1. Introduction

At Bold Security Solutions, we are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website or use our services.

2. Information We Collect

We may collect and process the following types of information: 

Credit Reference and Affordability Checks 

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs). 
We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data. 

• Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority 
  FCA Firm Reference Number: 742313 

• TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority 
  FCA Firm Reference Number: 805757 

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws. 

Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices: 

• Creditsafe Privacy / Transparency Notice: 
  Transparency Notice | Customers & Suppliers 

• TransUnion CRAIN (Credit Reference Agency Information Notice): 
  https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference 

• TransUnion Bureau Privacy Notice: 
  https://www.transunion.co.uk/legal/privacy-centre/pc-bureau 

A. Personal Information 

• Full name 

• Email address 

• Phone number 

• Company name 

• Any details you provide via contact forms 

B. Technical Data 

• IP address 

• Browser type and version 

• Device information 

• Pages visited and time spent on the website 

C. Cookies & Tracking Technologies 

We use cookies to enhance your browsing experience and analyze website traffic. 

3. How We Use Your Information

We use the collected data for the following purposes: 

• To respond to inquiries and provide customer support 

• To deliver and improve our security services 

• To send updates, offers, or relevant information (if consent is given) 

• To enhance website performance and user experience 

• To comply with legal obligations 

4. Sharing of Information

We do not sell, trade, or rent your personal information. However, we may share data with:

• Trusted service providers assisting in website operations
• Legal authorities when required by law
• Professional advisors (if necessary)

5. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse. 

Legal Basis for Processing Personal Data  

Personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Depending on the activity, we rely on the following lawful bases:  

• Performance of a contract – where processing is necessary to deliver services or meet contractual obligations, including obligations involving TransUnion.  

• Legal obligation – where processing is required to comply with applicable laws, regulatory requirements, or statutory obligations.  

• Legitimate interests – where processing is necessary for legitimate business purposes such as system security, fraud prevention, risk management, audit, and compliance, and where such interests do not override the rights and freedoms of individuals.  
• Consent – where required by law, and where individuals have been provided with a clear choice and the ability to withdraw consent at any time.  

Where legitimate interests are relied upon, appropriate assessments are conducted to ensure that the rights and freedoms of data subjects are protected.  

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy or comply with legal requirements.

7. Your Rights

Depending on your location, you may have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Withdraw consent at any time

To exercise your rights, please contact us using the details below.

8. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices or content.

9. Cookies Policy

Cookies help us improve your experience. You can choose to disable cookies through your browser settings; however, some parts of the website may not function properly.

10. Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

11. Contact Us

If you have any questions about this Privacy Policy or how your data is handled, please contact us: 

• Bold Security Solutions Ltd 
• 2/3, 95-107 Lancefield Street, Glasgow, G3 8HZ 
• Info@boldsecuritysolutions.co.uk 
• +44 7868 667186 
• SC774815 
• ICO registration number: ZB812931 

Before publishing: 

• Replace email & phone 

• Add company address (if available) 

• Add GDPR/UK compliance line if client is UK-based 

If you want, I can also write: 
 Terms & Conditions page 
 Cookie Policy (separate detailed one) 
 GDPR-compliant version (UK/EU specific) 

The legitimate interests pursued by the controller (if processing is based on legitimate interests).  

Our legitimate interests include operating our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, and protecting TransUnion data. These interests are balanced against the rights and freedoms of individuals, with appropriate safeguards in place.  

The source of personal data (if not obtained directly from the data subject).  

We may collect personal data about you from:  

• you directly  

• employers/clients when you apply for a role or are considered for an opportunity.  

• referees (where relevant and permitted)  

• publicly available sources (for example professional networking sites, business websites, and public records)  

• credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks.  

• third party service providers used to support recruitment, screening, and compliance processes.  

Details of any international data transfers outside the UK/EU and the safeguards in place.  

We may transfer personal data to recipients or service providers located outside the UK and/or European Economic Area (EEA).  

Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries that have been recognised as providing an adequate level of data protection.  

The right to lodge a complaint with the Information Commissioner’s Office (ICO) or another supervisory authority.  

You have the right to complain to the UK Information Commissioner’s Office (ICO) or another relevant data protection authority if you are dissatisfied with how we manage your personal data.  

A statement of whether the provision of personal data is statutory or contractual, and the possible consequences of not providing it.  

Provision of Personal Data  

Is the provision of personal data statutory or contractual?  

The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.  

Personal data is required to:  

• enter into and perform contracts with customers, suppliers, or business partners.  

• process orders, manage accounts, and deliver goods and services.  

• verify identity and prevent fraud; and  

• comply with applicable legal, regulatory, accounting, and tax obligations.  

What are the consequences of not providing personal data?  

If you choose not to provide the personal data, we request:  

• we may be unable to enter into a contract with you.  

• we may be unable to fulfil orders, supply goods, or provide services.  

• we may be unable to conduct necessary verification, compliance, or fraud prevention checks; and  

• as a result, our services may be delayed, restricted, or declined.  

Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory, and you may withdraw your consent at any time without affecting your ability to receive goods or services from us.  

Details of any automated decision-making or profiling, including meaningful information about the logic involved and potential consequences for the data subject.  

Wording for privacy policy below based on which method is used.  

Based on this if they do NOT use Automated Decision Making  

 Non-Automated Decision Making and Profiling  

We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management.  

These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.  

The use of these tools may influence the speed or level of review applied to an application or request, but individuals will not be subject to automatic rejection or adverse decisions without human involvement.  

Based on this if they DO use Automated Decision Making  

Automated Decision Making and Profiling  

In some circumstances, we may conduct automated decision making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms. Making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms. Making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms.  

Where automated decision making is used, it may result in decisions such as the approval, restriction, or rejection of an application or service. Making is used, it may result in decisions such as the approval, restriction, or rejection of an application or service. Making is used, it may result in decisions such as the approval, restriction, or rejection of an application or service.  

Individuals have the right to request human intervention, to express their point of view, and to challenge decisions made solely by automated means. Further information about automated decision making and how to exercise these rights can be obtained by contacting us using the details provided in this Privacy Policy. Making and how to exercise these rights can be obtained by contacting us using the details provided in this Privacy Policy‑making and how to exercise these rights can be obtained by contacting us using the details provided in this Privacy Policy