Banner brand image for Totum Securitas.
Log In

Totum Securitas Portal

Rules and Protocols Policy 2026

This document outlines the binding obligations for all Users of the Totum Securitas Portal. Access is a privilege reserved for authorised personnel and is contingent upon strict adherence to these protocols.

1. Authorised Access Criteria

Access is strictly limited to verified individuals who meet the following criteria:

  • Direct Employees and contracted Security Professionals (holding a valid SIA Licence).
  • Partner Clients of Totum Securitas.
  • Officers of Public Agencies with statutory responsibilities for crime detection and public safety.

2. Legal Basis for Processing

In accordance with the Data (Use and Access) Act 2025, the Portal operates under the Recognised Legitimate Interest of crime prevention and public security. This justifies the processing of Personal Data related to reported incidents to deter criminal activity and protect Partner Client premises.

3. User Obligations & Data Integrity

Users are the frontline of our data integrity. You are strictly obligated to:

  • Confidentiality: Maintain absolute secrecy of Portal data. Disclosure is permitted only by order of a competent legal authority.
  • System Integrity: No Personal Data may be exported or “screen-captured” to external devices or personal systems.
  • Deployment Security: All operational communication regarding Portal incidents must be conducted through the encrypted Connecteam interface.
  • Reporting: Incident Reports must be factual, objective, and submitted exclusively through the secure Portal interface.

4. Technical & Organisational Security

  • Technical: Enterprise-grade encryption protects all data in transit and at rest. Access is monitored via audited logs.
  • Organisational: Any temporary hard-copy data must be stored in “Class-A” locked cabinets. Disposal must be via cross-cut shredding or witnessed incineration.

5. Identification & Targeted Persons

  • Targeted Persons: Information is displayed to deter known offenders and protect property.
  • ID Sought (Unidentified Persons): Images of unidentified individuals may be displayed for a maximum of 12 months. If no identification is made within this period, the data is irrevocably erased unless a specific legal stay is active.

6. Data Retention & Irrevocable Erasure

We adhere to a strict “12-Month Sunset Clause”. All Personal Data is irrevocably deleted 12 months after the latest reported incident or the expiration of an exclusion notice. Anonymised data may be retained indefinitely for strategic risk analysis.

7. Data Subject Access Requests (DSARs)

Individuals have a right to enquire if the Portal holds their data. In line with 2026 standards:

  • Requests must be directed to the Portal Administrator.
  • We will conduct a reasonable and proportionate search of our active systems.
  • Disclosure is subject to exemptions where it would prejudice the prevention or detection of crime.

8. Image Ownership & Indemnity

By submitting images to the Portal, the User asserts they have the legal right to do so under CCTV codes of practice. You grant Totum Securitas an irrevocable license to use and share these images for the specific purpose of crime prevention and identification.

9. Enforcement

Failure to comply with these Protocols constitutes a material breach of contract and may lead to immediate revocation of access, professional disciplinary action, and, where applicable, criminal prosecution under the Computer Misuse Act 1990.