HomeServicesRecruitmentAboutContact

Privacy Policy

Data Protection and Information Management

1. Privacy Statement

1.1 Our Commitment

Marchstone Security Limited is committed to safeguarding the privacy and protecting the personal data of all individuals who interact with our organisation. In compliance with UK and EU data protection regulations, this privacy policy explains what information we collect, how we use personal data, our data processing practices, and your rights regarding your personal information.

As a professional security services provider, we understand the critical importance of data protection and maintain the highest standards of information security and privacy management in accordance with our ISO 27001 certification and GDPR requirements.

1.2 Legal Framework

This privacy policy complies with:

  • General Data Protection Regulation (GDPR) 2016/679
  • Data Protection Act 2018
  • UK GDPR (post-Brexit implementation)
  • Privacy and Electronic Communications Regulations 2003
  • Human Rights Act 1998
  • Private Security Industry Act 2001

1.3 Data Controller Information

Marchstone Security Limited is the data controller for personal data processed under this policy.

Company Registration: 16717355
Registered Office: Rivar Farm House, Rivar Farm, Shalbourne, Marlborough, Wiltshire SN8 3RL
Data Protection Officer Contact: dpo@marchstonesecurity.com

2. Information We Collect

2.1 Direct Collection

We obtain information through:

  • Service enquiries and consultations
  • Contract negotiations and agreements
  • Application forms and registration processes
  • Website interactions and communications
  • Training course registrations
  • Direct communications (email, telephone, post)

2.2 Automatic Collection

  • Website analytics and usage data
  • Cookie information and preferences
  • IP addresses and browser information
  • Security system logs and access records

3. Lawful Basis for Processing

We process personal data on the following legal bases:

  • Legitimate Interests (Article 6(1)(f)): Providing effective security services, risk management, business operations, and regulatory compliance.
  • Contract Performance (Article 6(1)(b)): Delivering contracted services, processing requirements, managing deployment, and handling payments.
  • Legal Obligation (Article 6(1)(c)): SIA licensing, health and safety, criminal record checking, and employment law compliance.
  • Consent (Article 6(1)(a)): Marketing communications, optional data collection, and website cookies.
  • Vital Interests (Article 6(1)(d)): Medical emergencies, life-threatening security situations, and child protection.

4. How We Use Your Information

Your information is used for security service provision including risk assessments, personnel deployment, incident response, and client communication. It is also used for personnel management, client relationship management, billing, compliance, and legitimate business communications.

5. Information Sharing

Personal data is shared internally on a need-to-know basis. We may share information with subcontractors, training providers, professional advisors, and auditors as necessary for service delivery. Information may be disclosed to law enforcement, regulatory bodies, courts, and emergency services as required by law.

6. Data Retention

  • Active client contracts: duration of contract plus 7 years
  • Security incident records: 7 years from incident date
  • Employment records: 6 years after employment ends
  • DBS certificates: 6 months after recruitment decision
  • Website analytics: 26 months from collection

7. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict processing
  • Data portability
  • Object to processing

To exercise your rights, contact our Data Protection Officer at dpo@marchstonesecurity.com. We will respond within one month of receipt.

8. Data Security

We implement AES-256 encryption at rest, TLS 1.3 in transit, multi-factor authentication, role-based access controls, network segmentation, and regular vulnerability assessments. Physical measures include secure facilities with 24/7 monitoring, biometric access controls, and environmental controls.

9. Data Breach Notification

In the event of a data breach, we will notify the ICO within 72 hours where required, and affected individuals without undue delay for high-risk breaches.

10. Contact

Data Protection Officer: dpo@marchstonesecurity.com
Privacy Enquiries: enquiries@marchstonesecurity.com
Telephone: +44 1635 534952

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

11. Policy Updates

This policy is reviewed annually and updated when significant changes occur. We will notify you of material changes by email or through our website.

Last updated: April 2026