Skip to main content
Luxe Security Group

Client, Customer & Website User Privacy Policy

Version 1.0  |  Effective: 08 March 2026  |  Review: 08 March 2027

This policy applies to clients, customers, and visitors to our website. For our Employee Privacy Policy, please refer to the separate document.

1

Introduction

Luxe Security Group Limited (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what personal data we collect from our clients, customers, and website visitors, how we use it, who we may share it with, and what rights you have.

This policy applies to:

  • Business clients and their representatives who engage us for security services
  • Individual customers who enquire about or purchase our services
  • Visitors to our websites at www.luxesecuritygroup.co.uk, www.luxesec.co.uk, and www.theluxegroup.co.uk

We are committed to processing your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. If you have any questions, contact us using the details in Section 15.

2

Who We Are (Data Controller)

Luxe Security Group Limited is the data controller for the personal data described in this policy. As data controller, we determine the purposes and means of processing your data.

Registered Name

Luxe Security Group Limited

Registered Address

124 City Road, London, EC1V 2NX

Contact Email

data@theluxegroup.co.uk

Websites

luxesecuritygroup.co.uk | luxesec.co.uk | theluxegroup.co.uk

3

What Personal Data We Collect

The personal data we collect depends on how you interact with us. We collect the following categories:

 3.1 Client and Business Contact Data

When you engage us for security services or make a business enquiry, we may collect:

  • Your name, job title, and the name of your organisation
  • Business email address, telephone number, and postal address
  • Details of the venue, event, or premises requiring security services
  • Dates, times, and nature of the security requirement
  • Any special instructions or operational briefing notes relevant to the assignment

 3.2 Financial and Contractual Data

Where you enter into a contract with us or make payment for our services, we collect:

  • Invoice and billing details
  • Bank account or payment card details (processed securely and not retained beyond the transaction where possible)
  • Signed contracts and service agreements
  • Purchase order numbers and procurement references

 3.3 Event and Venue Data

In connection with the delivery of our security services, we may collect and hold:

  • Venue layouts, access plans, and risk assessments
  • Expected guest or attendance numbers
  • Details of VIPs, individuals requiring close protection, or persons of interest relevant to a security assignment
  • Incident logs and reports generated during service delivery

 3.4 CCTV and Surveillance Data

Where our personnel operate at your premises and CCTV systems are in use, we may process footage or related data in connection with the security assignment. In such cases:

  • We act as a data processor on your behalf in relation to CCTV footage captured at your premises
  • You, as the premises operator, are responsible for your own CCTV data controller obligations under UK GDPR
  • Any footage provided to us for incident investigation purposes will be handled securely and retained only for the duration necessary to fulfil the purpose

 3.5 Website Visitor Data

When you visit our website, we may automatically collect:

  • Your IP address and browser type
  • Pages visited, time spent, and navigation patterns
  • Device type and operating system
  • Referral source (how you arrived at our website)
  • Data submitted via contact or enquiry forms, including your name, email address, and message content

 3.6 Social Media and Direct Enquiries

If you contact us via social media platforms or direct email, we will collect the information you voluntarily provide, including your name, contact details, and the content of your message.

4

How We Collect Your Data

We collect personal data through the following means:

  • Directly from you when you submit an enquiry via our website contact form
  • When you contact us by telephone, email, or via social media
  • Through the negotiation and signing of service contracts and agreements
  • During the delivery of our services, including operational briefings and incident reporting
  • Automatically via cookies and website analytics when you visit our website (see Section 10)
  • From third parties such as referral partners or venue operators, where you have authorised them to share your details with us
5

Legal Basis for Processing

We only process your personal data where we have a valid legal basis under UK GDPR:

Contract performance

Processing is necessary to enter into or perform a contract with you, including delivering security services, managing bookings, and processing payments.

Legitimate interests

Processing is necessary for our legitimate business interests, such as responding to enquiries, maintaining client relationships, managing our operations, and protecting the safety of people and property at sites where we operate. We ensure our interests do not override your rights.

Legal obligation

Processing is necessary to comply with our legal obligations, including cooperation with law enforcement, licensing authorities, and regulatory bodies.

Consent

Where we rely on consent, for example for non-essential cookies or optional communications, you may withdraw consent at any time without detriment. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

6

How We Use Your Personal Data

 6.1 Service Delivery

  • Processing your enquiry and providing you with a quotation or proposal
  • Entering into and performing a service contract with you
  • Planning, briefing, and deploying security personnel to your event or premises
  • Communicating with you about your booking, assignment, or ongoing contract
  • Preparing operational documents including risk assessments, assignment instructions, and deployment plans

 6.2 Financial Administration

  • Raising and processing invoices
  • Processing and reconciling payments
  • Maintaining financial records in compliance with HMRC requirements

 6.3 Safety and Incident Management

  • Recording and investigating incidents, accidents, or complaints arising during service delivery
  • Sharing relevant information with emergency services, law enforcement, or licensing authorities where required
  • Supporting insurance claims or legal proceedings where necessary

 6.4 Website and Communications

  • Responding to enquiries submitted via our website or social media
  • Improving the performance, content, and user experience of our website
  • Analysing website traffic to understand how visitors find and use our site
7

Disclosure of Your Personal Data

We do not sell, rent, or trade your personal data. However, there are circumstances in which we may be required or have legitimate reason to share your data with third parties.

