YOUR PRIVACY MATTERS

Last updated: 13 April 2026

WHO IS RESPONSIBLE FOR YOUR DATA

The data controller responsible for your personal data is Blackstone Protection Ltd, a company registered in England and Wales with its principal place of business in Birmingham, West Midlands.

If you have any questions about this privacy policy or how we handle your personal data, you may contact us by telephone on 0121 517 0828, or by email at enquiries@blackstoneprotection.co.uk or info@blackstoneprotection.co.uk.

WHAT PERSONAL DATA WE COLLECT

We may collect and process the following categories of personal data depending on how you interact with us:

CONTACT FORMS AND ENQUIRIES

When you submit an enquiry through our website contact forms, we collect your name, email address, telephone number, company name (where provided), and any details you include in your message. Our website contact forms and booking widgets are delivered via embedded iframes from our CRM platform, hosted at leadconnectorhq.com. When you interact with these forms, your data is transmitted directly to this platform for processing and storage on our behalf.

CCTV OPERATIONS

Where we provide CCTV monitoring or installation services, we may process video footage and associated metadata. All CCTV operations are conducted in accordance with the Surveillance Camera Code of Practice issued by the Surveillance Camera Commissioner and our obligations under the Protection of Freedoms Act 2012. CCTV footage is processed under our ICO registration.

WEBSITE USAGE DATA

We may collect technical data about your visit to our website, including your IP address, browser type and version, operating system, referral source, length of visit, page views, and navigation paths. This data is collected through cookies and similar technologies as described in the Cookie Policy section below.

CLIENT AND SUPPLIER DATA

We process the names, job titles, email addresses, telephone numbers, and business addresses of individuals acting on behalf of our clients and suppliers for the purposes of contract administration and service delivery.

EMPLOYEE AND CANDIDATE DATA

We process personal data of employees and job applicants, including identification documents, employment history, SIA licence details, BS7858 vetting information, and other data necessary for recruitment, employment, and regulatory compliance. This data is processed under a separate employee privacy notice provided at the point of collection.

OUR LAWFUL BASIS

We process your personal data on the following lawful bases under Article 6 of the UK GDPR:

Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as when you submit an enquiry through our website or opt in to receive marketing communications.

Contract: Where processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.

Legitimate interests: Where processing is necessary for the purposes of our legitimate interests, provided those interests are not overridden by your rights. Our legitimate interests include the effective operation of our business, the security of our clients' premises, the prevention and detection of crime, and the marketing of our services to existing clients.

Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject, including obligations under the Private Security Industry Act 2001 and associated SIA regulations.

HOW LONG WE KEEP YOUR DATA

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. The following retention periods apply:

Enquiry data: Retained for a period of 24 months from the date of the enquiry, unless the enquiry leads to a contractual relationship, in which case it is retained for the duration of the contract and for a period of six years thereafter.

Client and contract data: Retained for the duration of the contract and for a period of six years following the end of the contractual relationship, in accordance with limitation periods under English law.

CCTV footage: Retained for a maximum period of 31 days unless required for the investigation of a specific incident, in which case relevant footage may be retained for as long as is necessary for that purpose.

Website analytics data: Retained for a period of 26 months.

WHO WE SHARE YOUR DATA WITH

We do not sell your personal data to any third party. We may share your personal data with the following categories of recipients where necessary:

CRM provider: We use a customer relationship management platform (hosted at leadconnectorhq.com) to manage client enquiries, communications, and service delivery. Data submitted through our website contact forms and booking widgets is processed and stored by this provider on our behalf under a data processing agreement.

Professional advisers: We may share data with our solicitors, accountants, and insurers where necessary for the establishment, exercise, or defence of legal claims, or for the purposes of obtaining professional advice.

Law enforcement and regulators: We may disclose personal data to the police, the Security Industry Authority (SIA), the Information Commissioner's Office (ICO), or other regulatory bodies where required by law or where necessary for the prevention or detection of crime.

Sub-contractors: Where we engage vetted and approved sub-contractors to deliver security services on our behalf, we may share limited personal data necessary for service delivery, subject to appropriate contractual safeguards.

YOUR RIGHTS UNDER UK GDPR

Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain exemptions or limitations:

Right of access: You have the right to request a copy of the personal data we hold about you, together with information about how and why we process it. This is commonly known as a subject access request (SAR).

Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to erasure: You have the right to request that we delete your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected.

Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, for example whilst we verify the accuracy of data you have disputed.

Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request that we transmit it to another controller, where technically feasible.

Right to object: You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis, or where we process your data for direct marketing purposes.

Right to withdraw consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at enquiries@blackstoneprotection.co.uk or write to us at our principal place of business. We will respond to your request within one calendar month of receipt.

RIGHT TO COMPLAIN

If you are dissatisfied with the way in which we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

The ICO can be contacted at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. Website: ico.org.uk.

We would appreciate the opportunity to address your concerns before you approach the ICO. Please contact us in the first instance at enquiries@blackstoneprotection.co.uk.

HOW WE USE COOKIES

Our website uses cookies and similar technologies to distinguish you from other users and to provide you with a better browsing experience. A cookie is a small file of letters and numbers that we store on your browser or your device.

STRICTLY NECESSARY COOKIES

These cookies are essential for the operation of our website. They enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

ANALYTICS COOKIES

These cookies allow us to recognise and count the number of visitors and to see how visitors move around our website. This helps us improve the way our website works by, for example, ensuring that users can find what they are looking for easily.

THIRD PARTY COOKIES

Our embedded CRM forms (served via leadconnectorhq.com) may set their own cookies when you interact with contact forms and booking widgets on our website. These cookies are governed by the privacy policies of the respective third-party provider.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

INTERNATIONAL DATA TRANSFERS

Our CRM platform may store data on servers located outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with Articles 46 and 49 of the UK GDPR, including the use of standard contractual clauses approved by the Information Commissioner, or transfers to countries that have been deemed to provide an adequate level of protection by the Secretary of State.

HOW WE PROTECT YOUR DATA

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, and against accidental loss, destruction, or damage. These measures include encrypted data transmission, access controls, regular security assessments, and staff training on data protection obligations.

Whilst we take all reasonable steps to ensure the security of your data, no method of transmission over the internet or method of electronic storage is entirely secure. We cannot guarantee the absolute security of your personal data.

POLICY UPDATES

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically to stay informed about how we are protecting your data.

Where changes are significant, we will make reasonable efforts to notify you, for example by placing a prominent notice on our website.

Contact Us

Blackstone Protection Ltd
Birmingham, West Midlands
Telephone: 0121 517 0828
Email: enquiries@blackstoneprotection.co.uk
Email: info@blackstoneprotection.co.uk