Terms and Conditions

Privacy Notice

Last Updated: 01-Jan-2021

Introduction

As a company involved in the provision of security and investigation services, MAXIG Ltd hold privacy in the highest regard. We are committed to the secure development, storage and transmission of our data and those, the same, of our clients, customer and visitors.

This privacy notice will outline who we are as a company, the information we collect, how we use information that we collect, the legal basis for our information gathering activities, the circumstances under which we would share personal data, how we store and secure personal data, how long we keep personal data, your rights under data protection law, how to contact us and, finally, the use of cookies and third party websites.

This notice applies to our website, our activities as a data controller and processor, our purchases, our sales, any software produced, sold, transferred or acquired by MAXIG Ltd, any subscriptions and/or ongoing data briefings to which customers, clients, personnel and interested parties may have signed up to from us.

A copy of the full Privacy, Data Protection, GDPR and/or the MASTER Policy document of MAXIG Ltd is available, by request, in writing, should you wish to view it. Please note restrictions and/or redactions may apply where said data would infringe upon the rights of others or circumstances under which to share such information would be contrary to law, order and operational security.

Who we are?

Six Genesis Security is a trading name of MAXIG Ltd, Company 09404901. Our primary business areas include security provision, investigations and associated research & intelligence activities.

We can be contacted as follows;

MAXIG Ltd, 20-22 Wenlock Road, London, N1 7GU, DP: ZA222497, t: 0871 288 4078, f: 0871 750 2632, m: 0749 656 0470, e: info@maxig.co.uk.

For Data Protection issues, please mark all correspondence as; FAO: The Director of Intelligence.

What information do we collect?

Our data collection begins when potential customers register their interest in our services. Due to the nature of our business, we are required to carry out due diligence checks on our potential clients to remain compliant with the law.

The data collection essentials, include, but are not limited to;

-potential customer names
-potential customer addresses (residential or commercial)
-potential customer email address(es)
-potential customer telephone number(s) – mobile and landline where available

Data is collected only when potential clients provide them upon contacting us for our services. For the purposes of recruitment into our organisation, we are bound by the provisions of the British {government} Standard (BS) codes of conduct for recruitment of personnel, Ref: BS7858 (UK). Our recruitment packages reflect this standard and ask for details appropriate for an employer to request of potential recruits upon application.

MAXIG Ltd utilises open source (openly available sources) of information gathering when performing its functions, this includes information for which we may used paid services – but still fall within “open source” categorisation. Through the course of our functions, MAXIG Ltd may intentionally, or incidentally, access personal information. For detailed information of the information MAXIG Ltd is permitted to gather, under its data protection authority, please visit the website of the Information Commissioner’s Office (ICO) – www.ico.org.uk - and search our data protection registration number: ZA222497. Alternatively, MAXIG Ltd will provide a copy of its data protection certificate and schedule, upon written request.

MAXIG Ltd may, on occasion, process personal data and sensitive personal data, for example, information appertaining to the private lives of data subjects and/or data beyond this – e.g. medical data. Only MAXIG Ltd personnel whom have themselves been subject to our highest levels of employee vetting are permitted to access MAXIG Ltd data systems, databases to which MAXIG Ltd has access, electronic and/or hard copies of data gathered, stored, processed or otherwise controlled by MAXIG Ltd. A copy of the MAXIG Ltd Data Protection Policy or the MASTER Policy document are available upon request, in writing.


How do we use personal information?

MAXIG Ltd is both an employer and a data controller. The nature of our business requires us to collect, gather, research, sift, process and otherwise produce data in vast quantities. The purposes for which we gather data are as follows, but not limited to;

-recruitment and training purposes
-monitoring of internal MAXIG Ltd personnel, recruitment, training, wellbeing, absence, etc.
-internal MAXIG Ltd research, development and improvement purposes and practices
-legal obligations – e.g. data processed during investigations on behalf of litigant clients
-anti-fraud, anti-crime, anti-terror, crime prevention, and the like
-internal audit requirements
-due diligence checks on potential clients, employees, and customers
-polls and surveys following customer interactions
-provision of goods and services

For a full and exhaustive list, please see our data protection certificate and www.ico.org listing.

MAXIG Ltd utilises open source (openly available sources) of information gathering when performing its functions, this includes information for which we may used paid services – but still fall within “open source” categorisation. Through the course of our functions, MAXIG Ltd may intentionally, or incidentally, access personal information. For detailed information of the information MAXIG Ltd is permitted to gather, under its data protection authority, please visit the website of the Information Commissioner’s Office (ICO) – www.ico.org.uk - and search of our data protection registration number: ZA222497. Alternatively, MAXIG Ltd will provide a copy of its data protection certificate, upon written request.

