Privacy Policy

Privacy

Introduction

Clarion Security Systems Ltd (“the Company”) is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains:

When and why we collect personal data.
How we use it.
The conditions under which we may disclose it to others.
How we keep it secure.

This Privacy Policy explains how we collect, use, and protect your data. This Privacy Policy applies to all personal data we process, whether collected through our website, during the delivery of services, or through other interactions with our business. By using our services or this website, you acknowledge that you have read and understood this policy. For any questions, please contact info@clarionuk.com.

Compliance & Responsibilities

This policy applies to all Company staff, contractors, and third-party service providers.

Data Controller: The Company is the data controller, responsible for handling personal data.
Data Protection Representative (DPR): Our Managing Director is responsible for day-to-day data protection compliance. A Data Protection Officer (DPO) will be appointed if legally required.
Individuals providing personal data must ensure accuracy and notify the Company of any updates.

Lawful Basis for Processing Personal Data

We process personal data under the following legal bases:

Contractual Necessity: When processing is required to provide a service.
Legal Obligation: To comply with regulations (e.g., tax, employment, security screening).
Legitimate Interests: To operate and improve our services securely.
Consent: We will only use personal data for marketing communications if we have obtained your explicit consent. At present, we do not engage in marketing activities.

Data Protection Principles

Under UK GDPR, we process personal data based on the following principles:

Lawfulness, Fairness & Transparency: We ensure clear and lawful processing.
Purpose Limitation: Data is only used for the purpose it was collected.
Data Minimisation: We only collect essential data.
Accuracy: Personal data is kept accurate and up to date.
Storage Limitation: Data is retained only as long as necessary.
Security & Confidentiality: Data is protected against unauthorised access.

What Personal Data We Collect

We may collect and process:

Clients & Potential Clients: Name, address, email, phone number, keyholder details.
Employees & Subcontractors: Name, contact details, background screening information (collected under legal obligations). This may include employment, payroll, training, competency, health and safety, and IT access records, where required by law or contract.
System Users (e.g., security system users): Keyholder details, location data, system logs.
Remote Access & Security System IP Addresses: When our security personnel, customers, or authorized users connect remotely to security systems, we log the external IP address used for authentication and monitoring. These logs are maintained for security and compliance purposes.
Website Visitors’ IP Addresses: When visitors access our website, their IP addresses may be logged temporarily for security monitoring, fraud prevention, and system diagnostics. These addresses are not linked to specific individuals and are deleted automatically after 60 days. We may use aggregated web analytics data, such as visit duration and page interactions, collected through tools like Google Analytics. This data does not identify individuals.

How We Use Your Personal Data

We process personal data to:

Provide security system installation and maintenance.
Process customer enquiries and contracts.
Manage security system users and keyholders.
Meet legal obligations (e.g., regulatory compliance, fraud prevention).
We process IP addresses to monitor website security, prevent fraud, and improve system performance.

We do not sell or rent personal data to third parties.

Data Sharing & Third-Party Processors

We may share data with:

Service Providers: IT support, cloud storage, payment processors.
Law Enforcement Authorities: Where required by law.
Subcontractors: For security system installation and maintenance.

We ensure third parties comply with UK GDPR through Data Processing Agreements (DPAs).

International Data Transfers

If personal data is transferred outside the UK, we ensure:

Adequacy Decisions (for countries approved by the UK government).
Standard Contractual Clauses (SCCs) for other countries.

Data Retention Policy

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to meet legal, contractual, regulatory, and operational requirements.

Retention periods are defined and controlled in accordance with QA004 – Control of Documented Information, which sets out the Company’s record retention schedule.

In summary:

Customer records (including contracts, system records, maintenance records and correspondence): Retained for up to 6 years after contract termination, in line with contractual and legal requirements.
Keyholder and security system data: Retained for the duration of the contract and for a limited period thereafter in accordance with QA004 and NSI requirements.
CCTV footage: Retained for up to 31 days, unless required for investigation, legal proceedings, or by law enforcement.
Employee and screening records: Retained in line with employment law, security regulations, and QA004 retention requirements.
Website visitor IP addresses: Retained temporarily for security and diagnostic purposes and deleted automatically after 60 days.

After the applicable retention period, personal data is securely deleted or anonymised

Data Security

We take steps to protect personal data, including:

Encryption for stored and transmitted data.
Access controls to restrict unauthorised access.
Regular cybersecurity audits.

Your Rights Under UK GDPR

You have the right to:

Access your data (Subject Access Request – SAR).
Correct inaccuracies in your data.
Request deletion (‘right to be forgotten’), subject to legal requirements.
Restrict or object to processing under certain conditions.
Request data portability where applicable.
Withdraw consent for marketing communications.
Lodge a complaint with the ICO (www.ico.org.uk) if you believe your data is mismanaged.

To exercise your rights, email info@clarionuk.com. We respond within one month (or up to three months for complex cases). SARs are free, but we may charge a reasonable fee for excessive requests.

Use of Cookies

If our website uses cookies, we provide a separate Cookie Policy explaining:

Types of cookies used (essential, analytics, advertising).
How to manage or disable cookies.

For details, refer to our Cookie Policy: https://clarionuk.com/cookies/

Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy policies. Always review external privacy policies before providing personal data.

Updates to This Policy

We review and update this Privacy Policy periodically. Any changes will be posted on our website. Significant changes will be communicated directly where necessary.

For further information, visit the ICO website (www.ico.org.uk).

For questions about this Privacy Policy, contact us at info@clarionuk.com.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_DMLYN0Q2QE	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_29049562_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
_hjSession_2344695	30 minutes	No description
_hjSessionUser_2344695	1 year	No description
CLID	1 year	No description
SM	session	No description available.

Privacy

Privacy

Accreditations