Last Updated: June 2024

This privacy policy provides you with information about how Speciality Security Investigation Group Limited (SSIG) collects and processes your personal data and relates to our use of any personal data we collect from you.

Speciality Security Investigation Group is a controller of personal data. We are registered with the Information Commissioners Office and our registered number is ZB343315. We have a Data Protection Officer who works with us to make sure we process personal information only in the way the Data Protection Legislation says that we should.

What is personal information?

Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person. For example, this could be your name and contact details.

The type of personal information we collect.

We currently collect and process the following types of information.

· Personal identifiers, contacts and characteristics (for example, name and contact details)

· Addresses 

· Physical or mental health conditions

· Website usage data

How we get the personal information?

Most of the personal information we process is provided to us directly by you for the purposes of your employment or training.

We also receive personal information indirectly, from the following sources in the following scenarios:

· Licensing authorities to ensure compliance relating to employment.

· Employers who may undertake our training services on your behalf. 

· Other third parties in relation to our contractual employment responsibilities.

Why we need to use your personal information?

SSIG employs staff to deliver its services, we also need to collect your information to register you for qualifications on the Recognised Qualification Framework (RQF).

The legal basis for processing your personal information?

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing this information is:

· We have a contractual obligation (contract of employment)

· Other contractual obligation (contract of service)

How long we keep your data for?

We will only keep your information for as long as it is required by us in order to comply with legal and regulatory requirements or for other operational reasons. The retention period is either dictated by law or for our business need and is documented in our retention schedule. Once your information is no longer needed it will be securely and confidentially destroyed.

Why we share data and who we share it with.

We may use a number of commercial companies and partners to either store personal information or to manage it on our behalf. Where we have these arrangements there is always a contract, memorandum of understanding or information sharing protocol in place to ensure that the organisations comply with data protection law. Organisations that we may share your information with include licensing authorities and awarding organisations where it relates to qualifications on the Recognised Qualification Framework (RQF).

We may also share your personal information when we feel there is a good reason that is more important than protecting your confidentiality. This does not happen often, but we

may share your information:

· for the detection and prevention of crime/fraudulent activity; or

· if there are serious risks to the public, our staff or to other professionals; or

· to protect a child; or

· to protect vulnerable adults who are thought to be at risk.

When using personal data for research purposes, the data will be anonymised to avoid the identification of an individual, unless consent has been given for the use of the personal data in this way.

We do not sell personal information to any other organisations for the purposes of direct marketing.

How we protect your information

We’ll take all possible steps to protect the information we hold about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:

· Secure emails: Use of secure email networks to ensure that sensitive information is safely shared.

· Controlling access to systems and networks:Allows us to prevent people not permitted to view your personal information from gaining access to it.

· Staff training: Allows us to make all our staff aware of how to handle information and how to report incidents or issues regarding the use of information.

· Regular testing of our IT systems: and ways of working, including keeping up to date on the latest security updates and training all our staff on protecting and using information securely.

Your rights

Data Protection law gives you a number of legal rights. These are:

· The right of access: You can ask SSIG for a copy of the personal information it holds or processes relating to you. We should provide the information within 1 month. If there is a great deal of information or it is difficult to identify and retrieve, then we can ask for a time extension.

· The right to rectification: Everyone is entitled to have their own personal data rectified / changed if it is inaccurate or incomplete. If an organisation has shared the personal data in question with anyone else, then it must also take all reasonable steps to inform them of the change. You will be asked to provide evidence of your identity and the correction so that the organisation can ensure your privacy rights are protected.

· The right to erasure: The right to erasure can sometimes be referred to as ‘the right to be forgotten’. However, this is not an absolute right. You can only request the deletion or removal of personal data where there is no compelling reason for an organisation to keep it. Where the organisation has a statutory obligation or a legally justifiable reason to keep the information they must let you know.

