Who we are and what we do

Who we are

We are The Keyholding Company Limited (“The Keyholding Company Limited”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 03538605 and we have our registered office at 28, Kirby Street, London, EC1N 8TE. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”), in relation to our processing of Personal Data under registration reference Z2338566.

What we do

We are the largest outsourced network of alarm response specialists, providing patrols, access requests, alarm response, and keyholding. We are committed to protecting the privacy and security of the Personal Data we process about you.

Controller

Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.

Purpose of this privacy notice

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions or you wish to make a complaint, you can contact us using the information provided below under the ‘How to contact us and our Data Privacy Officer’ section.

Who this privacy notice applies to

This privacy notice applies to you if:

1. You visit our website
2. You purchase goods or services from us
3. You enquire about our products and/or services
4. You use our App
5. You sign up to receive newsletters and/or other promotional communications from us

What Personal Data is

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.

‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

Personal Data we collect

The type of Personal Data we collect about you will depend on our relationship with you.

When you visit our website, we may automatically collect the following information:

• Usage Information: we collect information about your interactions with our website such as the pages or content you view so we can optimise the site for other visitors;
• Advertising information: we capture and share information about which, if any, advertisements led you to the website;
• Log data and device information: we capture information about what device you use to access the site including how you’ve used our website (including if you clicked on links to third party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the website.

This data is only accessible on an anonymous basis for analysis unless the visitor requests a quote using the Get a Quote app online. This app will match device data with the personal information you submit with your request.

When you request or engage with our services we may collect the following personal  information:

Your name and surname, your email address, your home/business address, your billing address, your telephone number (landline, home, mobile), your occupational data, the data of your next of kin/emergency contact, financial information, such as direct debit mandates and credit/debit card information.

How we collect your Personal Data

We collect most of the Personal Data directly from you in person, by telephone, text, or email and/or via our website.

We may receive information from other parties, such as your bank, where you have authorised that third party to provide personal information to us.

Purposes, lawful bases and retention periods

We will only use your Personal Data when the law allows.  Most commonly, we will use your Personal Data so that we can:

• Communicate with you as part of our business.
• Identify you and manage any accounts you hold with us.
• Carry out our obligations arising from any contracts entered into between you and us.
• Conduct research, statistical analysis and behavioural analysis.
• If you agree, let you know about other products or services that may be of interest to you—see ‘Marketing’ section below.
• Do a credit check on you (in which case we may share your personal data with credit reference agencies and other companies for use in credit decisions).
• Customise our website and its content to your particular preferences.
• Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing, finance and accounting, billing and collections, IT systems, data and website hosting, business continuity, and records, documents and print management.
• Resolve complaints and handle data rights requests.
• Comply with applicable laws and regulatory obligations.
• Notify you of any changes to our website or to our services that may affect you.
• Improve our services.
• We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training and compliance.

What lawful basis do we rely on to process your Personal Information?

We rely on the following lawful bases to process your personal data:

Contract

In most instances, we rely on contract as the lawful basis on which we collect and use your Personal Information. This is because we need to:

• fulfil our contractual obligations to you; or
• because you have asked us to do something before entering into a contract (e.g. provide a quote).

Consent

On some occasions, we will process your Personal Information with your consent. For example, we rely on consent when we send you marketing messages. You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process your Personal Information after consent is withdrawn.

Legal Obligation

We may be required to process your Personal Information to comply with our legal and regulatory obligations. For example, preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies.

Legitimate Interests

In specific situations, we may require your Personal Information to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

For example, ensuring the security and integrity of our services, selling and supplying services to our customers, improving existing products and services, developing new products and services and fulfilling our duties to our customers.

How long will we keep your Personal Information for?

Whenever we collect your Personal Information, we will only keep it for as long as is necessary for the purpose for which it was collected and we will retain in accordance with any applicable laws and regulations regarding data retention. At the end of that retention period, your Personal Information will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

Who do we share your Personal Information with?

We routinely share your Personal Information with:

• our group companies;
• our external service providers (and their subcontractors), including our service partners, accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities. We only share your Personal data with external service providers who have provided us with appropriate assurances that they will keep your Personal Information safe and protect your privacy; and
• we may also need to share your Personal Information with credit reference and fraud prevention agencies and law enforcement or other authorities if required by applicable law.