 7.1 Law Enforcement Agencies

We may be required to disclose personal data to the police or other law enforcement agencies where:

  • We receive a lawful request, court order, or production order requiring disclosure
  • Disclosure is necessary to prevent or detect crime, or to protect the safety of individuals
  • An incident at a deployment site requires reporting to or investigation by the police

Where lawfully permitted to do so, we will notify you if a request for your data has been received.

 7.2 The Security Industry Authority (SIA)

As a regulated business within the private security industry, we may share relevant information with the SIA where:

  • Required as part of a compliance audit, licence inspection, or Approved Contractor Scheme (ACS) assessment
  • An incident involves conduct that may be relevant to the licensing of our personnel
  • We are required to cooperate with a formal SIA investigation

 7.3 Local Councils and Licensing Authorities

Local authorities and licensing committees exercise powers under the Licensing Act 2003. We may be required to disclose information to:

  • Local councils in connection with premises licence compliance or licensing hearings relating to venues at which we operate
  • Licensing officers conducting inspections or investigations at licensed premises
  • Other competent authorities exercising statutory licensing powers

Disclosures under this section will be limited to the information strictly required to fulfil the authority's legitimate request.

 7.4 Regulatory and Statutory Bodies

We may also share data with other regulatory or statutory bodies where required by law, including:

  • HM Revenue and Customs (HMRC) for tax and financial compliance purposes
  • The Health and Safety Executive (HSE) in connection with workplace incidents or investigations
  • Insurance providers and loss adjusters in connection with claims arising from our services

 7.5 Professional Advisers and Service Providers

We engage trusted third-party service providers to support our business operations. These may include:

  • IT and software providers (including our website hosting and CRM platform)
  • Accountants and legal advisers
  • Payment processing providers

We do not sell, rent, or share your personal data for marketing or commercial purposes with any third party. Disclosures are made only where there is a clear legal, contractual, regulatory, or safety justification.

8

International Data Transfers

We do not routinely transfer your personal data outside the United Kingdom. In the event that any of our service providers operate outside the UK, we will ensure that appropriate safeguards are in place — such as the UK International Data Transfer Agreement (IDTA) or equivalent adequacy mechanisms — before any transfer takes place.

9

How Long We Retain Your Data

We retain your personal data only for as long as necessary for the purpose it was collected, or as required by law:

CategoryRetention Period
Client and contractual records6 years from end of contract or last engagement
Financial and invoicing records6 years (HMRC requirement)
Incident and operational reportsMinimum 3 years; longer if subject to legal proceedings
Website enquiry data (no contract)Up to 12 months
CCTV or surveillance footageDeleted once purpose fulfilled, unless retained as evidence
Social media and email enquiriesUp to 12 months from last contact

At the end of the applicable retention period, your data will be securely deleted or anonymised.

10

Cookies and Website Tracking

Our website uses cookies and similar technologies to improve your browsing experience and help us understand how our site is used.

 10.1 Types of Cookies We Use

Essential cookies

Required for the website to function correctly, including form submissions and navigation.

Analytics cookies

Used to understand how visitors interact with our website, including pages visited and time spent.

Preference cookies

Used to remember your settings and preferences for future visits.

 10.2 Managing Cookies

When you first visit our website, you will be asked to consent to non-essential cookies. You can also manage or disable cookies at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

11

Your Rights Under UK GDPR

You have the following rights in relation to the personal data we hold about you:

Right of access

Request a copy of the personal data we hold about you.

Right to rectification

Ask us to correct inaccurate or incomplete data.

Right to erasure

Request deletion of your data in certain circumstances.

Right to restrict processing

Ask us to limit how we use your data while a dispute is resolved.

Right to data portability

Receive your data in a structured, machine-readable format.

Right to object

Object to processing carried out on the basis of legitimate interests.

To exercise any of these rights, please contact us in writing at data@theluxegroup.co.uk. We will respond within one calendar month and may need to verify your identity before acting on your request.

Information Commissioner's Office (ICO)

Website: www.ico.org.uk  |  Telephone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF

12

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to safeguard it against unauthorised access, loss, alteration, or disclosure. These include:

  • Secure storage of client records with role-based access controls
  • Encrypted transmission of data where applicable
  • Secure handling and disposal of physical documents
  • Regular review of our information security practices

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform affected individuals without undue delay.

13

Third-Party Links

Our website may contain links to third-party websites. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of any third-party sites and encourage you to read their privacy policies before providing any personal data to them.

14

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. Any updates will be posted on our website with the revised effective date. Where changes are significant, we will take reasonable steps to notify you directly.

15

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact us:

Luxe Security Group Limited

124 City Road, London, EC1V 2NX

Email: data@theluxegroup.co.uk

Websites: luxesecuritygroup.co.uk | luxesec.co.uk | theluxegroup.co.uk

Luxe Security Group Limited is registered as a data controller with the Information Commissioner's Office (ICO Registration No. ZB879028). This policy should be read alongside any service contract or terms and conditions provided to you by Luxe Security Group Limited.