Customer Privacy Notice

1. Introduction
UR Secure Limited (“UR Secure”, “we”, “our” or “us”) is committed to protecting your privacy and handling personal
data lawfully, fairly and transparently.
This Privacy Notice explains how we collect, use, store, share and protect personal data when you contact us, use
our website, request information, ask for a quotation, purchase services from us, visit premises where we provide
security services, interact with our personnel, or otherwise engage with us in connection with our business
activities.
It also explains your rights and how to contact us if you have any questions or concerns.
For the purposes of UK data protection law, UR Secure Limited is the data controller for the personal data described
in this notice, except where we clearly process information solely on behalf of a client under their instructions.
Where we process personal data on behalf of a client, that client may be the controller and UR Secure may act as
processor or service provider, depending on the circumstances.

2. Who We Are
Controller: UR Secure Limited
Registered number: 12083382
Registered office: Berkley Square House, 134 Berkley Square, London, W1J 6BD
If you have any questions about this notice or how we use your personal data, please contact our compliance
function using the details set out at the end of this notice.

3. Scope of This Notice
This notice applies to personal data relating to:
➔ Individuals who enquire about our services.
➔ Customers and customer contacts.
➔ Representatives of organisations we work with.
➔ Visitors to our website.
➔ Visitors, guests, customers, attendees or members of the public who interact with us during service
delivery.
➔ Individuals whose personal data may appear in service-related records, reports, logs or communications.
➔ Individuals who contact us by telephone, email, website form, social media or other communication route.
➔ Individuals connected with complaints, incidents, investigations, operational reports or service reviews.
This notice explains:
➔ What personal data we collect.
➔ How we collect it.
➔ Why we use it.
➔ The lawful bases we rely on.
➔ Who we share it with.
➔ How long we keep it.
➔ How we protect it.
➔ Your rights under data protection law.
➔ How to contact us or raise a concern.
This notice does not replace any employee privacy notice, recruitment privacy notice, client contract, data
processing agreement or specific privacy notice issued for a particular service or processing activity.

4. Personal Data We May Collect
Depending on how you interact with us, we may collect the following categories of personal data.

4.1 Enquiry and Customer Contact Data
If you contact us, request information, ask for a quotation, or purchase services, we may collect:
➔ Your name.
➔ Job title.
➔ Company name.
➔ Postal address.
➔ Billing address.
➔ Email address.
➔ Telephone number.
➔ Details of your enquiry.
➔ Contract, service or site-related information.
➔ Correspondence and communication records.
➔ Account, portal or system access details where relevant.
➔ Notes of meetings, calls or service discussions.

4.2 Business Representative Data
Where you act on behalf of a business, client, partner, supplier, venue, hotel, retailer, event organiser or other
organisation, we may collect:
➔ Your name.
➔ Role or position.
➔ Business contact details.
➔ Company or organisation details.
➔ Records of communications.
➔ Account history relevant to the business relationship.
➔ Service review records.
➔ Contract or procurement information.
➔ Authorisation or approval records.

4.3 Website and Online Data
When you use our website or online services, we may collect limited technical and usage data, such as:
➔ IP address.
➔ Browser type and version.
➔ Device or operating system information.
➔ Date and time of access.
➔ Referral source.
➔ Pages viewed.
➔ Session information.
➔ Diagnostic information needed for security, administration or service improvement.
➔ Cookie preferences or similar online identifiers.
If you submit information through a website form, email, telephone or online enquiry route, we will also process the
information you choose to provide.
Further information about cookies is provided in our Cookie Policy.

4.4 Operational, Incident and Security Data
Where relevant to the services we provide, personal data may appear in operational records such as:
➔ Incident reports.
➔ Accident, near-miss or welfare reports.
➔ Visitor or attendance logs.
➔ Access records.
➔ Patrol, handover or site logs.
➔ Control-room records, where applicable.
➔ Call records or communication logs, where applicable.
➔ Witness details or statements.
➔ Descriptions of individuals involved in incidents.
➔ CCTV references or footage, where lawfully used.
➔ Body-worn video references or footage, where lawfully used.
➔ Photographs or images, where lawfully used and necessary.
➔ Vehicle registration numbers.
➔ Lost property records.
➔ Complaint or investigation records.
➔ Service delivery and site-related records.
In some cases, this information may be processed by us on behalf of a client. In those circumstances, the client may
be the controller for that activity.

4.5 Security, Safety and Compliance Data
We may process personal data where necessary to support security, safety, compliance or legal obligations,
including:
➔ Details of security incidents.
➔ Details of suspicious activity reports.
➔ Access-control records.
➔ Emergency response records.
➔ Welfare or safeguarding concerns, where relevant and lawful.
➔ Health and safety-related records.
➔ Information relating to complaints, disputes or investigations.
➔ Records required for audit, insurance, compliance or legal defence.
➔ Information required to protect people, premises, assets, information or operations.

