PRIVACY POLICY

Resolute Initiative Ltd
Effective Date: November 2025

1. Introduction

Resolute Initiative Ltd (“we”, “us”, “our”) respects your privacy and is committed to protecting personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
This Privacy Policy explains how we collect, use, store, and protect personal data obtained through our operations and website.

2. Company Details

Resolute Initiative Ltd
Registered Address: 30 Netherhall Road, Baildon, BD17 7AQ
Email: contact@resoluteops.com
Data Protection Manager: Responsible for data compliance and privacy requests.

3. Scope of This Policy

This policy applies to:

  • Clients, prospective clients, and their representatives;

  • Suppliers, subcontractors, and consultants;

  • Visitors to our website and online platforms;

  • Any individual whose personal data we process in connection with our security and protection services.

4. Data We Collect

We may collect and process the following categories of personal data:

Identity & Contact Data – name, address, phone number, email, job title, organisation, and identification details for verification or access purposes.
Operational Data – assignment details, scheduling, travel information, site addresses, threat assessments, and authorised personnel lists.
Vehicle & Tracking Data – GPS tracker output, vehicle identifiers, and route logs (used strictly for authorised operations).
Technical Data – IP address, browser type, operating system, and website usage data.
Financial Data – payment information required to process invoices or retainers.
Sensitive Data (where applicable) – limited information concerning risk status, threat levels, or personal security requirements, processed only when necessary for protection services and under strict confidentiality.

We do not currently collect or monitor CCTV footage ourselves but may advise or integrate with client systems where lawful consent exists.

5. How We Use Personal Data

We process data to:

  • Provide contracted services (close protection, intelligence, surveillance, and consultancy);

  • Conduct risk assessments and operational planning;

  • Maintain secure communications with clients and operatives;

  • Comply with legal, regulatory, or law-enforcement obligations;

  • Manage billing, administration, and internal record keeping;

  • Improve our services, website, and client experience.

We only process data when we have a lawful basis to do so, including:

  • Contractual necessity (to deliver agreed services);

  • Legal obligation (to meet regulatory or licensing requirements);

  • Legitimate interests (to ensure operational safety and quality);

  • Consent, where required for specific communications or marketing.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, operational, and accounting requirements.
Typical retention periods:

  • Client and operational files: up to 7 years after engagement completion;

  • Tracking or location data: normally 30–90 days, unless required longer for legal or investigative reasons;

  • Financial and invoicing records: 7 years for HMRC compliance.

All data scheduled for deletion is securely destroyed using ISO-compliant digital and physical disposal methods.

7. Data Security

Resolute Initiative Ltd operates under stringent information-security frameworks, including:

  • ISO 27001: Information Security Management

  • ISO 31000: Risk Management Principles

  • NCSC Cyber Essentials Scheme

  • ICO Accountability and Governance Guidelines

Security controls include:

  • Encrypted data storage and communications (AES-256 and SSL/TLS);

  • Role-based access with multi-factor authentication;

  • Secure devices and encrypted mobile platforms for operatives;

  • Background-checked, security-cleared personnel under NDAs;

  • Routine auditing, intrusion detection, and incident-response procedures.

All subcontractors and technology partners are contractually bound to equivalent data-protection and confidentiality standards.

8. Sharing of Data

We do not sell or rent personal data.
Data may be shared only with:

  • Authorised internal personnel and vetted subcontractors;

  • Payment processors or professional advisers (legal, financial, or compliance);

  • Law enforcement or regulatory authorities, when required by law or court order.

Any third-party recipients must process data securely and solely for the agreed lawful purpose.

9. International Transfers

If data must be transferred outside the UK (for example, for protective operations or secure storage), we ensure appropriate safeguards are in place, such as UK GDPR-approved Standard Contractual Clauses or transfers to jurisdictions deemed adequate by the UK Government.

10. Your Data Rights

Under UK GDPR, you have the following rights:

  • Access – to request a copy of your personal data.

  • Rectification – to correct inaccuracies.

  • Erasure (“Right to be Forgotten”) – to request deletion where lawful.

  • Restriction – to limit processing under certain conditions.

  • Data Portability – to receive your data in a structured format.

  • Objection – to object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, contact:
📧 contact@resoluteops.com

We will respond within one calendar month in accordance with regulatory requirements.

11. Cookies and Website Tracking

Our website uses minimal cookies to enhance performance and analytics. You can control or delete cookies through your browser settings. Full details are available in our separate Cookie Policy.

12. Data Breach Notification

We maintain an internal Incident Response and Breach Management Policy.
In the event of a personal-data breach likely to result in risk to individuals, we will:

  • Notify the ICO (Information Commissioner’s Office) within 72 hours;

  • Inform affected individuals promptly when required by law;

  • Record all incidents in our secure compliance log.

13. Policy Governance and Updates

Our Data Protection Manager oversees compliance with this policy and reviews it annually or after any regulatory change.
The latest version is always available at resoluteops.com.

14. Complaints

If you believe your data has been mishandled, please contact us first at
📧 contact@resoluteops.com.
If unresolved, you have the right to lodge a complaint with:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
www.ico.org.uk

15. Summary of Our Security Commitments

  • Adherence to ISO 27001, ISO 31000, NCSC Cyber Essentials, and ICO Accountability Framework

  • Enforced least-privilege access control and encryption at rest/in transit

  • 24/7 operational security vigilance and staff confidentiality agreements

  • Continuous risk assessment, penetration testing, and vulnerability management

  • Documented data-handling, breach, and disposal procedures

 

Contact
ResoluteOps Ltd
30 Netherhall Road, Baildon, BD176QE
Email: contact@resoluteops.com[info@yourdomain.example]
Company registration number: 16625816

  •  

© 2025 Resolute Initiative Ltd. All Rights Reserved.
Last updated: November 2025