City Security Services aims to form a partnership with its customers providing ethical and valuable approaches. Our methods are to optimise and improve the safety of their staff and customers. With tailored management, this allows us to provide a personal, pro-active service that adapts to their circumstances.
We will be the ‘business partner’, maintaining and improving on the general security aspects to provide a further safeguard for people and property. With us, you can expect the utmost diligence.
CSS operates from a central Head Office in London with a secondary office in Cambridge.
CSS is committed to protecting your personal information and respecting your privacy and rights when it comes to information processing. CSS is committed to maintaining compliance with current data protection legislation, any future legislation that comes into force as and when required, and to maintain transparency about how it processes personal data.
CSS processes the personal data of both its own employees and its business contacts and works to robust information security policies to ensure this data is kept secure and the risk of data breach is reduced to a minimum.
This Privacy Notice informs you how and why CSS collects your personal information, how CSS processes your personal information, who has access to your personal information, and details your rights as an individual to control how your personal information is processed.
By continuing to use CSS’s services you give CSS permission to process your personal data for the purposes identified as set out within this Privacy Notice.
This Privacy Notice contains information regarding:
- LAWFUL BASIS FOR PROCESSING YOUR INFORMATION
- COLLECTION OF PERSONAL INFORMATION
- HOW CSS USES YOUR INFORMATION
- VISITORS TO THE CSS WEBSITE
- ENQUIRIES
- COMMUNICATIONS
- PEOPLE WHO USE CSS SERVICES
- RECRUITMENT, STAFF DETAILS AND SECURITY SCREENING
- CCTV
- COMPLAINTS
- YOUR RIGHTS
- SUBJECT ACCESS REQUESTS
- CHANGES TO THIS PRIVACY NOTICE
- HOW TO CONTACT US
- DISCLAIMER
- LINKS TO OTHER WEBSITES
To comply with the data protection requirements of the General Data Protection Regulation (GDPR), there must be a lawful basis to collect, process and store any personal data that you provide CSS with. For CSS as a data controller, the lawful bases under which personal data is processed include:
- The contractual agreement with each client for the provision of security services. Personal information that CSS collects during the application process will be limited to what is necessary and processed for the purposes of fulfilling its contractual obligations.
- Where the processing is necessary for the purposes of legitimate interests pursued by CSS or by yourselves as a third party. (Where such interests are overridden by your interests or fundamental rights and freedoms, CSS will instead ask for your consent.)
- Any active consent you may have given CSS to receive or access particular services where another lawful basis does not apply. You will be asked to demonstrate your consent with an affirmative action, such as ticking a box or filling in your email address.
When you access and browse the CSS website and when you correspond with CSS by phone, post or email, you may give CSS information about yourself. This information can include your name, postal address, email address, landline and/or mobile telephone number and information about your employment (including your job title, responsibilities and employer’s details) as well as other personal information.
This Privacy Notice applies, but is not limited to, personal information that CSS collects from:
- visitors to the CSS website;
- associated third party organisations, stakeholders, suppliers and subcontractors;
- complainants and other individuals in relation to a complaint or enquiry;
- individuals who use CSS services;
- job applicants and CSS current and former employees;
- visitors to the CSS Head Office
Where CSS collects personal data (for example your name, postal address or e-mail address) this information is used exclusively by CSS for providing the services you have requested or which are detailed within your service contract. CSS will only pass your personal data to relevant third-party organisations or individuals either as a contractual requirement, with your explicit consent, or if specifically compelled to do so by law or court order or other legitimate reason.
Unfortunately, the transmission of information via the internet is not completely secure. Although CSS does its best to protect your personal data, it cannot guarantee the security of your data transmitted to the CSS site; any transmission is at your own risk. Once CSS has received your information, robust information security measures in place protect it and minimise the risk of unauthorised access.
Public Website Areas
You can visit the CSS website without revealing who you are or giving any information about yourself, except where you voluntarily choose to give CSS your personal details via e-mail or by enquiring about any of CSS’s services.
Website Forms
In order to access ‘Contact Us’ on the CSS website you may be required to fill in a web form which includes completing your personal details. When you submit a web form, this information is sent directly to CSS only, and is then processed as appropriate.
Cookie Policy
Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. CSS will occasionally place a cookie on the visitor’s hard drive in order to provide more user-friendly browsing or useful features to the web site visitor. Most browsers are initially set to automatically accept cookies. If you prefer, you can reconfigure your browser to reject cookies, but you may not be able to take full advantage of our website if you do so.
With regard to each of your visits to CSS’s website, CSS may also collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating systems and platforms; and
- information about your visit, including the full Uniform Resource Locators (URL) clickstreams to, through and from CSS’s websites, information you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse away from that page and any phone number used to call us.
People who email CSS
CSS may monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
CSS receives enquiries about security services through the website and by telephone, post and email. Enquiries will typically require the person to enter some form of contact details to allow CSS to follow them up.
For general enquiries, a record of the enquiry is retained by CSS until the enquiry has been dealt with and no further follow up is needed.
All information provided to CSS is treated as Confidential.
Information is only shared with a third party with a legitimate interest, for example the SIA, when necessary. CSS may also share information with the Police if there is a lawful basis for doing so.
Applicants for roles at CSS are asked to provide their personal information for the application process, including their current Curriculum Vitae and a Covering Letter, either directly or through a Recruitment Agency. This information is used solely by CSS management for the purpose of assessing the applicant’s suitability for the role, leading to a possible invitation to interview.
CSS does not share this information with any other party within this time. Applicants do have the right to contact the HR Manager and withdraw their details at any time during the recruitment process, and the HR Manager will then update the records accordingly.