MAXIG Ltd may, on occasion, process personal data and sensitive personal data, for example, information appertaining to the private lives of data subjects and/or data beyond this – e.g. medical data. Only MAXIG Ltd personnel who have been subject to our highest levels of employee vetting are permitted to access MAXIG Ltd data systems, electronic and/or hard copies of data. A copy of the MAXIG Ltd Data Protection Police or the MASTER Policy document are available upon request, in writing.

What legal basis do we have for processing your personal data?

Our relevant processing conditions, contained within the GDPR, are aligned with the six possible legal grounds for pursuit of said processing;

• consent
• contract
• legitimate interests
• vital interests
• public task
• legal obligation

We rely upon consent for much of our work. Everything from recruitment, training and wellbeing to the collection of bulk data appertaining to our data subjects. For example, a potential employee must consent to our carrying out of pre-employment and background checks and to the processing of gathered data. Further, our clients must consent to due diligence checks before we can commence any service on their behalf. These are but two examples, but illustrate the thread of how we obtain and interpret consent.

We rely upon data processing for commencement of contractual agreements. The steps we must take prior to commencement of service on behalf of our clients inevitably produce data for sifting, processing and further investigation.

The data MAXIG Ltd collects, processes and controls, is often of legal and strategic interest to the client requesting it. For example, a solicitor requesting information in support of litigation. Such information may be subject to scrutiny in legal settings (e.g. courts and tribunals) and, as such, must comply, in structure and provenance, to the law, at all times.

MAXIG Ltd operates a security service, underpinned by its intelligence and investigation personnel. Pursuant to the letter and the word of our contractual agreements in these business areas, and as a matter of {state} licensed function, security and investigation personnel may, on occasion, be required to procure, sift, process, control, transfer or otherwise act upon data in order to save a life, or prevent serious disorder and/or damage. For example, a Door Supervisor, acting upon intelligence or instruction to protect a vulnerable customer; under the licensing objectives under the UK Licensing Act 2003, for licensed premises.

Finally, MAXIG Ltd will only process data for which it has legitimate access and legitimate reasons for processing – in pursuance of our business interests and those, the same, of our clients. Due to the nature of our work, we may be required to process special category information, such as details of criminal records and the like. In such circumstances our reasons shall be legitimate and in full compliance with UK GDPR under the Data Protection Act – for example, safeguarding of the vulnerable through thorough employee vetting including Disclosure and Barring Service (DBS) checks.

When do we share personal data?

One primary apparatus of MAXIG Ltd business, is the gathering, processing, investigation and issuing of, information to our clients, for example, private investigation services at the request of a customer. MAXIG Ltd, through its functions, gathers vast amounts of data, including personal data, occasionally the type of which will fall outside the scope of our instructions. Under these circumstances, such data will be destroyed if no reason exists for the processing of said data and under no circumstances will it be disseminated beyond our organisation.

In circumstances where personal data is gathered as a function of our business, MAXIG Ltd reserves the right to redact final reports, to its clients, where information gathered does not directly support or enrich said reports within the confines of any original instructions.

Where the sharing of personal data is necessary and appropriately, legally and ethically permitted, MAXIG Ltd will share such information via secure means of transit only. For example, printed reports by ‘recorded/signed-for postage’ only. This will ensure appropriate elevation of the item’s importance during transit, with the additional security necessity of its recipient being required to sign for access to the information; thus eliminating some risk of data loss to unauthorised parties.

MAXIG Ltd utilises both electronic (computer and private server) and hard copy (papers and lockable filing cabinets) to house its data. No MAXIG Ltd electronic storage system is accessible from outside of the organisation. In short, and in other words, the data storage utility we use is ‘air-gapped’ from the world wide web and, further, is not accessible via any internal intranet portal. This is the ultimate safeguard against data loss/theft by outside parties.

MAXIG Ltd, as a matter of course, does not share its data, including personal data, with any person, organisation or other such entities – except where said entity is the original client of the company and has engaged MAXIG Ltd for this task, under lawful proposition. In the event of law enforcement requests, MAXIG Ltd will insist upon the requisite and legally appropriate documentation so ordering the company to relinquish said materials to law enforcement agencies in the legitimate execution of their enquiries.

Only MAXIG Ltd personnel who have been subject to our highest levels of employee vetting are permitted to access MAXIG Ltd data systems, electronic and/or hard copies of data. A copy of the MAXIG Ltd Data Protection Police or the MASTER Policy document are available upon request, in writing. Further, a copy of our Security Checking for Recruitment Requirements Policy, may be made available where appropriate; and should be requested, in writing.

Where do we store and process personal data?

