Privacy Policy
Draft scaffold. This page provides structure only. Review and finalise the wording with legal counsel before publishing or relying on it.
This policy explains how 73 Blackridge Ltd(“we”, “us”) collects, uses, and protects personal data in the BUUK security-operations platform, in line with the UK GDPR and the Data Protection Act 2018.
1. Who we are & our role
For data about our direct customers’ accounts we are the controller. For the operational data a security company records in the platform (its staff, venues, and incident/exclusion records) that company is the controller and we act as its processor — see our Data Processing Addendum.
Registered office and ICO registration number: [to be completed].
2. Data we collect
- Account & admin — name, work email, role, hashed password, sign-in activity.
- Security staff records — name, SIA licence number and status, shift sign-in/out times.
- Venue & event data — venues, events, control-room contacts, checklists.
- Exclusion (barred-patron) records — name/identifier, reason, photograph, dates. This can include special-category and criminal-offence data; see section 4.
- Operational logs & reports — incident logs, occupancy, and tamper-evident end-of-night reports.
- Technical data — device, IP, and usage needed to run and secure the service.
3. How we use it & lawful basis
- Contract — to provide the platform to our customers.
- Legal obligation — SIA licensing and venue-licensing record-keeping.
- Legitimate interests — venue and public safety, fraud/tamper prevention, service security.
- Consent — where specifically relied on and able to be withdrawn.
4. Special-category & criminal-offence data
Barred-patron records may reveal criminal-offence information and include a photograph. Where processed, we rely on the substantial-public-interest and/or safeguarding conditions and apply the additional safeguards in our appropriate-policy document: [to be completed by counsel].
5. Who we share it with
- The security company that controls the record, and its authorised users.
- Where required by law or to protect safety — e.g. the police, the SIA, or a licensing authority. Reports are cryptographically sealed so their authenticity can be verified.
- Our sub-processors (hosting, email) — listed in the Data Processing Addendum.
6. Retention
We keep personal data only as long as needed for the purposes above and to meet legal/licensing obligations, then delete or anonymise it. Category-by-category periods: [to be completed].
7. How we protect it
Data is encrypted in transit and at rest, access is role-scoped and per-organisation, and reports are tamper-evident. Hosting is in the UK (AWS London region).
8. Your rights
Subject to the UK GDPR you may request access, rectification, erasure, restriction, objection, or portability, and may complain to the ICO. Because much of the operational data is controlled by a security company, we may forward your request to the relevant controller. To exercise your rights, contact us (section 10).
9. International transfers
Personal data is stored in the UK. Any transfer outside the UK would use an approved safeguard.
10. Contact
Data protection enquiries: headoffice@73blackridge.co.uk. Data protection contact/DPO: [to be completed].