· The right to restrict processing: In some circumstances you have a right to restrict what processing an organisation carries out or ask that they stop processing your personal data. When processing is restricted, the organisation may continue to store your data but not to process it further. However, this right cannot overrule any legal obligation placed on the organisation to continue processing your personal information.

· The right to data portability: Following a request for disclosure of your data, you have the right to ask for your information in a digital format so that you can reuse it for other purposes. For example, data portability could be used to upload your information to a third party price comparison website to compare and identify best value for something like utilities or mobile phone use. It is unlikely that data portability will apply to most of the services you receive from SSIG.

· The right to object: Everyone has the right to object to the processing of their data in limited circumstances. However, you can only object based on “grounds relating to your particular situation”. For example, you may need to maintain a higher level of security due to the type of job you have. In these situations, an organisation must stop processing your personal data unless it can demonstrate compelling grounds for the processing, which override your interests, rights and freedoms or where processing is for the establishment, exercise or defence of legal claims.

· Rights related to automated decision making and profiling: You have a right to request that decisions based solely on automated processing, including profiling, which may produce a legal effect or affect you significantly, have some form of human input so they are not automatically generated by a computer. This right is in place to ensure that potentially damaging decisions are not taken without some form of human intervention. This right also applies to ‘profiling’.

However, this Right will not apply if the decision:

· Is necessary for entering into, or performance of, a contract between you and the data controller (SSIG)

· Is authorised by law, or

· Is based on your explicit consent

Organisations are required to ensure that appropriate safeguards are in place to protect your rights, freedoms and legitimate interests and you can ask to have any computer-made decisions explained to you.

How to request your personal information

Requests should be made in writing – this includes email – and must include sufficient information to clearly identify you, so that we don’t provide your information to someone attempting to impersonate you (for example, your full name, address and date of birth). If you would find it easier to make a Subject Access Request verbally this is possible, however, we will also need copies of documents that prove your identity, in this way we can ensure your privacy rights continue to be protected.

If you wish to authorise someone to act on your behalf – this could be another individual or an organisation, such as your legal representative or Citizens Advice – it is important that you make your wishes clear and provide a form of authority to them so that we know they are acting under your instruction.

To make a request for access to your personal information, to report inaccuracies or raise a complaint, please email us at info@SSIG-uk.co.uk or write to us at Data Protection Officer, Speciality Security Investigation Group Limited, 62 Grove Way I Cottenham I Cambridgeshire I CB24 8BH.

Links to Other Websites

Our service may contain links to other websites that are not operated by Us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Children's Privacy

Our service does not address anyone under the age of thirteen (13) and we do not knowingly collect personally identifiable information from anyone under the age of thirteen (13). If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact Us. If we become aware that we have collected Personal Data from anyone under the age of thirteen (13) without verification of parental consent, we take steps to remove that information from our servers.

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include:

· Cookies or Browser Cookies

A cookie is a small file placed on your device. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, you may not be able to use some parts of our service. Unless you have adjusted your browser setting so that it will refuse Cookies, our service may use Cookies.

· Flash Cookies

Certain features of our service may use local stored objects (or Flash Cookies) to collect and store information about your preferences or your activity on our service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read "Where can I change the settings for disabling, or deleting local shared objects?" available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting_local_shared_objects_ [helpx.adobe.com] 

· Web Beacons

Certain sections of our service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when You go offline, while session Cookies are deleted as soon as You close your web browser. 

We use both Session and Persistent Cookies for the purposes set out below:

· Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide you with services available through the website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.

· Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

· Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices you make when you use the website, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid You having to re-enter your preferences every time You use the website.

How to make a complaint

We will always try to help you with queries and respond appropriately to all requests regarding the processing of your information.

If you have a concern about the way we are collecting or using your personal data or are not satisfied with the way we handle your requests please raise your concern with us in the first instance to allow us to investigate.

If you are still not satisfied with the company’s internal review procedure, you can refer:

your concerns to the Information Commissioner’s Office on their website or write to:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Changes to our Privacy Policy

We keep our privacy policy under regular review.