MAXIG Ltd does not store, process, sift, transport or otherwise manipulate personal data outside of the European Economic Area, thus remaining strictly under UK and European Union (EU) law, in a particular, the Data Protection Act and Articles of the Human Rights Act pertaining to privacy. We do not export, transfer, or otherwise transport data outside of the EU. If this changes, for any reason, our policies will be upgraded accordingly.

MAXIG Ltd utilises both electronic (computer and private server) and hard copy (papers and lockable filing cabinets) to house its data. No MAXIG Ltd electronic system is accessible from outside of the organisation. In short, and in other words, the data storage utility we use is ‘air-gapped’ from the world wide web and, further, is not accessible via any internal intranet portal. This is the ultimate safeguard against data loss/theft by outside parties.

MAXIG Ltd, as a matter of course, does not share its data, including personal data, with any person, organisation or other such entities – except where said entity is the original client of the company and has engaged MAXIG Ltd for this task, under lawful proposition. In the event of law enforcement requests, MAXIG Ltd will insist upon the requisite and legally appropriate documentation so ordering the company to relinquish said materials to law enforcement agencies in the legitimate execution of their enquiries. Please note that the sharing of data, by MAXIG Ltd, when the company is engaged by a lawful authority under the UK Regulation of Investigatory Powers Act (RIPA) may invalidate the requirement for legitimate authorities and law enforcement agencies to provide court orders to secure data from us.

How do we secure personal data?

For example, our security measures, and the reasons for their existence, may be, but are not limited to:

• to protect data against accidental loss
• to prevent unauthorised access, use, destruction or disclosure
• to ensure business continuity and disaster recovery
• to restrict access to personal information
• to conduct privacy impact assessments in accordance with the law and your business policies
• to train staff and contractors on data security
• to manage third party risks, through use of contracts and security reviews

Please note this list is not exhaustive. Our organisation adheres to certain accepted standards or regulatory requirements and, in any case, these matters are detailed within our MASTER Policy documents, which is available, upon request, in writing, as above.

MAXIG Ltd operates a stringent data security policy with regards to the following of laws within and territory of deployment of our personnel, our Policy Ref: 7 / 18 / R / 3 / 10.

In order to conform with data collection, storage, retention and destruction laws, MAXIG Ltd possesses the necessary data protection authority, number: ZA222497. This can be viewed by logging onto the data protection website of the Information Commissioner: www.ico.gov.uk.

Collection, storage, retention and destruction of data must be lawful and fall within the provisions of the Data Protection Act in force at the time of data collection.

Data subjects can rest assured that their details will be processed only for lawful purposes and will only be held for as long as necessary and not beyond.

A full copy of the principles of data collection can be read within the latter Articles of MAXIG Ltd policy.

Data held by MAXIG Ltd will in all cases be suitably protectively marked (e.g. "restricted", "confidential", "secret", etc...) and handled only by those operatives checked and cleared to do so.

The MAXIG Ltd Director of Intelligence, and in his/ her absence, the Assistant Director remains responsible for the data protection of all information held by MAXIG Ltd, with ultimate liability resting with the Director General of MAXIG Ltd.

All company personnel have a vicarious responsibility to protect company held information from inappropriate and/ or nefarious access.

Any suspected breaches or unauthorised access to information may be reported to any of the following MAXIG Ltd divisional Directors (via upward reporting channels available) for further enquiry:

- Division I/Investigations & Intelligence
- Security Division
- Professional Responsibility Dept.

Due regard is given to the Data Protection Law in force, within the territory of deployment, at the time of data collection, retention and/ or destruction.

Data Protection Act 1998

Office of the Information Commissioner guidance: www.ico.gov.uk.

Due regard is given to the Human Rights Legislation in force at the time of data collection, retention and/ or destruction, within the relevant territory, at the relevant time.

Due regard is given to Article 8 (Right to Privacy) of the European Human Rights Act 1998.

MAXIG Ltd will at all times adhere to the relevant human rights legislation. However, the prevention and detection of crime and National Security must take precedence over the data protection legislation where lives are likely to be placed in danger, serious disorder may result or mass damage is likely to be caused.

The Data Protection Act 1998 relates to data processing of all types.

The Definition of processing is: Obtaining, recording or holding data, carrying out any operation or set of operations on the data, organisation, adaptation or alterations, retrieval, consultation or use of the data, disclosure of the data by transmission, dissemination or otherwise making available, alignment, combination, blocking, erasure or destruction.

‘Data’ in the case of CCTV recordings is in the form of recorded images of individuals that can be identified from these images.

MAXIG Ltd material must be strictly controlled and only made in relation to incidents the subject of investigation (internal / external), or a valid Subject Access Request. Copies must only be issued by the Agent in charge of the relevant system and ONLY with the permission of both MAXIG Ltd and the client.

