Your Privacy Matters. Read How We Protect It.

Privacy Policy

Effective from: 1st May 2026

 

South Bank Alarms respects your privacy. We are committed to protecting your personal data. This privacy policy explains how we collect, use and safeguard your information when you use our services, visit our website or contact us. It also tells you about your legal rights under UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the data controller for your personal data. Our company name is South Bank Alarms. Our contact details are at the end of this policy. If you have any questions about how we handle your data, please contact us directly. We will respond within seven working days.

What personal data do we collect?

We collect different types of personal data depending on how you interact with us.

  • Identity and contact data includes your full name, job title, company name (if applicable), home or business address, email address, telephone numbers and emergency contact details. We collect this when you request a quote, book an installation, sign a maintenance contract or call our emergency line.
  • Security system data includes alarm activation logs, CCTV footage, access control entry records, remote monitoring alerts, keyholder information, site access codes and alarm response passwords. We collect this to operate your security system and to respond to emergencies.
  • Technical data includes your IP address, browser type, device information and how you interact with our website. We collect this through cookies and similar technologies when you browse our site.
  • Communications data includes emails, phone call recordings (for training and quality purposes), text messages, service reports, quotation documents and contract correspondence.
  • Emergency call out data includes your location, site access instructions, alarm zone details, police and fire brigade liaison notes and attendance logs.

How do we collect your personal data?

We collect data using the following methods.

Direct interactions

You give us your data when you fill in our contact form, email us, call our office, request a survey, sign a contract, use our emergency call out service or visit our premises.

Automated technologies

When you use our website, we automatically collect technical data about your device and browsing behaviour. Our website uses essential cookies and optional analytics cookies. You can manage cookies through your browser settings.

Third party sources

We may receive your data from property managers, landlords, insurance companies, alarm receiving centres, police and fire services or other security companies when they transfer your existing system to our maintenance service. We will notify you within 30 days of receiving your data from a third party.

CCTV and monitoring systems

If you visit our office or a site we protect, your image may be captured on CCTV. We display signs at all monitored locations.

How do we use your personal data?

We use your personal data only for lawful purposes under UK GDPR. The lawful bases we rely on are:

  • Contract performance – to provide installation, maintenance, monitoring and emergency call out services you have requested.
  • Legal obligation – to comply with fire safety regulations, British Standards (BS5839, BS5266, BS5306), SSAIB code of practice, health and safety laws and insurance requirements.
  • Legitimate interests – to operate our business efficiently, prevent fraud, improve our services, respond to emergencies and protect life and property. We always balance our interests against your privacy rights.
  • Consent – for marketing communications or optional data processing. You can withdraw consent at any time.

Specific uses include:

  • Processing your quotation, contract and invoicing.
  • Dispatching engineers to your site for installation, servicing or emergency repairs.
  • Operating your remote alarm monitoring service including sending alerts to keyholders, police or fire brigade.
  • Maintaining service records and log books for insurance and legal compliance.
  • Responding to emergency call outs including verifying your identity and site access.
  • Improving our website and customer service.
  • Complying with SSAIB audits and British Standards inspections.
  • Handling complaints, disputes and insurance claims.

We will never sell your personal data to third parties. We will never share your data for marketing purposes without your explicit consent.

Who do we share your personal data with?

We share your data only when necessary and only with parties who are contractually bound to protect your data.

Emergency services

Police, fire brigade and ambulance services receive your name, address, alarm zone information and access instructions when your alarm triggers a verified emergency response.

Alarm receiving centre (ARC)

Our monitoring partner receives your site details, keyholder contacts, alarm logs and response instructions to provide 24 hour monitoring. They are GDPR compliant and data processing agreements are in place.

SSAIB and certification bodies

For audit purposes, inspectors may review anonymised service records. Your identity is not disclosed without your prior consent.

Insurance companies

If you make an insurance claim related to your security system, we may share relevant service records, alarm logs and CCTV footage with your insurer after receiving your written authorisation.

