UK THREAT LEVEL: FETCHING...
Rapport Security Logo

Privacy Policy

At Rapport Security Services Ltd (Company No. 12795715), safeguarding your privacy and ensuring the security of your data is as critical to us as the physical security we provide. This comprehensive Privacy Policy defines our data practices, compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and our operational adherence to ISO 27001 Information Security standards.

1. Introduction

Rapport Security Services Ltd ("we", "us", "our") acts as both a Data Controller and, where delivering specific security services under client contracts, a Data Processor. This policy applies to information collected via our website, client portals, physical operations (including CCTV and Body Worn Video), and administrative communications.

2. Information We Collect

To deliver enterprise-grade security and maintain compliance with the Security Industry Authority (SIA), we collect the following categories of data:

  • Identity & Contact Data: Names, job titles, corporate email addresses, phone numbers, and billing addresses provided during contract negotiation or portal registration.
  • Operational Surveillance Data: CCTV footage, thermal imaging metrics, Body Worn Video (BWV) recordings, and Automated Number Plate Recognition (ANPR) logs collected at sites where we operate.
  • Technical & Telemetry Data: IP addresses, browser types, timezone settings, and telemetry data from users accessing our Secure Client Portal or Threat Intelligence Dashboard.
  • Personnel Vetting Data: For employment purposes, comprehensive BS7858 vetting data, including criminal records checks (DBS), financial history, and employment history.

3. How We Use CCTV & Operational Surveillance Data

Surveillance data is processed primarily for the prevention and detection of crime, safeguarding property, and ensuring public safety.

  • Lawful Basis: We process this data under the lawful bases of "Legitimate Interests" (protecting client assets) and "Contractual Necessity".
  • National Operations Centre (NOC): Video feeds and alarm metrics monitored by our 24/7 NOC are strictly accessed by vetted, SIA-licensed personnel on a need-to-know basis.
  • Body Worn Video (BWV): BWV is activated overtly during security incidents. Continuous recording is prohibited unless a threat is identified.

Military-Grade Data Encryption (ISO 27001)

All digital surveillance data, incident logs, and client telemetry are encrypted in transit (TLS 1.3) and at rest (AES-256). Data is hosted exclusively within sovereign UK tier-3 data centers, ensuring compliance with strict data sovereignty requirements.

4. Data Retention Periods

We adhere strictly to the principle of storage limitation:

  • CCTV & BWV Footage: Retained for a maximum of 31 days, unless explicitly tagged for an ongoing internal investigation, insurance claim, or preserved at the request of law enforcement agencies.
  • Access Control Logs: Retained for 12 months to support historical audit trails and compliance reporting.
  • Financial & Contractual Records: Retained for 7 years to satisfy HMRC statutory requirements.
  • Threat Intelligence Feeds: Anonymized and aggregated for long-term strategic analysis. Unredacted personal identifiers are purged within 90 days.

5. Data Sharing & Third Parties

We do not sell, trade, or rent your personal data to third parties. We only share data with:

  • Law Enforcement Agencies: The Police or other statutory authorities upon receipt of a lawful request (e.g., Section 29 of the DPA 2018) for the prevention and detection of crime.
  • Sub-processors: Vetted technology partners (e.g., cloud hosting providers, NOC software vendors) who are contractually bound to the same strict data processing standards.
  • Legal & Financial Auditors: When required for compliance, audits, or legal counsel.

6. Your Legal Rights (UK GDPR)

Under the UK Data Protection Act 2018 and UK GDPR, you possess robust rights concerning your data:

  • Right of Access (Subject Access Request): You may request a copy of the personal data we hold. For CCTV requests, you must provide the exact time, date, location, and a photograph of yourself to facilitate searching.
  • Right to Rectification: Request correction of inaccurate operational or contact data.
  • Right to Erasure (Right to be Forgotten): Request deletion of data where there is no compelling reason for its continued processing (subject to legal exemptions, such as ongoing police investigations).
  • Right to Restrict Processing: Request the suspension of data processing.

Exercising Your Rights:

For Data Subject Access Requests (DSAR) or to contact our Data Protection Officer, please utilize our Secure Data Request Portal or write to us at:

Data Protection Officer
Rapport Security Services Ltd
Kemp House, 160 City Road
London, EC1V 2NX
Email: dpo@rapportsecurity.com