The ‘Archive’ period of recordings shall be no longer than is necessary to achieve the objectives of the investigation in progress and by legal mandated requirement, e.g. keeping of evidential material.

At the end of a piece of material’s/data life within MAXIG Ltd systems, the agent in charge of the said system must erase the information before disposal or destruction of physical materials. .
Subject Access:

An individual may request a copy of any recorded data that exists of them within MAXIG Ltd archival systems. If the material can be provided this would normally be in the form in which it is held of company systems, e.g. on a VHS cassette, digital recording, compact disc or printed pictures of recordings. The data subject may also request a description of the purposes of the recording and details of all recipients.

Request must be made in writing, preferably using the MAXIG Ltd Data Protection (document)3-Subject Access Request (DP3-SAR) documents. If such a request is made in writing it should be addressed to;

The Director of Intelligence, MAXIG Ltd, 20-22 Wenlock Road, London, N1 7GU.

This is due to the fact that the Director of Intelligence for the Company is also the organisation’s representative ‘Data Controller’ and is answerable to the Office of the Information Commissioner.

Sufficient information must be provided to satisfy the Director of Intelligence of the identity of the individual requesting data.

Sufficient information must be provided to locate the relevant recording; e.g. a specific date and reasonable time window.

With regard to the duties of the Director of Intelligence (data controller) under the Subject Access rules;

He/She has up to 40 days to respond

He/She may continue with the established Recording Management Routine

He/She may charge a fee up to the statutory maximum (£10)

MAXIG Ltd operates an information security and grading policy. Access to company data is permitted only if the status of a company employee’s rank or grade allows this.

MAXIG Ltd engages daily back-up and sync of acquired data. Therefore, as a disaster recovery method, is able to ‘roll-back’ to its most recent sync should catastrophic data loss occur within primary systems.

How long do we keep your personal data for?

MAXIG Ltd will retain data only for as long as the processing of said data remains appropriate where personal data has been obtained appertaining to non- MAXIG Ltd related business.

MAXIG Ltd will retain information appertaining to client requests and data gathered as a result of said requests for as long as the pertinent Data Protection Act, in force, a the time, stipulates that said retention should occur.

Please note that evidential material (e.g. for litigation, courts and tribunals) is subject to separate retention rules and legislation, e.g. RIPA, PACE, CPIA, etc.

Information held in electronic format is erased and formatted using up to date technology when it is no longer required. Paper documents are subject to cross-shredding and secure destruction by specialist recycling of the resultant fragments, in concordance with our Environmental Policy.

Your rights in relation to personal data:

Under the GDPR, we must respect the rights of data subjects to access and control their personal data. Therefore, we outline the following (not an exhaustive list);

• access to personal information

Data subjects may access their data held by us by way of our DP3-SAR as above.

• correction and deletion

Data subjects may communicate, in writing, any errors they believe appertain to their personal information, held by us. We will investigate and amend where necessary.

• withdrawal of consent (if processing data on condition of consent)

Data subjects may, at any time, withdraw their consent to MAXIG Ltd’s retention of their personal, e.g. former employees.

• data portability

MAXIG Ltd does not transport data outside of the methods already stipulated. However, the company will endeavour to provide data subjects with their data in a format compatible to their requirements, where possible

• restriction of processing and objection

Data subjects may request restrictions in the scope of data processed by MAXIG Ltd at any time. Where this is compellingly appropriate we shall oblige. In any case, our own audit protocols require that we regularly monitor our data controls and indeed the data that we control, so it remains fair and relevant to the data subject.

• lodging a complaint with the Information Commissioner’s Office

Office of the Information Commissioner guidance: www.ico.gov.uk.

MAXIG Ltd; DP: ZA222497

We have done our best to explain how individuals can exercise their rights, and how we respond to subject data requests. However, exemptions may apply. In all cases we require identity verifications to process data subject requests.

Data subject rights may be limited, e.g. if fulfilling the data subject request may expose personal data about another person, or if we are asked to delete data which we are required to keep by law.

Use of automated decision-making and profiling

We do not make use of automated profiling systems. If this changes, our policy will be upgraded appropriately.

How to contact us?

Complaints must be made in writing. If such a complaint is made in writing it should be addressed as;

The Director of Intelligence, MAXIG Ltd, 20-22 Wenlock Road, London, N1 7GU.

or

contact@sixgenesis.co.uk

For general enquiries: info@maxig.co.uk

Use of cookies and other technologies

Please see www.maxig.co.uk/cookie-policy

Linking to other websites / third party content

Please see www.maxig.co.uk/legal-policy