Legal authorities

We may share your data with law enforcement, regulators or courts if required by law or to protect our legal rights.

Subcontractors

On rare occasions, we use approved subcontractors for specialist work. They sign data processing agreements and are audited by us.

IT service providers

Our website host, email provider, cloud backup service and CRM provider have limited access to your data. All are GDPR compliant and based in the UK or EU.

We never share alarm passcodes, access codes or sensitive site security information with anyone except your named keyholders and emergency services during a verified incident.

How do we store and protect your personal data?

We take data security seriously. Your information is protected by the following measures.

Encryption

All digital data is encrypted at rest and in transit using industry standard TLS 1.2 or higher. Our website uses HTTPS.

Access controls

Only authorised employees and engineers have access to customer data. Their access is role based and reviewed quarterly.

Secure storage

Paper records are kept in locked cabinets in a locked office with intruder alarm and CCTV. Digital records are stored on UK based servers with firewalls and antivirus protection.

Engineer devices

Company laptops, tablets and mobile phones are encrypted, password protected and can be remotely wiped if lost or stolen.

We keep your personal data only as long as necessary.

Company laptops, tablets and mobile phones are encrypted, password protected and can be remotely wiped if lost or stolen.

Data Type Retention Period
Installation and maintenance records 7 years after contract ends (for insurance and legal claims)
Alarm monitoring logs 12 months, then anonymised
CCTV footage 30 days unless required for an ongoing investigation
Quotations (not accepted) 6 months
Invoicing and financial records 7 years (HMRC requirement)
Emergency call out logs 3 years
Website analytics data 26 months (anonymised after 30 days)
After the retention period ends, we securely delete or destroy your data. Digital data is overwritten. Paper records are shredded.

Your legal rights

Under UK GDPR, you have the following rights.

Right to access

You can request a copy of all personal data we hold about you. We will provide it within 30 days free of charge.

Right to rectification

If any data is incorrect or incomplete, you can ask us to correct it.

Right to erasure (right to be forgotten)

You can ask us to delete your personal data where there is no legal or contractual reason for us to keep it. This does not apply to records required for insurance, tax or legal claims.

Right to restrict processing

You can ask us to stop processing your data in certain circumstances, for example while we verify its accuracy.

Right to data portability

You can ask for your data in a structured, machine readable format to transfer to another security provider.

Right to object

You can object to processing based on legitimate interests, including direct marketing.

Right to withdraw consent

Where we rely on consent (for example, marketing emails), you can withdraw it at any time.

Right to complain

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO). We would appreciate the chance to resolve your concern first. Please contact us using the details below.

To exercise any of these rights, please email us or write to us. We may need to verify your identity before processing your request. We will respond within 30 calendar days.

Cookies and website tracking

Our website uses essential cookies that are necessary for the site to function properly. These do not require your consent. We also use optional analytics cookies (Google Analytics) to understand how visitors use our site. You can accept or decline these cookies via our cookie banner when you first visit.

You can also manage cookies through your browser settings. Disabling cookies may affect some website functionality.

We do not use advertising cookies or tracking pixels from third party advertisers.

International data transfers

All your personal data is stored on servers located in the United Kingdom or the European Union. We do not transfer your data outside the UK or EEA. If we ever need to use a cloud service provider based outside the UK, we will ensure appropriate safeguards (such as UK Addendum to the EU SCCs) are in place and update this policy.

Data breach notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of the breach. We have breach response procedures in place including isolation, investigation, containment and reporting.

Children's data

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

Changes to this privacy policy

We may update this privacy policy from time to time. Changes in technology, law or our business practices may require updates. The latest version will always be published on our website with a new effective date. If we make significant changes, we will notify you by email [add email] or by a notice on our website homepage.

Please check this page regularly to stay informed.

How to contact us

If you have any questions about this privacy policy or how we handle your data, please contact us using the following details.

South Bank Alarms

United Kingdom