4.6 Payment and Account Data
Where relevant, we may collect:
➔ Billing contact details.
➔ Invoice information.
➔ Payment status.
➔ Purchase order information.
➔ Account history.
➔ Credit control correspondence.
➔ Finance or procurement contact details.
We do not normally collect full payment-card information directly through our website unless a secure payment
provider is used.

5. Special Category and Sensitive Data
We do not usually seek to collect special category personal data from consumers or website users.
However, some operational records may include sensitive information where it is relevant to an incident, welfare
concern, safety matter, legal obligation or service delivery issue. This may include information relating to health,
injury, disability, vulnerability or other sensitive circumstances.
Where we process special category data, we will do so only where we have a lawful basis and an appropriate
condition under data protection law, such as where processing is necessary for legal claims, substantial public
interest, employment or health and safety obligations, vital interests, or where explicit consent is appropriate.
We may also process information relating to alleged criminal behaviour, suspected offences, security incidents,
theft, violence, disorder or law enforcement matters where necessary and lawful for security, reporting, legal,
insurance or client-service purposes.

6. How We Collect Personal Data
We may collect personal data:
➔ Directly from you.
➔ From your employer or organisation.
➔ Through calls, emails, forms and other communications.
➔ From our website and online services.
➔ From clients where you are connected to service delivery.
➔ From visitors, guests, customers, attendees or members of the public during incidents or interactions.
➔ From operational systems used to manage service delivery.
➔ From CCTV, access control or reporting systems where lawfully used.
➔ From public sources such as Companies House.
➔ From identity verification, due diligence, fraud prevention or credit reference sources where appropriate.
➔ From regulators, law enforcement agencies, courts, insurers or professional advisers where relevant.
➔ From suppliers, subcontractors or service partners where necessary.

7. How and Why We Use Personal Data
We may use personal data for the following purposes:
➔ Responding to enquiries and providing quotations.
➔ Establishing and managing customer relationships.
➔ Delivering contracted security services.
➔ Managing service communications, incidents and reporting.
➔ Managing access, visitor, patrol, handover and operational records.
➔ Handling incidents, complaints, disputes and investigations.
➔ Supporting safety, welfare, security and emergency response.
➔ Carrying out due diligence, identity checks and fraud prevention where appropriate.
➔ Processing payments and managing accounts.
➔ Maintaining operational, contractual and compliance records.
➔ Protecting our legal position and pursuing or defending legal claims.
➔ Supporting insurance, audit, certification and compliance requirements.
➔ Improving our services, systems and website.
➔ Securing our website, systems, premises and information.
➔ Sending service updates and, where permitted, relevant marketing communications.
➔ Complying with legal, regulatory, contractual or law enforcement obligations.
We will only use personal data where we are satisfied that we have an appropriate lawful basis to do so.

8. Lawful Bases for Processing
Depending on the circumstances, we may rely on one or more of the following lawful bases.

8.1 Contract
We may process personal data where it is necessary to take steps before entering into a contract or to perform a
contract.
This may include:
➔ Responding to a request for services.
➔ Preparing a quotation.
➔ Setting up a customer account.
➔ Delivering contracted services.
➔ Communicating in connection with service delivery.
➔ Managing invoices, service records and contract administration.

8.2 Legal Obligation
We may process personal data where it is necessary to comply with a legal or regulatory obligation.
This may include:
➔ Financial and tax record keeping.
➔ Responding to lawful requests from regulators, courts or law enforcement.
➔ Meeting health and safety obligations.
➔ Meeting data protection obligations.
➔ Meeting employment, insurance, audit, legal or compliance obligations.
➔ Maintaining records required by applicable law.

8.3 Legitimate Interests
We may process personal data where it is necessary for our legitimate interests or those of a third party, provided
those interests are not overridden by your rights and freedoms.
This may include:
➔ Managing customer and business relationships.
➔ Maintaining operational records.
➔ Providing and improving our security services.
➔ Securing our website, systems and networks.
➔ Protecting people, premises, assets, information and operations.
➔ Preventing fraud, misuse, unauthorised access or security incidents.
➔ Handling complaints, disputes and legal claims.
➔ Maintaining appropriate internal administration and governance.
➔ Supporting audit, insurance and certification requirements.
➔ Communicating with business contacts.
➔ Reviewing service performance and operational incidents.

8.4 Vital Interests
In rare cases, we may process personal data where it is necessary to protect someone’s life or physical safety.
This may apply during emergencies, serious incidents, medical situations or immediate threats to safety.

8.5 Public Task or Substantial Public Interest
Where relevant, we may process personal data where necessary to support safety, security, law enforcement
cooperation, safeguarding, crime prevention or substantial public interest conditions, provided the legal
requirements for doing so are met.

8.6 Consent
Where required, we may rely on your consent, particularly in relation to certain optional communications, marketing
activity, cookies or specific uses of sensitive information.

Where we rely on consent, you may withdraw it at any time.