Artificial Intelligence

We use AI technologies to drive efficiencies within our business to provide our clients with better outcomes. We use AI in line with our internal policies and procedures (including human oversight where applicable).

Your personal data may be processed by providers of AI either directly sourced by us, or via third party AI tools embedded in systems providing IT services to us. Any use of AI technologies by us will be in accordance with the technical and operational safeguards appropriate for the data types.

International Transfers of Personal Information

Your Personal Data may be processed outside of the UK. This is because the organisations we use to provide our service to you are based outside the UK.

We have taken appropriate steps to ensure that when your Personal Data is processed in a country outside the UK, it does not have a materially lower level of protection than that guaranteed in the UK.

We do this by ensuring that:

• Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation); or
• We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)); or
• When transferring your Personal Data to America, we may rely on the UK-US Data Bridge, where appropriate.

Marketing

We will only send you marketing messages if you’ve given us your consent, but we will still need to send you occasional service-related messages.

If you have consented to receive marketing messages from us, you can opt out at any time by either clicking the ‘unsubscribe’ link in any email communication that we send you or by emailing us at privacy@keyholding.com.

Automated Decision-making

We do not make any decisions about you based solely on automated decisions.

About cookies

Like other sites, we use cookies. A cookie is like a tag that most sites put on your computer or phone when you visit them so they can recognise you when you return and improve your experience on the site. To find out more about how we use cookies please see our Cookie Policy.

Your rights

You have certain rights in relation to the processing of your Personal Data, including the:

Right to be informed

You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.

Right of access

(commonly known as a Subject Access Request)

You have the right to receive a copy of the Personal Data we hold about you.

Right to rectification

You have the right to have any incomplete or inaccurate information we hold about you corrected.

Right to erasure

(commonly known as the right to be forgotten)

You have the right to ask us to delete your Personal Data.

Right to object to processing

You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.

Right to restrict processing

You have the right to restrict our use of your Personal Data.

Right to portability

You have the right to ask us to transfer your Personal Data to another party.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.

Right to withdraw consent

If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.

How to exercise your rights

You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request.

Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office on individuals rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please email us at privacy@keyholding.com.

Complaints

You have the right to complain if you consider that we have not complied with the data protection law when handling your Personal Data. We will acknowledge receipt of your complaint within 30 days, investigate the matter without undue delay, and keep you informed of the progress and outcome. If you wish to complain please use the contact details given below under “How to contact us and our Data Protection Officer”.  We will do our best to resolve the matter to your satisfaction.

If you are not satisfied with the outcome of your complaint, you can complain with the relevant supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

Contact us | ICO

Or by telephone on 0303 123 1113

Children's Privacy

We do not offer our products and services to children and we do not knowingly collect Personal Data of children without parental consent, unless permitted by law. If you are a child, you must have your parent’s permission to use our services.

If you learn that a child has provided us with their Personal Data without parental consent, you may contact us, as described below, and if appropriate, we will securely and permanently delete it, in accordance with applicable law.

Security of your Personal Information

We have appropriate security measures in place to prevent your Personal Information from being accidentally lost or used or accessed in an unauthorised way. Our security measures include:

• Limiting access to your Personal Information to those who have a genuine business need to know it.
• Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
• Limiting access to our business premises.
• Having access controls to our IT environment.
• Regularly monitoring our systems for vulnerabilities.
• Using computer safeguards such as firewalls and data encryption.
• Using enforced patching for our hardware and software systems.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want more detailed information , please visit www.getsafeonline.org, on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems. Get Safe Online is supported by HM Government and leading businesses.

How to contact us and our Data Protection Officer

If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, or to make a complaint, please contact us as follows:

Write to: The Keyholding Company limited, 28, Kirby Street, London, EC1N 8TE.

Email: privacy@keyholding.com

We have also appointed a Data protection Officer (“DPO”).

Our DPO is Evalian Limited and can be contacted as follows:

Write to: Evalian Limited, West Lodge, Leylands Business Park, Colden Common, Southampton, Hampshire, SO21 1TH

Email: dpo@evalian.co.uk

Please mark your communications FAO the ‘Data Protection Officer of TKC’.

Changes to this Privacy Policy

We may amend or update this Privacy Policy from time to time. If we believe that the changes are material, we will provide you with additional notice (such as by sending you an email notification). We encourage you to regularly review our Privacy Policy which will always be published on our website. This will keep you informed about our information practices and the ways you can help protect your privacy.