and security measures

Data Security

Technical Measures:

• SSL/TLS encryption for data transmission
• Secure servers and hosting
• Password-protected systems with multi-factor authentication
• Encrypted storage for sensitive data
• Regular security updates and patches
• Secure backup systems
• Access controls and audit logs

Organizational Measures:

• Staff training on data protection and security
• Confidentiality agreements for all employees
• Limited access on a need-to-know basis
• Secure disposal of records (shredding, secure deletion)
• Incident response procedures
• Regular security audits
• DBS checks for staff with data access

Physical Security:

• Secure office premises
• Locked filing cabinets for physical records
• Controlled access to server rooms
• Secure storage for keys and access cards
• CCTV on our premises

Security Personnel Training:

All security personnel receive training on:

• Data protection principles
• Confidentiality requirements
• Secure handling of incident reports
• Proper use of communication devices
• Reporting data breaches

Data Retention

Retention Periods:

We retain personal data only for as long as necessary:

• Client Records: Duration of contract plus 6 years (legal and contractual obligations)
• Incident Reports: 6 years (limitation period for claims)
• CCTV Footage (monitored by us): As specified in client contract (typically 31 days unless incident reported)
• Access Logs: 12 months (security purposes)
• Patrol Records: 2 years (service verification)
• Employee Records: 6 years after employment ends
• SIA Licence Records: Duration of employment plus 2 years
• Financial Records: 7 years (HMRC requirements)
• Marketing Data: Until you unsubscribe or 2 years from last engagement
• Website Analytics: 14 months (Google Analytics default)
• DBS Check Information: 6 months (unless ongoing employment)

Deletion:

After the retention period, we will securely delete or anonymize your data:

• Electronic data: Secure deletion with overwriting
• Physical records: Shredding and secure disposal
• Backup data: Overwritten in normal backup rotation

Your Rights (UK GDPR)

Access:

Request a copy of the personal data we hold about you.

Rectification:

Request correction of inaccurate or incomplete information.

Erasure ("Right to be Forgotten"):

Request deletion of your personal data (subject to legal obligations, e.g., we must retain incident reports for legal purposes).

Restriction of Processing:

Request limitation of how we use your data.

Data Portability:

Request transfer of your data to another organization in a structured format (where technically feasible).

Objection:

Object to processing based on legitimate interests or for direct marketing.

Withdraw Consent:

Withdraw consent at any time (where processing is consent-based).

Automated Decision-Making:

We do not use automated decision-making or profiling that significantly affects you.

How to Exercise Your Rights:

• Email: info@sonicsecuritysolutions.com
• Phone: +44 7549 429472
• Post: Sonic Security Solutions Ltd, Office 6238 - 182-184 High Street North, London,

England, E6 2JA

• We will respond within 30 days
• No fee is usually required, but we may charge for manifestly unfounded or excessive requests
• We may request identity verification

CCTV and Surveillance

When We Operate CCTV:

We may operate CCTV in the following circumstances:

• On our own premises (offices, vehicles)
• When providing CCTV monitoring services to clients (we act as processor)
• Body-worn cameras by security personnel (where appropriate and lawful)
• Mobile patrol vehicle dashcams

Our Premises CCTV:

• Purpose: Security, crime prevention, health and safety
• Signage displayed at entrances
• Retention: 31 days (unless incident reported)
• Access: Restricted to authorised personnel
• ICO registered

Client CCTV Monitoring:

When we provide CCTV monitoring services:

• You are the Data Controller: You determine purposes and means
• We are the Data Processor: We process on your instructions
• Data Processing Agreement: Required under UK GDPR
• Your Responsibilities:
• Lawful basis for processing
• ICO registration and fee payment
• Displaying appropriate signage
• Informing individuals about monitoring
• Responding to data subject requests
• Determining retention periods
• Our Responsibilities:
• Secure monitoring and storage
• Confidentiality obligations
• Security measures
• Assistance with data requests
• Breach notification
• Deletion at end of contract

Body-Worn Cameras:

Where security personnel use body-worn cameras:

• Used only where lawful and proportionate
• Signage or verbal notification provided
• Recorded only during incidents or where necessary
• Footage stored securely
• Retention: 31 days unless incident reported
• Access restricted to authorised personnel

Access to CCTV Footage:

• Individuals can request footage of themselves (Subject Access Request)
• Footage may be disclosed to police for crime prevention/detection
• Third-party data may be redacted
• Response within 30 days
• No fee unless request is manifestly unfounded or excessive

Cookies and Tracking Technologies

Types of Cookies:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand website usage (Google Analytics)
• Marketing Cookies: Track visitors for advertising purposes
• Functionality Cookies: Remember your preferences

Management:

• Use our Cookie Preferences center to manage settings
• Disable cookies through your browser settings
• Note: Disabling cookies may affect website functionality

See our Cookie Policy for detailed information.

Third-Party Links and Platforms

Our website may contain links to third-party websites (e.g., SIA, industry associations, service providers). We are not responsible for the privacy practices or content of these sites. Please review the privacy policies of any third-party websites you visit.

Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. However, our security services may incidentally capture images of minors on CCTV at client sites. We process such data only on behalf of our clients (as processor) in accordance with their instructions.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will:

• Post the updated policy on our website
• Update the "Last updated" date
• Notify you of material changes via email or website notice (for clients)
• Encourage you to review this page periodically

Data Protection Officer

For data protection inquiries, contact:

Email: info@sonicsecuritysolutions.com

Phone: +44 7549 429472

Post: Data Protection Officer, Sonic Security Solutions Ltd, Office 6238 - 182-184 High Street

North, London, England, E6 2JA

Complaints

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ICO Website: www.ico.org.uk

ICO Helpline: 0303 123 1113

ICO Email: icocasework@ico.org.uk

ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,

Cheshire, SK9 5AF

We encourage you to contact us first to resolve any concerns.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

Email: info@sonicsecuritysolutions.com

Phone: +44 7549 429472

Website: sonicsecuritysolutions.com

Post: Sonic Security Solutions Ltd, Office 6238 - 182-184 High Street North, London, England,

E6 2JA