9. Marketing Communications
We may use your contact details to send you information about our services where permitted by law.
You can ask us to stop sending marketing communications at any time by:
➔ Using the unsubscribe option in an email, where available.
➔ Contacting us directly using the details at the end of this notice.
We will not sell your personal data for marketing purposes.
Where electronic marketing rules require consent, we will seek consent before sending marketing communications.

10. Sharing Personal Data
We may share personal data where necessary with:
➔ Authorised employees, managers and internal personnel.
➔ Clients, where necessary for service delivery, reporting, incident management or contract administration.
➔ Professional advisers, including legal, audit, insurance and compliance advisers.
➔ IT, hosting, communications and software providers.
➔ Payment processors and finance service providers.
➔ Security, operational, reporting or workforce management system providers.
➔ Regulators, law enforcement agencies, courts or public authorities where required or appropriate.
➔ Emergency services where necessary.
➔ Insurers, brokers or claims handlers.
➔ Carefully selected service providers acting on our behalf under appropriate contractual controls.
➔ Suppliers, subcontractors or operational partners where necessary for service delivery.
➔ Certification, audit or compliance bodies where relevant.
We do not sell personal data.
Where third parties process personal data for us, they must only do so under appropriate instructions and
confidentiality and security obligations.

11. International Transfers
If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place in accordance
with applicable data protection law.
This may include:
➔ Transfer to a country recognised as providing adequate protection.
➔ Use of the UK International Data Transfer Agreement.
➔ Use of the UK Addendum to the EU Standard Contractual Clauses.
➔ Other lawful mechanisms recognised under UK data protection law.

12. Security of Personal Data
We use appropriate technical and organisational measures to protect personal data against accidental loss,
destruction, misuse, unauthorised access, alteration or disclosure.
These measures may include:
➔ Access controls and permissions.
➔ Secure passwords and authentication measures.
➔ Secure storage and transfer methods.
➔ Encryption where appropriate.
➔ Confidentiality obligations for staff and service providers.

➔ Malware and endpoint protection.
➔ System monitoring.
➔ Incident response arrangements.
➔ Staff awareness and training.
➔ Secure disposal or deletion arrangements.
➔ Role-based access to operational records.
➔ Controls for security-sensitive information.
No system can be guaranteed to be completely secure, but we take reasonable and proportionate steps to protect
personal data.

13. Retention of Personal Data
We keep personal data only for as long as reasonably necessary for the purposes for which it was collected,
including where needed to:
➔ Provide services.
➔ Maintain contractual and business records.
➔ Meet legal, regulatory, tax or insurance requirements.
➔ Investigate complaints or incidents.
➔ Maintain operational, audit or certification evidence.
➔ Establish, exercise or defend legal claims.
➔ Support safety, security or service-review requirements.
Retention periods may vary depending on the type of data, the purpose for which it is used, contractual obligations,
legal requirements and risk.
When personal data is no longer required, we will securely delete, destroy or anonymise it.

14. Cookies and Similar Technologies
Our website may use cookies or similar technologies where necessary for security, website functionality,
performance, analytics or user experience.
Where non-essential cookies are used, they should be managed in accordance with applicable legal requirements.
Further information is available in our Cookie Policy.

15. Your Rights
Under UK data protection law, you may have the right to:
➔ Be informed about how your personal data is used.
➔ Request access to your personal data.
➔ Request correction of inaccurate personal data.
➔ Request erasure in certain circumstances.
➔ Request restriction of processing in certain circumstances.
➔ Object to processing based on legitimate interests.
➔ Object to direct marketing.
➔ Request transfer of certain personal data in a portable format.
➔ Withdraw consent where processing is based on consent.
➔ Complain to the Information Commissioner’s Office.
These rights are not absolute and may be subject to conditions, exemptions or restrictions under data protection
law.
To exercise your rights, please contact us using the details at the end of this notice.
We may need to verify your identity before responding to a request.

16. Complaints
If you have concerns about how we use your personal data, we ask that you contact us first so that we can try to
resolve the matter.
You also have the right to complain to the Information Commissioner’s Office.
The ICO can be contacted through its website at www.ico.org.uk or by using the contact details published by the
ICO.

17. Third-Party Websites
Our website or communications may contain links to third-party websites or services.
This Privacy Notice does not apply to those third-party sites.
You should read their own privacy notices before providing any personal data.

18. Changes to This Notice
We may update this Privacy Notice from time to time to reflect changes in law, regulation, guidance, technology,
business practice, our services or how we process personal data.
The latest version should always be treated as the current version.
Where changes are significant, we will take reasonable steps to bring them to your attention.

19. Contact Details
If you have any questions, requests or complaints about this Privacy Notice or our use of personal data, please
contact:

UR Secure Limited
Berkley Square House
134 Berkley Square
London
W1J 6BD
Contact: Ahmed Ishtiaq
Email: info@ursecurelimited.co.uk
Telephone: 0203 576 6378