Granite Elite Security Ltd ("we", "us", or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Granite Elite Security Compliance Platform (the "Platform").
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
The data controller for personal data processed through the Platform is:
Granite Elite Security Ltd
Email: info@granite-elite.co.uk
2. What Data We Collect
We may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Identity Data | Full name, employee/guard ID, job title, role |
| Contact Data | Email address, phone number |
| Account Data | Username, encrypted password, two-factor authentication settings |
| Operational Data | Form submissions, incident reports, compliance questionnaire responses, certifications, training records |
| Technical Data | IP address, browser type, device information, login timestamps, session data |
| Media Data | Photographs and attachments uploaded to incident reports |
3. How We Use Your Data
We process your personal data for the following purposes:
- Platform Access: To create and manage your user account and authenticate your identity.
- Service Delivery: To facilitate compliance form submissions, incident reporting, document management, and SLA tracking.
- Communication: To send platform notifications, incident alerts, and system-generated emails.
- Security: To monitor access, detect unauthorised use, and maintain audit trails.
- Compliance: To meet our legal and regulatory obligations, including data retention requirements.
- Improvement: To analyse usage patterns and improve the Platform's functionality and user experience.
4. Legal Basis for Processing
We rely on the following legal bases under the UK GDPR:
- Contract Performance (Article 6(1)(b)): Processing necessary for the delivery of our services to your Organisation.
- Legitimate Interests (Article 6(1)(f)): Platform security, fraud prevention, and service improvement.
- Legal Obligation (Article 6(1)(c)): Compliance with applicable laws, regulations, and industry standards.
- Consent (Article 6(1)(a)): Where we use non-essential cookies or analytics, your consent is obtained via our cookie banner.
5. Data Sharing
We may share your personal data with:
- Your Organisation: Administrators and authorised personnel within the Organisation that manages your account.
- Cloud Service Providers: We use Google Cloud Platform (including Cloud Run, Cloud SQL, and Google Cloud Storage) to host and operate the Platform. Data is processed in the europe-west2 (London) region.
- Email Service Providers: For sending platform notifications and alerts.
- Legal Authorities: Where required by law, regulation, or legal process.
We do not sell your personal data to third parties.
6. Data Retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods include:
- Account data: Retained for the duration of your access to the Platform and for up to 12 months after account deactivation.
- Operational data: Retained in accordance with your Organisation's compliance requirements and applicable regulations.
- Audit logs: Retained for a minimum of 24 months.
- Technical data: Session and log data is retained for up to 6 months.
7. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest.
- Role-based access controls and multi-tenant data isolation.
- Two-factor authentication (2FA) support.
- Automated session timeouts after periods of inactivity.
- Regular security reviews and access auditing.
- Secure hosting on Google Cloud Platform with SOC 2 and ISO 27001 certified infrastructure.
8. Cookies
The Platform uses cookies to enable essential functionality (such as login sessions and CSRF protection) and, with your consent, analytics and preference cookies. You can manage your cookie preferences at any time through the cookie consent banner on the Platform. For full details, please see our Cookie Policy.
9. Your Rights
Under the UK GDPR, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
- Right to Restrict Processing: Request that we limit the processing of your data in certain circumstances.
- Right to Data Portability: Request your data in a structured, commonly used format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact us at info@granite-elite.co.uk. We will respond within one month.
10. International Transfers
Your data is primarily stored and processed within the United Kingdom (Google Cloud europe-west2 region). In the event that data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
11. Children's Data
The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify Users through the Platform or via email. The "Effective Date" at the top of this page indicates when the policy was last revised.
13. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: https://ico.org.uk
- Helpline: 0303 123 1113
14. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
- Email: info@granite-elite.co.uk
- Company: Granite Elite Security Ltd