CIO Security collects and processes personal data relating to its customers. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
CIO Security collects the following data from its customers:
- Company Name
- Phone Number
- Email Address
- Site/Venue Information including information required to complete Surveys, Assignment Instructions, Risk Assessments, emergency contact information including keyholders and signed contracts.
- Alarm codes
- Records of incidents and issues
- Records of complaints
- Where applicable – Recorded CCTV footage through an external DVR
- Recorded Audio of telephone conversations (where applicable
This data will be stored on our internal servers or hard copy in secure locations, password protected if relevant and backed up. Data will not be held longer than is necessary, and in line with our document control procedure.
Why does the organisation process personal data?
CIO Security processes personal data to provide a Security Service, with the permission of the customer.
Who has access to data?
- Your information is shared with CIO Security staff to enable the provision of a security service.
- All staff employed by CIO Security have undergone security screening in line with BS 7858.
- Where necessary the organisation will share your data with specific third parties, such as the emergency services, governing body or assessing body to enable the provision of a security service.
- The organisation may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
CIO Security will not share your personal data with any other third party without your express permission.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
For how long does the organisation keep data?
Personal data, such as contact details, will be kept for the duration of the client contract plus a further 3 years, in line with our data retention procedure.
Any video recording will be retained for a minimum of 30 days, after which it will only be retained if there is a requirement ie for court evidence.
Any voice data will be retained for a minimum of 90 days in line with the British Standard BS 5979, after which it will only be retained if there is a requirement ie for court evidence
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the organisation to change incorrect or incomplete data; and
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing.
If you would like to exercise any of these rights, please contact the Data Controller as detailed below. Where we will respond within 30 days.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
The personal data is required to enable CIO Security to provide a Security Service. All personal data provided is done by the customer’s consent. Failure to provide the data required would greatly hinder the ability of CIO Security to provide this service.