fbpx

Open 24/7 7 Days A Week

27 Old Gloucester Street, London, WC1N 3AX

Close
Privacy Notice 

1. The purpose of this Privacy Notice is to protect the rights and privacy of living individuals and to ensure that personal data is not processed by Are They Safe Limited without the person’s knowledge or consent, unless otherwise permitted. This Privacy Notice also sets out individuals’ rights under the data protection legislation. Are They Safe Limited is a private limited company registered at companies house under company number 09337868. You can contact us:- By mail at our registered office which is at 27 Old Gloucester Street, London, WC1N 3AX. By telephone 0207 183 6973 (ask for the Data Protection Officer). By email [email protected]. For the purpose of the Data Protection Law, Are They Safe Limited is registered as a Data Controller with The Information Commissioner’s Office under registration number ZA089550.

2. This document sets out the Data Protection Policy for Are They Safe Limited and should be read in conjunction with Are They Safe Limited’s Record of Processing Activities annexed hereto, Website Privacy Notice and Cookie Policy .

3. Are They Safe Limited complies with the requirements of the prevailing data protection legislation with regard to the collection, storage, processing and disclosure of personal information and is committed to upholding the core data protection principles.

4. Are They Safe Limited is committed to a policy of protecting the rights and privacy of individuals (including clients, subjects of investigations, staff, contractors and others) in accordance with the data protection legislation.

5. Are They Safe Limited needs to process certain information about its clients, subjects of investigations, staff, contractors, and other individuals it has dealings with, and to comply with legal obligations and government requirements.

6. During its core business activities Are They Safe Limited will be instructed to process the personal data of individuals who are identified in clients’ instructions or during the course of the investigation undertaken pursuant to such instructions. Are They Safe Limited will not process any personal data without first having been satisfied as to the lawful basis on which to process personal data, which when necessary will be recorded in a Data Privacy Impact Assessment.

7. To comply with the law, information processed about individuals must be kept to the minimum, collected, and used fairly, be accurate, used solely for the purpose intended, stored safely, securely including protection against unauthorised or unlawful processing, loss, destruction or damage, using appropriate technical measures such as encryption or in password protected devices, retained for no longer than necessary and not disclosed to any third party unlawfully.

8. This Policy applies to all Data Subjects. In the event of a breach of the data protection legislation or this Policy by a member of staff, Are They Safe Limited employment disciplinary procedures will apply otherwise it will constitute a breach of contract.

9. As a matter of good practice, other agencies and individuals working with and thus affiliated to Are They Safe Limited and of whom have access to personal information, will be expected to have read and comply with this policy, the terms of which form part of the consultancy/agency agreement between Are They Safe Limited and that affiliate.

10. It is expected that departments who deal with external agencies will take responsibility for ensuring that such agencies contract to abide by this policy.

11. Depending on the circumstances of the processing activity and who determines the purpose and means for the processing of an individual’s personal data, Are They Safe Limited may be the Processor or Controller under the data protection legislation, when dealing with its core business activity as a Investigative, Risk Management & Litigation Support Service Provider. However, in certain circumstances Are They Safe Limited will be Joint Controller with the instructing client. There may be instances when acting under strict instructions, which also cover the purpose (the why) and means (the how) for the processing of all the personal data in the client provided case scenario, that Are They Safe Limited will be the Processor.

12. Are They Safe Limited is the Controller under the data protection legislation, when dealing with data of staff, clients, contractors, trainees and any other member or affiliate of Are They Safe Limited.

13. The Senior Management and Heads of Departments and all those in managerial or supervisory roles are responsible for developing and encouraging good information handling practice within Are They Safe Limited.

14. Compliance with data protection legislation is the responsibility of all employees, sub-contractors, third party providers and affiliates of Are They Safe Limited who process personal information.

15. Each member of staff, clients, contractors, trainees and any other member or affiliate of Are They Safe Limited is responsible for ensuring that any personal data supplied to or handled by Are They Safe Limited is accurate and up to date.

16. Data Subjects have the following rights regarding data processing and the data that are recorded about them (unless an exemption applies):

• To make subject access requests regarding the nature of information held and to whom it has been disclosed.
• To prevent processing likely to cause damage or distress.
• To prevent processing for purposes of direct marketing.
• To be informed about mechanics of automated decision making process that will significantly affect them.
• Not to have significant decisions that will affect them taken solely by automated process.
• To sue for compensation if they suffer damage by any contravention of the prevailing data protection legislation.
• To take action to rectify, block, erase or destroy inaccurate data.
• To request the Information Commissioner to assess whether any provision of the prevailing data protection legislation has been contravened.

17. For criminal offence data, explicit written consent of the Data Subject must be obtained unless an alternative lawful basis for processing exists and Are They Safe Limited  has ensured that it has an additional condition for processing this type of data, under Schedule 1 of the Data Protection Act 2018, for example, to safeguard vulnerable individuals or children, assess people’s suitability for employment, or assess whether a person can access services such as housing or insurance.

