System Q Ltd
PRIVACY NOTICE
How We Collect, Use and Protect Your Personal Information
Data Controller | System Q Ltd |
Registered Address | Unit 4, Egstow Park, Oakleaf Close, Clay Cross S45 9UZ |
Contact Email | hsefq@systemq.com |
Contact Telephone | 01246 200 000 |
ICO Registration | ICO Registration Number – Z6163231 |
Last Updated | June 2026 |
1. Who We Are
System Q Ltd is a professional security company. We are the Data Controller responsible for your personal information as defined under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
This Privacy Notice explains what personal data we collect about clients and staff, why we collect it, how we use and protect it, and what your rights are. We are committed to handling all personal data lawfully, fairly, and transparently.
2. Personal Data We Collect
2.1 Client and Customer Data
When you engage our services or make an enquiry, we may collect:
- Full name and job title
- Business or home address
- Email address and telephone number(s)
- Details of the services requested or provided
- Payment and invoicing information
- Correspondence and communication records
- Site access details and any relevant security information
- Photographs or site surveys where relevant to the work undertaken
2.2 Employee and Staff Data
As part of employment or engagement with System Q Ltd, we collect:
- Full name, address, date of birth and National Insurance number
- Contact details (home address, personal email, emergency contacts)
- CV, application form, qualifications and references
- Employment contract, salary, and payroll information
- Bank account details for payroll purposes
- Right to work documentation and identity documents
- DBS (Disclosure and Barring Service) check results where required
- Performance records, disciplinary and grievance information
- Sickness and absence records
- Training records and certifications
- CCTV footage where monitored at our premises
3. How We Collect Your Personal Data
We collect personal data in the following ways:
- Directly from you — when you contact us, complete forms, or enter into a contract with us
- Through our website — via enquiry forms, cookies, or contact submissions
- From third parties — such as recruitment agencies, referees, or subcontractors
- From public sources — such as Companies House or professional directories
- Through the course of providing our services — site visits, project documentation
- From CCTV systems operated at client premises or our own sites, where applicable
4. Why We Use Your Personal Data (Legal Bases)
Under UK GDPR, we must have a lawful basis for processing personal data. The table below sets out the purposes for which we process data and the legal basis relied upon:
Purpose of Processing | Type of Data | Lawful Basis |
|---|---|---|
Providing security and electrical services | Client contact & service data | Contract performance |
Processing invoices and payments | Financial and contact data | Contract performance |
Managing employment and payroll | Employee personal data | Contract & legal obligation |
Conducting right-to-work checks | Identity documents | Legal obligation |
DBS checks (where applicable) | Criminal records data | Legal obligation / substantial public interest |
Health and safety compliance | Employee and site data | Legal obligation |
Responding to enquiries and complaints | Contact and correspondence | Legitimate interests |
Marketing our services (with consent) | Contact data | Consent |
Maintaining business records | Client and staff data | Legitimate interests / legal obligation |
CCTV monitoring (where applicable) | Images and footage | Legitimate interests |
5. Special Category Data
In limited circumstances, we may process special category data (such as health information for sickness records, or criminal records data for DBS checks). Where we do so, we ensure an additional legal condition is met under UK GDPR Article 9, such as employment law obligations, substantial public interest, or explicit consent.
We will never process special category data without a clear and documented lawful basis.
6. Who We Share Your Data With
We do not sell your personal data. We may share your data with:
- Subcontractors and approved suppliers — where necessary to deliver our services
- Payroll and accountancy providers — for payroll processing and financial compliance
- HMRC and other government bodies — where required by law
- The Disclosure and Barring Service (DBS) — for background checks on relevant staff
- Insurance providers — for the administration of relevant policies
- Our IT and software providers — who process data on our behalf under data processing agreements
- Regulatory authorities or law enforcement — where we are legally required to disclose
All third parties with whom we share data are required to maintain appropriate security measures and process data only in accordance with our instructions.
