Terms & Conditions
The Assist Group of Companies ("Company", "we" or "us") based at Unit B, Ascensis Tower, Battersea, London, SW18 1AY is the Controller of the information collected as explained below and is therefore responsible for your personal information. We take our data protection and privacy responsibilities seriously.
This privacy notice explains how we collect, use and share personal information in the course of our business activities, including:
- What personal information we collect, when and why we use it
- How we share personal information within the Company Group, with our service providers, and regulators
- Direct marketing and how you can manage your marketing preferences
- Protecting personal information outside the EU
- How we protect and store personal information
- Legal rights available to help manage your privacy
- How you can contact us for more support
We may amend this privacy notice from time to time to keep it up to date with legal requirements and the way we operate our business and will place any updates on our web site. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this privacy notice, we will seek to inform you by notice on our website or by email.
Third Party Websites
You might find external links to third party websites on our website. This privacy notice does not apply to your use of a third-party site
What personal information we collect, when and why we use it
When we collect information
We collect information about you if you:
- purchase our services (Customers);
- work with us as a business partner (Business Partners);
- use our website or online services (Website Users);
- collectively ("you")
If you purchase security services from the Assist Group, you may be asked to provide the following personal information about you, as a representative of a company and about your company: first and last name, suffix, credentials, work phone number, personal phone number, facsimile, email address, job title, mailing address, billing address and details, type(s) of service ordered, site specific details, name and address of company, name and address of relevant company officers and customer username and password for accessing our incident reporting system.
The Assist Group may use such personal information to process your order, deliver the service ordered, provide customer care services, provide you with Assist Group updates and/or newsletters, to maintain our client relationship management systems, to detect, investigate, report and seek to prevent fraud and antimoney laundering, for example through know-your-customer checks, AML screening and other identity checks, comply with other legal obligations, defend, establish and exercise legal claims. We may also need to conduct credit and fraud checks on business customers and certain officers of your business, such as your directors.
Some of your personal information may be obtained from other sources for instance, we use credit reference agencies such as Credit Safe to carry out credit checks on our Customers during the onboarding process. We will also conduct searches on public records such as Companies House
When providing security services to a Customer, we may collect certain personal information of third parties, such as video footage on CCTV recording and body-worn cameras, data on visitor logs, data relating to incidents at Customer premises. We collect this data on behalf of our Customers and solely for their purposes.
Our Customers are obliged to inform third parties that we will be processing personal information on their behalf.
If you work with us as a Business Partner or a service provider, we will collect personal information from you such as your business details or your employees or representatives first and last name, suffix, credentials, work phone number, personal phone number, facsimile, email address, job title, mailing address, billing address and details, type(s) of services provided.
Some of your personal information may be obtained from other sources for instance, we use credit reference agencies such as Credit Safe to carry out credit checks on our Business Partners. We may also conduct searches on public records such as Companies House or obtain references from other suppliers that use your services.
The Assist Group will use such personal information to manage the services that you are providing us with, provide joint initiatives with your employees, provide you with Assist Group updates and/or newsletters, to maintain our operational management systems, to detect, investigate, report and seek to prevent fraud and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks, comply with other legal obligations, defend, establish and exercise legal claims. We may also need to conduct credit and fraud checks on business partners' employees, representatives, or officers of your business, such as your directors.
Website and online services Users
Where you use our website, we will collect certain metadata that results from the use of our website, such as referral page, date and type of access, type of web browser, IP address, geographical location as determined by your IP address, operating system and interface, language and version of browser software, session information (such as download errors and page response time). This information enables you to have access to our website and we use the metadata to improve the quality of our website by analysing the usage behaviour of our users.
If you commence direct communication via our website enquiry form, by telephone or by writing to us, your name and contact details (e.g. email address or telephone number), the nature of the enquiry and your message will also be collected and processed in order to respond to your query and to improve our services.
Customers who use our incident reporting system or other online services, will also provide us with details to register for the service, such as name of customer representative, email address, username and password.
This information is collected in order to allow Customers to have access to our incident reporting systems, to data relating to the relevant Customer, or to other online services that we offer. We also use this information to improve the system and the services we provide to Customers.
Legal basis for using your personal information
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
- the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. For example, where you purchase our security services, we will collect your payment information to process your payment and your site-specific details to be able to provide the service. We collect your email address and phone number to provide you with service updates and to answer any of your queries, we will also collect your username and password to allow you have access to the incident reporting system;
- the processing is necessary for compliance with a legal obligation to which we are subject to. For example, in order to set you up as a business customer or business partner, we are obliged to carry out certain know-your-customer checks to prevent money laundering and fraudulent activities. This will involve the collection and verification of your personal information, checking your information against public sources in order to ensure that we are dealing with reputable businesses;
- you have provided your consent to using your personal information, for example if you have agreed
to receive marketing communications from us;
- the processing is necessary for the purposes of our legitimate interests as a commercial organisation, except where such interests are overridden by your interests or fundamental rights and freedoms. For example, we need certain personal and company information such as names and contact details of company representatives and officers, in order to assess your suitability as either a business partner or a customer, conduct due diligence on our customers and provide customers with our services.