18. Are They Safe Limited will not keep any comprehensive register of criminal convictions.

19. For special category data processing is prohibited, unless the Data Subject has given explicit consent or one of the permitted conditions set out in the data protection legislation are met.

20. Are They Safe Limited understands “consent” to mean that the Data Subject has been fully informed of the intended processing and has signified their agreement, whilst being in a fit state of mind to do so and without pressure being exerted upon them. Consent obtained under duress or based on misleading information will not be a valid basis for processing.

21. There must be some active communication between the parties such as signing a form and the individual must sign the form freely of their own accord. Consent cannot be inferred from no response to a communication.

22. In most instances consent to process personal, special category or criminal offence data is obtained routinely by Are They Safe Limited (e.g. when a member of staff or consultant signs a Service or Consultancy Agreement).

23. Any forms from Are They Safe Limited (whether paper-based or electronic-based), that gather data on an individual should contain a statement explaining what the information is to be used for and to whom it may be disclosed. It is particularly important to obtain specific consent if an individual’s data is to be published on the Internet as such data can be accessed from all over the globe.

24. If an individual does not consent to certain types of processing, appropriate action must be taken to ensure that the processing does not take place, unless an exemption applies. Consent given can be withdrawn at any time by giving Are They Safe Limited written notice.

25. If any client, member or affiliate of Are They Safe Limited is in any doubt about these matters, they should consult a director or senior manager.

26. All staff, contractors and affiliates of Are They Safe Limited are responsible for ensuring that any personal data (on others), which they hold are kept securely and that they are not disclosed to any unauthorised third party.

27. All personal data should be accessible only to those who need to use it. Those concerned should form a judgement based upon the sensitivity and value of the information in question, but always consider keeping personal data:

• In a lockable room with controlled access, or
• In a locked drawer or filing cabinet, or
• If electronic, password protected, or
• Kept on disks which are themselves kept securely.

28. Care must be taken to ensure that PCs and terminals are not visible except to authorised staff and that computer passwords are kept confidential. PC screens should not be left unattended without password protected screensavers and manual records should not be left where they can be accessed by unauthorised persons.

29. Care must be taken to ensure that appropriate security measures are in place for the deletion or disposal of personal data. Manual records should be shredded or disposed of as “confidential waste”. Hard drives of redundant PCs should be wiped clean before disposal.

30. This Policy also applies to staff and affiliates of Are They Safe Limited who process personal data “off-site”. Off-site processing presents a potentially greater risk of loss, theft, or damage to personal data. Staff and affiliates of Are They Safe Limited should take particular care when processing data at home or in other locations outside the offices of Are They Safe Limited or its affiliated locations.

31. Clients of Are They Safe Limited and / or other Data Subjects have the right to access any personal data which is held by Are They Safe Limited in electronic format and manual records which form part of relevant filing system held by Are They Safe Limited about that person.

32. Any individual who wishes to exercise this right should apply in writing to the Data Protection Officer. Are They Safe Limited will make no charge for data subject access requests. Any such request will normally be complied with within 30 days of the receipt of the written request supported by proof of identity and address.

33. Are They Safe Limited must ensure that personal data is not disclosed to unauthorised third parties unless authorised under the terms of the prevailing data protection legislation or other statute or Court Order or where disclosure of data is required by law or where disclosure of data is required for the performance of Are They Safe Limited’s contractual duty or otherwise exempt.  All staff, contractors and affiliates of Are They Safe Limited should exercise caution when asked to disclose personal data held on an individual to a third party.

34. The prevailing data protection legislation permits certain disclosures without consent to a Competent Authority, such as law enforcement agencies.

35. Are They Safe Limited undertake their services in accordance with the data protection good practice policies, codes, and guides published by the ABI.

36. For reasons of personal security and to protect Are They Safe Limited’s premises and the property of staff, trainees and other visitors, close circuit television cameras may be in operation in several areas. The presence of these cameras may not be obvious. This Policy determines that personal data obtained during monitoring will be processed as follows:

• Any monitoring will be carried out only by a limited number of specified senior managers;
• The recordings will be accessed only by a director or an appointed senior manager:
• Personal data obtained during monitoring will be destroyed as soon as possible after any investigation is complete;
• Staff involved in monitoring will maintain confidentiality in respect of personal data.

Date Effective: 2022-04-06

Glossary of Terms 

Personal Data
Data relating to a living individual who can be identified from that information or from that data and other information in possession of the Controller, includes name, address, telephone number, identity number. Also includes expression of opinion about the individual, and of the intentions of the Controller in respect of that individual.

Special Category Data:
Different from ordinary personal data (such as name, address, telephone) and relates to data revealing or concerning:

• Racial or ethnic origin.
• Political opinions.
• Religious or philosophical beliefs.
• Trade union membership.
• Genetic data.
• Biometric data for the purpose of uniquely identifying a natural person.
• Data concerning health.
• Data concerning a natural person’s sex life or sexual orientation.

