GDPR Policy



Security Scotland is dedicated to protecting personal data and will always process data in accordance with the Data Protection Act 2018 and The General Data Protection Regulation 2016 (GDPR). We will always ensure that personal data is processed in a fair, transparent and lawful manner. Company reserves the right to make changes to this policy.


Personal Data


We seek to protect any personal data, defined as information concerning any living person that is not already in the public domain, that is provided to us by our current and future potential clients, staff and any other parties. Security Scotland will process data in line with the GDPR main principles including collecting data for specified and legitimate purposes, data and storage minimisation and accuracy of data.


How is personal data collected?


We collect personal information about employees, workers and contractors through the application and recruitment process, either directly from candidates or from an employment agency. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.


We will collect additional personal information in the course of job-related activities throughout the period of you working for us. We will also any collect personal data submitted via the employee portal on the website.


Legal basis for processing personal data


Our Legal basis for processing any personal data must be at least one of the following;


  1. Consent is freely given, specific, informed and unambiguous indication of the data subjects wishes that signifies agreement to the processing of data relating to them;
  2. Processing is essential to fulfil our contractual obligations;
  3. Personal data is processed in order to comply with a common law or statutory obligation;
  4. To protect the vital interests of a data subject in the event of an emergency situation;
  5. When necessary in the public interest that is set out in law or in the exercise of official authority, for example the release of data to the police to assist in an investigation;
  6. Legitimate interests pursued by the Data Controller where data is used in ways where there is minimal privacy impact.


Special category data is personal data which is more sensitive and therefore requires more protection. For example, this could be information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, health, sex life, or sexual orientation. We have in place appropriate safeguards to protect your data.


Our legitimate interests


Security Scotland may on occasions share personal data to third parties in order to fulfil contractual agreements and legal requirements. Security Scotland requires these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.


Security Scotland will only disclose personal data that is necessary to meet legal obligations, regulations or valid governmental request. Such an example of a third party may be and is not limited to HMRC, SIA, DWP, pension providers or insurance providers.


If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).


Data Storage


All personal data will be treated securely. Information will only be shared externally if there is a lawful basis to do so or if consent has been freely given by the data subject. All data is held in the United Kingdom. Security Scotland does not store personal data outside the EU.




Security Scotland will process personal data during the duration of any contract and will continue to store only the personal data necessary in line with our retention policy after the contract has expired to meet any legal obligations. (After five years any personal data not needed will be deleted.)


Your rights


  • Right of access – you have the right to request a copy of the information that we hold about
  • Right of rectification – you have a right to correct data that we hold about you that is
    inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to
    another organization.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.


Subject Access Requests


You have the right to access of personal data. Security Scotland will accept the following forms of ID when on receipt of a subject access request: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required.


All requests should be made in writing to James Glackin, Data Controller or writing to us at the address further below.


Specifically, the Data Controller will ensure compliance with the following data protection principles:


  • Lawfulness, fairness and transparency;
  • Purpose limitation;
  • Data minimisation;
  • Accuracy;
  • Storage limitation; and
  • Integrity and confidentiality.


In the event that Security Scotland refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.


Security Scotland, David Dale House, 159 Broad Street, Glasgow, G40 2QR


How to complain


We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner or further information about your rights and how to make a formal complaint.

We encourage feedback from members of the public in regards to security and crowd management operations.