Your personal information is not required by us to fulfill a statutory obligation. However, there will be instances where the provision of your personal information will be necessary to enter into a contract with the Assist Group or to receive our services as requested by you. In such situations, not providing your personal information may be likely to result in disadvantages for you, e.g. you may not be able to use the full functionalities of our website/ systems or receive the services requested by you.
However, unless otherwise specified, not providing your personal information will not result in legal consequences for you.
If you would like to find out more about the legal basis for which we process personal information, please contact us at the address below.
How we share personal information within the Company group, service providers and regulators
We share your personal information in the manner and for the purposes described below:
- Within the Assist Group, where such disclosure is necessary to provide you with our services or to manage our business. For example, we may transfer your data to another Company within the
group to manage our training reporting services. We ensure that such transfers of data are governed by appropriate data transfer agreements, such as the EU model clauses.
- With third parties who help manage our business and deliver services. The Assist Group engages external service providers such as legal services providers, website service providers, marketing service providers, IT support service providers, providers and managers of the security equipment we need to provide our security services, delivery service providers, email administrators, payment processors and customer service providers. When providing such services, the external service providers have access to and process your personal information.
- If, in the future, we sell or transfer some or all our business or assets to a third party, we may disclose information to a potential or actual third-party purchaser of our business or assets in accordance with applicable law.
Direct marketing and how you can manager your marketing preferences
How we use personal information to keep you up to date with our products and services
We may use personal information to let you know about our products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
How you can manage your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
- we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
- you can ask us to stop direct marketing at any time - you can ask us to stop sending email marketing, by following the "unsubscribe" link you will find on all the email marketing messages we send you.
- Alternatively you can contact us at firstname.lastname@example.org
- Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email); and
We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.
Protecting personal information outside of the EU
Your personal information may be transferred and stored in countries outside the EU, (such as the US), that are subject to different standards of data protection.
We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
To this end:
- we ensure transfers within the Assist Group will be covered by data protection agreements entered into by respective members of the Group which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within the Group. Transfers to our Group members outside the EU will include adequate mechanisms for transfer, such as the EU model clauses;
- where we transfer your personal information outside the Assist Group or to third parties who help provide our services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognised certification schemes like the EU - US Privacy Shield for the protection of personal information transferred from within the EU to the United States; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
You have a right to contact us using the information below, for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
How we protect and secure personal information
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.
Measures we take include:
- placing confidentiality and contractual requirements on our staff members and service providers;
- destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
- following strict security procedures in the storage, retention and disclosure of your personal
- information to prevent unauthorised access to it;
- using secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol, and this ensures that the information is reasonably protected against unauthorised interception; and
- protecting our own systems against potential attack from outside threats by using virus, software and malware protections, giving layered protection of our VPN and communication devices.
Note: As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.
Storing your personal information
Your personal information will be retained if it is required for the purposes for which the data is collected e.g. as necessary to provide you with the services requested. Once our contractual relationship with you comes to an end, you may request that we permanently remove your personal information unless statutory retention requirements apply (such as for taxation purposes) or in order to fulfil regulatory requirements.
We also retain your personal information if needed to establish, exercise or defend a legal claim.
The website will record your email address and other information if volunteered to us by you. This shall be treated as proprietary and confidential. It may be used for internal review and to notify you about updates to our website.
Legal rights available to you to help manage your privacy
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information.
You can object to the use of your personal information, which has our legitimate interests as its legal basis including for the purpose of marketing
See below to learn more about each right you may have:
- To access personal information
- To rectify / erase personal information
- To restrict the processing of your personal information
- To transfer your personal information
- To object to the processing of personal information
- To object to how we use your personal information for direct marketing purposes
- To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
- To lodge a complaint with your local supervisory authority
If you wish to access any of the above-mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us using the details below
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal information
You have a right to obtain confirmation from us as to whether personal information concerning you is being processed, and to request that we provide you with a copy of your personal information that we hold. You have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
Right to rectify or erase personal information
You have a right to request that we rectify inaccurate personal information and that we complete incomplete personal information. We may seek to verify the accuracy of the personal information before rectifying it. We will inform relevant third parties to whom we have transferred your personal information about the rectification and completion if we are legally obliged to do so.
You can also request that we erase your personal information in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see right to object); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which the Company is subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims
Right to restrict the processing of your personal information
You can ask us to restrict your personal information. In this case, the respective data will be marked and only processed for certain purposes. This right can be exercised only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to transfer your personal information
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
The right to object does not exist if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already entered into.
Right to object to how we use your personal information for direct marketing purposes
You can request that we change the way we contact you for marketing purposes.
You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to withdraw consent
If you have given us your consent for the processing of your personal information, you have the right to withdraw your consent at any time. Note that this will not affect the lawfulness of any processing of your personal information that we have carried out based on the consent before its withdrawal.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local data protection agency if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
To exercise your rights, please contact us using the contact information below. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way
The primary point of contact for all issues arising from this privacy notice is:
|+44 (0)208 543 6670
|Assist Services Group Limited
Unit B, Ascensis Tower
Battersea Reach, London
If you have any questions, concerns or complaints regarding our compliance with this privacy notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact using the details above. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
To contact your data protection supervisory authority
You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement), which in the UK is the Information Commissioner's Office at any time.
We ask that you please attempt to resolve any issues with us before your local supervisory authority.
31st October 2022