Privacy Notice

Effective Date: May 2026

1. Introduction

At Totum Securitas, we understand that privacy is a cornerstone of security. This notice outlines how we collect, process and protect your personal data in accordance with the UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025.

2. The Data Controller

The data controller responsible for this website is Matthew Taylor Summers, trading as Totum Securitas.

• Address: Totum Securitas, 114 Abbey Street, Nuneaton, Warwickshire, CV11 5BX (Correspondence Only)
• Enquiries: enquiries@totumsecuritas.uk
• ICO Registration: ZC146398

3. Lawful Basis for Processing

We process your information under the following legal grounds:

• Recognised Legitimate Interests: Pursuant to the Data (Use and Access) Act 2025, we process data for the purposes of crime prevention, detection and public security. This includes the operation of our secure Portal.
• Contractual Necessity: To provide security services and manage client accounts.
• Legal Obligation: Where we are required to share information with law enforcement or regulatory bodies.

4. Information We Collect

• Direct Correspondence: Name, contact details, and professional affiliation provided via enquiries.
• Technical Data: IP addresses and browsing behaviour, processed via Privacy Enhancing Technologies (PETs) to ensure minimal intrusion.
• Security Portal Data: For authorised users, we process identification data and incident reports as detailed in our Portal Rules and Protocols Policy 2026.
• Operational & Employment Data: For our staff and contractors, we collect attendance, location data for safety during deployment and professional certifications via our secure deployment platform, Connecteam.

5. Data Retention & Security

We apply a “Security by Design” approach.

• Retention: Personal data is retained only for as long as necessary. General enquiries are kept for 24 months; Portal incident data is subject to a strict 12-month review and erasure cycle.
• Security: We employ enterprise-grade encryption and controlled access protocols. All deployment data processed via Connecteam is subject to strict access controls, ensuring that sensitive operational information is only available to relevant personnel.

6. Your Rights

Under UK law, you possess the following rights:

• Access: You may request a copy of your data. In line with the 2025 Act, we will conduct a reasonable and proportionate search to fulfil your request.
• Rectification & Erasure: The right to correct inaccuracies or request deletion.
• Portability: The right to have your data transferred to another controller.

7. Statutory Complaints Procedure

If you have concerns regarding our data practices, please contact us at the email above.

• Acknowlegement: We will acknowledge any formal data complaint within 30 days.
• Regulatory Body: If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

8. International Transfers

We prioritise UK-based data residency. Where we utilise specialist operational platforms such as Connecteam, we ensure all data transfers are governed by Standard Contractual Clauses (SCCs) or the UK Extension to the EU-US Data Privacy Framework, guaranteeing a level of protection equivalent to UK law.

9. Related Policies

For specific details on automated tracking or portal conduct, please refer to:

• https://totumsecuritas.uk/cookies/
• https://totumsecuritas.uk/terms-of-use/
• https://totumsecuritas.uk/portal-rules-and-protocols-policy/