7. International Transfers
We do not routinely transfer personal data outside the UK. Where any transfer to a third country is necessary, we will ensure appropriate safeguards are in place in accordance with UK GDPR, such as adequacy decisions or Standard Contractual Clauses (SCCs).
8. How Long We Keep Your Data
Client records (contracts, correspondence) | 6 years from end of contract (Limitation Act 1980) |
Financial and invoicing records | 6 years (HMRC requirement) |
Employee personnel files | 6 years after employment ends |
Payroll records | 6 years (HMRC requirement) |
DBS check records | 6 months after recruitment decision |
Accident / incident records | 3 years (or longer if involving minors) |
CCTV footage | Up to 31 days, unless required for investigation |
Job applicant data (unsuccessful) | 6 months after decision |
Marketing consent records | Until consent is withdrawn |
After the applicable retention period, personal data will be securely deleted or anonymised. Retention periods may be extended where required by law or legitimate business need.
9. How We Protect Your Data
SQ Security and Electrical Ltd takes the security of personal data seriously. We implement appropriate technical and organisational measures including:
- Password-protected and encrypted devices and systems
- Secure physical storage for paper records
- Access controls — data is accessible only to those with a legitimate need
- Regular staff training on data protection obligations
- Data Processing Agreements with all third-party suppliers
- Secure email and communication systems
In the event of a personal data breach that poses a risk to individuals, we will notify the Information Commissioner’s Office (ICO) within 72 hours and, where required, inform affected individuals without undue delay.
10. Your Rights
Under UK GDPR, you have the following rights regarding your personal data. These rights apply to both clients and employees:
Your Right | What It Means | How to Exercise It |
|---|---|---|
Right to be Informed | To know how and why we use your data | Provided in this notice |
Right of Access (SAR) | To receive a copy of the data we hold about you | Contact us in writing |
Right to Rectification | To correct inaccurate or incomplete data | Contact us in writing |
Right to Erasure | To request deletion of your data in certain circumstances | Contact us in writing |
Right to Restrict | To limit how we process your data | Contact us in writing |
Right to Portability | To receive your data in a reusable format | Contact us in writing |
Right to Object | To object to processing based on legitimate interests | Contact us in writing |
Rights re. Automated Decisions | Not to be subject to solely automated decisions | Contact us in writing |
Right to Complain | To lodge a complaint with the ICO at any time | See Section 11 below |
To exercise any of the above rights, please contact us using the details in Section 12. We will respond within one (1) calendar month. This service is free of charge in most circumstances.
11. Your Right to Complain to the ICO
You have the right to complain to the Information Commissioner’s Office (ICO) at any time if you believe we have not handled your personal data correctly. Please contact us first, we would welcome the opportunity to resolve any concern directly. If you are not satisfied with our response, please contact the ICO using the below information.
ICO Website: www.ico.org.uk
ICO Helpline: 0303 123 1113 (Monday – Friday, 9am – 5pm)
Online Complaint: https://ico.org.uk/make-a-complaint/
Postal Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
12. How to Contact Us
For any queries about this Privacy Notice, to exercise your rights, or to raise a data protection concern, please contact us:
Data Controller | System Q Ltd |
Address | Unit 4, Egstow Park, Oakleaf Close, Clay Cross S45 9UZ |
Email | hsefq@systemq.com |
Telephone | 01246 200 000 |
Website | www.systemq.com |
13. Cookies (Website)
Our website may use cookies to improve your browsing experience. Cookies are small text files placed on your device. We use:
- Essential cookies — required for the website to function correctly
- Analytics cookies — to help us understand how visitors use our site (e.g. Google Analytics)
- Marketing cookies — only with your explicit consent
You can manage or withdraw cookie consent at any time through your browser settings or our cookie consent tool. For full details, please see our separate Cookie Policy.
14. Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in law, guidance, or our business practices. The most current version will always be displayed on our website and available on request from our premises.
The date of the most recent update is shown at the top of this notice and in the document footer.
Authorised by: Mike Isherwood Managing Director, System Q Ltd | Version / Date: Version 1.0 | June 2026 Review due: June 2027 |