The processing of special category data will require one of 10 separate conditions to be met. In addition to the Article 6 lawful basis the processing of the special category data must be necessary for the purpose Are They Safe Limited has identified and that they are satisfied there is no other reasonable and less intrusive way to achieve this purpose.

Five of the 10 conditions also require Are They Safe Limited to meet additional conditions and safeguards as set out under schedule 1 of the Data Protection Act 2018. The conditions must be determined and set out in a written record (Data Protection Impact Assessment) prior to processing commencing to assess the risk. Are They Safe Limited will rarely process special category data but may find some cases where it is, for example, the data subject has provided explicit consent or in legal claims, contemplated legal claims or legal advice and more likely where the reasons are of substantial public interest (with a basis in law). The substantial public interest condition will also require Are They Safe Limited to meet one of 23 specific conditions as set out in Part 2 of Schedule 1 of the Data Protection Act 2018, including and of more relevance to Are They Safe Limited (1) preventing or detecting unlawful acts, (14) preventing fraud, and (20) insurance.

Criminal Offence Data:
Personal data relating to criminal offences are in addition to the lawful basis under Article 6 of the UK GDPR requirement subject to additional conditions because of the potentially significant impact that the processing of such data can have upon the data subject. The additional conditions (there are currently 28 to choose from) are set out in Schedule 1 of the Data Protection Act 2018 and the ICO website. It is important to note that this type of data is treated differently to other types of data, eg special category data. The ICO has explained that this is because the interests of society at large and the need to protect the public from criminal activity are likely to mean that the use of criminal offence data can be justified in a wider variety of circumstances, despite the potential impact on individual rights. The processing of the criminal offence data must be necessary for the purpose Are They Safe Limited has identified and that they are satisfied there is no other reasonable and less intrusive way to achieve this purpose.

Data Subject
Refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

Controller or Joint Controller
means the natural or legal person, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Put simply, the Controller determines what information is needed and why. The Controller’s responsibilities are greater than the Processor’s.

Processor
Is a person or organization who deals with personal data as instructed by a Controller for specific purposes and services offered to the Controller that involve personal data processing. The status of the service provider as Controller or Processor may vary depending on the activity and needs to be reassessed for each processing of an individual’s data.

Third Party
Any individual/organisation other than the Data Subject, the Controller, Joint Controller, Processor, or the agents/sub-contractors appointed by any of them when permitted by the Controller or the client.

Processing
Any operation related to organisation, retrieval, disclosure and deletion of data and includes: Obtaining and recording data. Accessing, altering, adding to, merging, deleting data. Retrieval, consultation or use of data. Disclosure or otherwise making available of data.

Relevant Filing System
Any paper filing system or other manual filing system, which is structured so that information about an individual is readily accessible. Please note that this is the definition of “Relevant Filing System”. Personal data as defined, and covered, by the prevailing data protection legislation can be held in any format, electronic (including websites and emails), paper-based, photographic etc. from which the individual’s information can be readily extracted.

Investigative Service Provider (‘Professional Investigation’)
The Private Security Industry Act 2001 defines investigations as: ….
to any surveillance, inquiries or investigations that are carried out for the purpose of: obtaining information about a particular person or about the activities or whereabouts of a particular person; or obtaining information about the circumstances in which or means by which property has been lost or damaged

Litigation Support Services
An investigation agency client portfolio will inevitably include members of the legal profession and thus potentially forms part of the judicial process. Lawyers rely on outsourced investigative services for a number of reasons; primarily as part of their own case handling for lay, professional or commercial clients in contentious scenarios in contemplation of, or part of on-going legal proceedings. This work is referred to within the judicial system as “Litigation Support” and often includes activities that process personal data.

Privacy
Privacy in its broadest sense, is about the right of an individual to be left alone. It can take two main forms, and these can be subject to different types of intrusion: Physical privacy – interference such as surveillance and the taking of biometric information, and Informational privacy – the ability of a person to control, edit, manage, and delete information about themselves and to decide how and to what extent such information is communicated to others.

Data Protection Law
The UK General Data Protection Regulation as applied in the UK and The Data Protection Act 2018.

 

Data Protection Principles

All processing of personal data must be done in accordance with the seven data protection principles as explained by the ABI guidance. Click here to view.

Principles

Principle 1. Lawfulness, fairness, and transparency. Personal data shall be processed lawfully, fairly and in a transparent manner in relation to individuals.

Principle 2. Purpose limitation. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Principle 3. Data minimization. Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Principle 4. Accuracy. Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay (‘accuracy’).

Principle 5. Storage limitation. Personal data shall be kept in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed.

Principle 6. Integrity & confidentiality (security) Personal data shall be processed in a manner that ensures appropriate security of the Personal Data, whether physical or technical, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

Principle 7. Accountability. Accountability is one of the key principles in Data Protection Law – it makes the ABI Member responsible for complying with the legislation and says that they must be able to demonstrate compliance.

 

Get in Touch
close slider

Request A Consultation

Pin It on Pinterest

Call Now Button