Fire Door Inspector with book papers flying in the air

Privacy Policy

This Privacy Policy explains how Preventt Limited collects, uses, stores and shares personal data, and the rights available to individuals in relation to that data.

  • business clients and their personnel;
  • customers, residents and other individuals whose data we process in connection with services provided to our clients;
  • prospective clients;
  • visitors to our website; and
  • applicants for employment or engagement.

In this policy, “personal data” means any information relating to an identified or identifiable individual. This includes information provided to us directly, received from third parties, or created by us in connection with our services.

Our Privacy Policy relates to the following categories of individuals:

Where Preventt provides services on behalf of a client organisation, that organisation may act as the controller of certain personal data and Preventt may process that data on its behalf as processor. Where Preventt determines the purposes and means of processing, Preventt acts as controller.

  • the preventt.co.uk website;
  • online forms used for operational, service or enquiry purposes; and
  • Preventt’s central business functions, including operations, client services, finance, business development, marketing, human resources and IT.


Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:

By visiting any of our websites or by using any of these services, you acknowledge the practices described in this privacy policy.

  1. Privacy commitments

Preventt will:

  • process personal data lawfully, fairly and transparently;
  • collect personal data only where there is a valid legal basis for doing so;
  • limit collection to data that is relevant and necessary for the relevant purpose;
  • take reasonable steps to keep personal data accurate and up to date;
  • retain personal data only for as long as necessary;
  • securely delete or anonymise personal data when it is no longer required;
  • implement appropriate technical and organisational measures to protect personal data;
  • ensure that staff are trained on their data protection responsibilities; and
  • respect the rights available to individuals under applicable data protection law.
  1. Personal data we may collect

The personal data we collect will depend on the nature of the relationship, the services involved, and the way in which contact is made. It may include:

  • personal contact details, such as name, title, postal address, email address and telephone number;
  • business contact details, such as employer, job title, work address, work email address and work telephone number;
  • information relating to enquiries, instructions, bookings and service delivery;
  • account and login details, including usernames and encrypted passwords;
  • correspondence and communications, including emails, call recordings and operational SMS or instant messages where used for business purposes;
  • payment, billing and financial information, including bank details, payment history and related transaction records;
  • identification information, including passport, driving licence, visa, right to work and similar official records where required;
  • employment and recruitment information, including CVs, cover letters, references, qualifications, training records and interview notes;
  • online identifiers and technical data, including IP address, cookies and related website usage information;
  • marketing and communication preferences, including consent records and opt-out information;
  • photographs, documents and records relevant to the services or business processes; and
  • special category data or criminal offence data only where strictly necessary, lawful and proportionate, including where required for recruitment, health and safety, fraud prevention, legal compliance or the proper delivery of services.

Individuals should not provide personal data that is not reasonably required for the relevant purpose.

  1. Purposes of processing and legal bases

Preventt may process personal data for the following purposes:

  • to respond to enquiries and requests;
  • to provide, administer and support our services;
  • to communicate in relation to services, instructions, accounts and operational matters;
  • to manage client relationships and contractual arrangements;
  • to carry out recruitment and engagement processes;
  • to maintain records, accounts, audit trails and internal reporting;
  • to protect the security of our systems, premises, personnel and information;
  • to detect, prevent and investigate fraud, misuse or other unlawful activity;
  • to comply with legal, regulatory and professional obligations;
  • to establish, exercise or defend legal claims; and
  • where permitted, to send marketing or promotional communications.

Our legal bases for processing may include:

  • performance of a contract;
  • compliance with a legal obligation;
  • legitimate interests pursued by Preventt or a third party, except where overridden by the interests or fundamental rights and freedoms of the individual; and
  • consent, where consent is required or relied upon.

Where processing is based on legitimate interests, those interests may include the proper operation of our business, delivery and improvement of services, protection of our legal position, prevention of fraud, maintenance of records, and management of client and supplier relationships.

Where processing is based on consent, consent may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

  1. Retention of personal data

Preventt retains personal data only for as long as reasonably necessary for the purpose for which it was collected, including for the purposes of satisfying legal, regulatory, tax, accounting, reporting and evidential requirements.

Retention periods may include:

  • marketing data: up to 5 years from the last meaningful engagement, unless consent is withdrawn earlier;
  • enquiry and service-related data: up to 7 years from the last enquiry, instruction or service activity;
  • billing, payment and accounting records: up to 7 years from the end of the relevant financial period;
  • complaints and related correspondence: up to 6 years from closure;
  • call recordings and operational messages: up to 1 year, unless a longer period is required for legal, regulatory, evidential or training purposes;
  • unsuccessful recruitment records: up to 12 months from the conclusion of the recruitment process; and
  • active account information: for the duration of the account and for a reasonable period thereafter where required for lawful business purposes.

Where different retention periods apply to the same data, the longer period may be applied where justified. At the end of the applicable retention period, personal data will be deleted or anonymised, unless continued retention is required by law or is otherwise lawful.

  1. Sharing of personal data

Preventt may share personal data where necessary for legitimate business purposes, contractual performance, legal compliance, or with consent where consent is the appropriate basis.

Personal data may be shared with:

  • service providers and advisers who support our business operations, including providers of IT, communications, hosting, payment, audit, legal, financial, recruitment, operational and administrative services;
  • clients and their authorised representatives where necessary for the delivery of contracted services;
  • regulators, law enforcement agencies, courts, tribunals or public authorities where disclosure is required or reasonably necessary; and
  • actual or proposed purchasers, investors or successors in connection with a business sale, acquisition, restructuring or similar transaction, subject to appropriate confidentiality obligations.

Where third parties process personal data on our behalf, we require them to do so only on documented instructions, to keep the data secure, and to use it only for authorised purposes.

  1. International transfers

Preventt does not currently share personal data outside the EU. Wherever possible we will minimise sharing data internationally, however, it’s possible that we will have legitimate business reasons to do so. If that’s the case we reserve the right to share personal data internationally and will update our Privacy Policy if that becomes the case to reflect this. As with all our providers, we will have strict controls in place to make sure it’s properly protected.

  1. Rights of individuals

Subject to applicable law, individuals may have the right:

  • to be informed about the processing of their personal data;
  • to request access to their personal data;
  • to request correction of inaccurate or incomplete personal data;
  • to request erasure of personal data in certain circumstances;
  • to request restriction of processing in certain circumstances;
  • to object to processing in certain circumstances;
  • to request transfer of personal data to another provider where the right to data portability applies; and
  • not to be subject to a decision based solely on automated processing where the law provides that protection.

Where processing is based on consent, an individual may withdraw consent at any time. These rights are not absolute and may be subject to legal exemptions or conditions.

To find out more information about these rights and our obligations, please visit the Information Commissioner’s Office website https://ico.org.uk

  1. How to contact us and exercise your rights

Requests concerning personal data, including requests to exercise data protection rights, should be sent to our Data Protection Officer by emailing: dataprotection@preventt.co.uk, or write to us at:

Data Protection Officer

Preventt

3rd Floor 86-90 Paul Street

London

EC2A 4NE

We may request information reasonably necessary to verify identity before responding to a request. This may include name, contact details and a certified copy of an official identity document where appropriate. Preventt will respond to valid requests within the time required by applicable law.

If you have a complaint about how Preventt handles personal data, you may contact us using the details above. You also have the right to complain to the Information Commissioner’s Office in the United Kingdom if you consider that your personal data has been processed unlawfully.

If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner’s Office – https://ico.org.uk