DC Fire & Security ("we", "us", "our") is committed to protecting your privacy and handling your personal data fairly, lawfully and transparently. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
DC Fire & Security is the trading name of DC Solutions, an SSAIB-certified (registration 13629) fire and security installer based in Luton, Bedfordshire. We are the data controller for the personal data described in this policy.
- Address: Luton, Bedfordshire, United Kingdom
- Phone: 01582 227 123
- Email: info@dcsecurity.co.uk
- Website: dcsecurity.co.uk
2. The personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
2.1 Information you give us directly
- Contact details — name, email, phone number, company name, postcode
- Enquiry details — the service you are interested in, site type, urgency, project details, photos or drawings you choose to send us
- Correspondence — emails, calls, WhatsApp messages and meeting notes
- Site information — building address, access arrangements, occupier details where relevant to a quote, installation, inspection or service visit
- Payment and billing information — billing address, purchase orders, bank reference (we do not store full card numbers)
2.2 Information we collect automatically when you use our website
- Technical data — IP address, browser type, device type, operating system
- Usage data — pages visited, referring URL, session duration, approximate location based on IP
- Cookies and similar technologies (see section 9)
2.3 Information from CCTV systems we install or service
Where we install or maintain CCTV systems, the system records images of identifiable individuals at your premises. You are normally the data controller for those recordings; we act only as a processor under written instructions when we provide installation, configuration, or remote technical support. If we monitor a system on your behalf via a partnered NSI Gold-approved alarm receiving centre, that monitoring is performed under a separate written agreement and the monitoring centre acts as a sub-processor.
3. Why we use your data and our lawful basis
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Respond to enquiries you submit through our website, by phone or by email | Legitimate interests; pre-contractual steps |
| Provide quotes, surveys, installations, inspections, servicing and remedial works | Performance of a contract |
| Issue invoices and collect payment | Performance of a contract; legal obligation (HMRC record-keeping) |
| Maintain compliance certificates, fire risk assessments and the building safety golden thread | Legal obligation; legitimate interests |
| Send service reminders (annual fire alarm service, FRA renewal, fire door re-inspection) | Legitimate interests |
| Improve our website, prevent fraud, and keep our systems secure | Legitimate interests |
| Send marketing communications (only if you opt in or are an existing client where the same service is being offered) | Consent or soft opt-in (PECR) |
4. Who we share your data with
We share personal data only where necessary, and only with parties bound by confidentiality and data-protection obligations:
- Our CRM provider — Perfex CRM, hosted on our own server in the United Kingdom, used to manage enquiries, quotes and project records
- Email and transactional service providers — for sending email confirmations and quotes
- Approved alarm receiving centres (NSI Gold) — only for clients with monitored intruder alarms
- Equipment manufacturers and distributors — only to register warranties or activate cloud services on systems we install for you
- Accountants, auditors and HMRC — for invoicing, tax and statutory record-keeping
- Insurers and legal advisors — where strictly necessary to defend or pursue a legal claim
- Law enforcement and regulators — where we are legally required to disclose information
We do not sell your personal data to third parties, and we do not transfer your data outside the United Kingdom or European Economic Area unless an appropriate safeguard (such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum) is in place.
5. How long we keep your data
- Enquiries that do not become contracts — up to 24 months from last contact, then deleted
- Active client records — for the duration of our relationship
- Compliance and certification records (fire alarm certificates, fire door inspection reports, fire risk assessments, firestopping registers, electrical certificates) — for at least 6 years after the last service we provided, in line with our regulatory obligations and the Building Safety Act 2022 golden thread
- Invoicing and accounting records — 6 years from the end of the financial year (HMRC requirement)
- Marketing preferences — until you withdraw consent or unsubscribe
6. Your rights under UK GDPR
You have the following rights in relation to the personal data we hold about you:
- Right of access — to ask for a copy of the personal data we hold about you
- Right to rectification — to ask us to correct inaccurate or incomplete data
- Right to erasure — to ask us to delete your data, subject to retention obligations above
- Right to restrict processing — to ask us to limit how we use your data
- Right to data portability — to receive your data in a machine-readable format
- Right to object — to processing based on legitimate interests, including direct marketing
- Right to withdraw consent — at any time, where consent is the lawful basis
- Right not to be subject to automated decision-making — we do not use solely automated decision-making to make decisions that significantly affect you
To exercise any of these rights, email us at info@dcsecurity.co.uk. We will respond within one calendar month.
7. How we keep your data safe
- HTTPS / TLS encryption on our website and CRM
- Access controls, individual logins and audit trails on our CRM
- Server-side honeypots and rate-limiting on web forms to deter bots and spam
- Regular off-site backups of business systems
- Staff trained in data protection and information security
- SSAIB-certified processes for installation and service records
8. Cookies
Our website uses a small number of cookies. These fall into two categories:
- Strictly necessary cookies — required for the site to function correctly (for example, session and security cookies on our CRM at /crm/). These do not require consent under PECR.
- Analytics cookies — where used, these help us understand which pages are most useful, on an aggregated and pseudonymised basis. You can opt out at any time by clearing cookies in your browser or using the controls offered when first visiting the site.
We do not use third-party advertising or remarketing cookies.
9. Children
Our services are aimed at businesses, building owners, landlords and managing agents. We do not knowingly collect personal data of children under 16. If you believe we have collected such data, please contact us and we will delete it.
10. Complaints
If you have a concern about how we have handled your personal data, please contact us first at info@dcsecurity.co.uk so we can try to resolve it. You also have the right to complain to the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page will reflect the most recent revision. Material changes will be notified to existing clients by email where appropriate.