CSS requires successful applicants to provide proof of identity, such as a passport or a birth certificate, to ensure the applicant is eligible to work in the UK, which is a legal requirement. CSS also requires the applicant’s full name, contact details, home address, bank details and name and contact details of their next of kin. CSS may also ask about any medical conditions, details of which remain strictly private and confidential for the attention of the HR Manager only.
A Staff Details form is given in the new starter pack along with the contract of employment. CSS collects personal data using this form for the purpose of setting up the employee on the payroll system, the pension scheme and to facilitate the security screening background checks. CSS will only share the employee’s details with the third parties providing these services to allow the service provision.
The contract of employment forms CSS’s lawful basis to process employees’ personal data in order to fulfil its contractual obligations, plus any specific consent given by the employee for additional services or benefits. Information disclosed remains strictly private and confidential and under the control of the HR Manager, and only accessible by the MD and HR Manager. Should an employee wish to enquire about the personal information CSS holds about them, they can make a ‘subject access request’ to the HR Manager.
Successful applicants to CSS are required to complete a security screening check before commencing employment with CSS. This process is outsourced to ‘Affordable Screening’, a CSS approved screening company. The Screening Company collect personal data for the purpose of carrying out background screening on behalf of CSS employees.
Successful applicants are asked to complete a security screening application form provided by the CSS HR Manager.
Applicants are asked to provide their current passport or a birth certificate, a driving license and a utility bill or bank statement with their current home address stated. These forms are checked and counter signed by the HR Manager and then forwarded to the Screening Company.
The Screening Company will ask the applicant about their previous work experience, education, referee details, and for answers to the questions relevant to the role they have applied for. The Screening Company will share the applicant’s name, date of birth and address history with third parties (the Criminal Disclosure and Barring Service and Equifax) where it is necessary to fulfil their contractual obligations to the applicant and to CSS, and where obliged to do so by law.
Once the preliminary screening is successful, the applicant can then commence their employment with CSS. The HR Manager compiles a separate file relating to their employment containing the documentation listed above. Please note this file is kept separately to the employee’s HR file. The information contained in this is only used for purposes directly relevant to that person’s employment.
Each individual is asked to sign a contractual agreement and complete the required documentation before they commence their relationship with CSS. Personal data requested will be limited to what is appropriate for the role and kept Confidential at all times. Records are kept by CSS for 7 years after cessation of the contract with CSS.
CSS has CCTV cameras installed around the Head Office in London for the purposes of crime prevention and public safety. CSS staff, visitors to CSS or passers-by may be recorded on these cameras. The footage is stored by CSS for a limited time before it is overwritten. CSS may monitor the footage in the event of a security breach. CSS will only ever share the footage with the local Police force in the event of a criminal investigation.
Details about complaints made and the parties involved are stored securely on CSS’s internal database. It may be necessary to share the contact details of the complainant with the parties involved or with other relevant bodies in order to progress the complaint. CSS will gain authorisation from the complainant before passing any Confidential information or personal data to other parties
CSS takes any complaints received about collection and use of personal data very seriously and encourages people to bring to its attention any collection or use of information they think is unfair, misleading or inappropriate.
Complaint details are retained for 7 years before destruction in case of any further proceedings.
Under the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA), CSS recognises and respects that you have rights as an individual providing personal data:
- You have the right to know exactly how your personal data will be processed by CSS. CSS commits to processing your data fairly, lawfully and transparently, details of which are set out in this Privacy Notice.
- You have the right to request access to the personal data that CSS holds about you.
- You have the right to request changes to the data held about you if the data is incorrect or requires additional information.
- You have the right to request erasure of your data or the right to be forgotten completely, where there is no legitimate reason for your data to continue to be processed.
- You have the right to request that processing of your data is restricted so that the data remains stored but is not further processed by CSS.
- You have the right to request a copy of your data in a portable format.
- You have the right to object to your data being processed, if the processing is for a legitimate interest without compelling grounds, or for direct marketing.
CSS retains the right to continue processing personal data if there are compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual, or the processing is for the establishment, exercise or defence of legal claims.
If you wish to make a free Subject Access Request to access a copy of the personal data CSS stores about you, or understand how it is processed and why, please follow the instructions below:
- Contact CSS London Head Office (email preferred).
- Include details of your request – which information about you do you wish to have access to?
- Provide sufficient evidence about yourself for CSS to verify your identity. (CSS may have to contact you otherwise.)
CSS will deal with your request without undue delay, within 1 month of the receipt of your request. CSS will notify you if it is unable to provide the information within 1 month, detailing the likely timescale. If CSS is unable to grant you access to your data for a specific reason you will be notified immediately. In certain circumstances, such as where a large amount of data is requested which may require extensive time or resource to gather and collate the data, CSS reserves the right to charge a fee to account for this activity.
This Privacy Notice is regularly reviewed and may change from time to time. This Privacy Notice was last updated on 1 July 2020.
If you wish to contact CSS for further information about this Privacy Notice, you can call, email or write to us at:
City Security Services
Unit 18 Greenwich Business Park
53 Norman Road
London
SE10 9QF
Registered in England No. 02814854
VAT No: 629 091 039
E: css@citysecurity.org.uk T: 020 8694 1313
This Privacy Notice does not provide exhaustive detail of all aspects of CSS’s collection and use of personal information.
CSS makes every effort to ensure that the information provided on its website is accurate and current. However, it cannot guarantee this and cannot accept responsibility for any errors, omissions, misstatements or mistakes on the website. Anyone becoming aware of such matters is requested to notify CSS in writing or by e-mail.
This Privacy Notice does not cover the links within this site linking to other websites or the content of those sites. CSS encourages you to read the privacy statements on the other websites you visit.
