Privacy Notice

Akon Security Services Ltd privacy notice

​

 1. Scope

All processing of personal data by AKON Security is within the scope of this procedure.

2. Responsibilities

2.1  The Data Protection Officer / GDPR Owner is responsible for ensuring that the privacy notice(s) is correct and that mechanisms exist such as having the Privacy Notice(s) on AKON website to make all data subjects aware of the contents of this notice prior AKON commencing collection of their data.

2.2  All staff that need to collect personal data are required to follow this procedure.

3. Procedure Article 12Akon Security Services Ltd
Security House, 19b Roper Close, Canterbury, Kent CT2 7EP
Email: operations@akonsecurity.com

Who we are
Akon Security Services Ltd provides professional security services. We are the data controller for the personal data we collect and use.
Personal data we collect

We may collect:
•    Name, job title and contact details
•    Enquiry information when you contact us
•    Client and supplier contact information
•    Employment and vetting information if you apply to work with us (handled through HR and screening processes)
•    Incident reports and site attendance records where relevant to our services

How we use personal data

We use personal data to:
•    Provide and manage our services and contracts
•    Respond to enquiries and manage relationships with clients and suppliers
•    Recruit, vet and manage personnel
•    Meet legal and regulatory obligations
•    Protect our people, clients and the public (e.g., incident prevention and investigation)

Lawful bases

We rely on one or more of:
•    Contract (to deliver services or process an application)
•    Legal obligation (e.g., right to work, taxation)
•    Legitimate interests (e.g., business administration, security, incident management)
•    Consent (for optional marketing or where required)

Sharing your data

We may share personal data with:
•    Clients where necessary for service delivery
•    Our service providers and professional advisers (under contract)
•    Regulators or law enforcement when required by law

We do not sell personal data.

International transfers
We do not routinely transfer personal data outside the UK. If a transfer is necessary, we will use a lawful transfer mechanism and safeguards.

Retention
We keep personal data only as long as necessary for the purposes above and then delete or anonymise it in line with our retention rules.

Your rights
You have rights over your personal data, including to access, correct, delete, restrict, or object to our use of it, and (in some cases) to portability or to withdraw consent.
To exercise your rights, contact operations@akonsecurity.com.
If you’re unhappy, you can complain to the ICO: ico.org.uk | 0303 123 1113.

Cookies and marketing
Our website uses essential cookies. We may also use non essential cookies with your consent—your preferences can be managed via the cookie banner. We only send marketing where permitted by law, and you can opt out at any time.

Updates
We may update this notice from time to time. The latest version will always be available on this page.

3.1 AKON identifies the legal basis for processing personal data before any processing operations take place by clearly establishing, defining and documenting:

3.1.1  the specific purpose of processing the personal data and the legal basis to process the data under:

3.1.1.1 consent obtained from the data subject;

3.1.1.2 performance of a contract where the data subject is a party;

3.1.1.3 legal obligation that AKON is required to meet;
3.1.1.4 protect the vital interests of the data subject, including the protection of rights and freedoms;

3.1.1.5 official authority of AKON or to carry out the processing that is in the public interest;

3.1.1.6 necessary for the legitimate interests of the data controller or third party, unless the processing is overridden by the vital interests, including rights and freedoms;

3.1.1.7 national law.

3.1.2  any special categories of personal data processed and the legal basis to process the data under:

3.1.2.1 explicit consent obtained from the data subject;
3.1.2.2 necessary for employment rights or obligations;
3.1.2.3 protect the vital interests of the data subject, including the protection of rights and freedoms;
3.1.2.4 necessary for the legitimate activities with appropriate safeguards;
3.1.2.5 personal data made public by the data subject;
3.1.2.6 legal claims;
3.1.2.7 substantial public interests

3.1.2.8 preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, provision of health or social care treatment, or management of health and social care systems and services, under the basis that appropriate contracts with health professionals and safeguards are in place;

3.1.2.9 public health, ensuring appropriate safeguards are in place for the protection of rights and freedoms of the data subject, or professional secrecy;

3.1.2.10 national laws in terms of processing genetic, biometric or health data.

3.2 AKON records this information in line with its data protection impact assessment and data inventory.

4. Privacy notices

4.1  When personal data collected from data subject with consent

4.1.1  AKON is transparent in its processing of personal data and provides the data subject with the following:

4.1.1.1  AKON’s identity, and contact details of the Data Protection Officer / GDPR Owner and any data protection representatives;

4.1.1.2  The purpose(s), including legal basis, for the intended processing of personal data (clause 4.2 below);

4.1.1.3  Where relevant, AKON’s legitimate interests that provide the legal basis for the processing;

4.1.1.4  Potential recipients of personal data;

4.1.1.5  Any information regarding the intention to disclose personal data to third parties and whether it is transferred outside the EU. In such circumstances, AKON will provide information on the safeguards in place and how the data subject can also obtain a copy of these safeguards;

4.1.1.6  If AKON is based outside of the EU and the data subject resides within it (the EU), the AKON provides the data subject with contact details of a data protection representative in the EU;

4.1.1.7  Any information on website technologies used to collect personal data about the data subject;

4.1.1.8  Any other information required to demonstrate that the processing is fair and transparent.

4.1.2  All information provided to the data subject is in an easily accessible format, using clear and plain language, especially for personal data addressed to a child.

4.1.3  AKON facilitates the data subject’s rights in line with the data protection policy (GDPR DOC 1.0) and the subject access request procedure (GDPR DOC 2.2).

4.1.4  Privacy notice for this personal data processing is recorded (GDPR REC 4.1)

4.2  When data is contractually required for processing

4.2.1 AKON processes data without consent in order to fulfil contractual obligations

4.2.2 Privacy notice for this personal data processing is recorded (GDPR REC 4.1)

4.3 When personal data has been obtained from a source other than the data subject

4.3.1 AKON makes clear the types of information collected as well as the source of the personal data (publicly accessible sources) and provides the data subject with:

4.3.1.1 AKON’s (data controller) identity, and contact details of the Data Protection Officer / GDPR Owner and any data protection representatives;

4.3.1.2 The purpose(s), including legal basis, for the intended processing of personal data;

4.3.1.3 Categories of personal data;

4.3.1.4 Potential recipients of personal data;

4.3.1.5 Any information regarding disclosing personal data to third parties and whether it is transferred outside the EU – AKON will provide information on the safeguards in place and how the data subject can also obtain a copy of these safeguards;

4.3.1.6 Any other information required to demonstrate that the processing is fair and transparent.

4.3.2 Privacy notice for this personal data processing is recorded

5.

5.1  AKON provides the information stated in clauses 3 and 4 above within:

5.1.1  one month of obtaining the personal data, in accordance with the specific circumstances of the processing;

5.1.2  at the first instance of communicating in circumstances where the personal data is used to communicate with the data subject;

5.1.3  when personal data is first disclosed in circumstances where the personal data is disclosed to another recipient.

5.2  Clauses 3 and 4 above do not apply:

5.2.1 If the data subject already has the information;
5.2.2 If the provision of the above information proves impossible or would involve an excessive effort;
5.2.3 If obtaining or disclosure of personal data is expressly identified by Member State law; or
5.2.4 If personal data must remain confidential subject to an obligation of professional secrecy regulated by Member State law, including a statutory obligation of secrecy.

Document owner and approver

A current version of this document is available to all members of staff upon request to the Management Team.

This procedure was approved by the Managing Director on 18 Oct 2019 and is issued on a version controlled basis under his signature. 

​

The Data Protection Officer / GDPR Owner is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR.