Our Philosophy on Privacy and Data Protection

At In Force Security, privacy and data protection are not regarded as mere regulatory obligations imposed externally, nor as technical formalities delegated solely to information systems or compliance functions. They are understood as fundamental institutional principles that underpin trust, discretion, legitimacy, and professional integrity across all aspects of our operations.

As an international security and risk management organisation, In Force Security operates within environments characterised by sensitivity, complexity, and elevated risk. In such contexts, the responsible handling of information is inseparable from operational credibility and reputational resilience. The manner in which personal data is collected, processed, safeguarded, governed, and ultimately disposed of reflects directly upon our capacity to protect individuals, assets, critical interests, and institutional reputations.

This Privacy Notice sets out, in a clear, transparent, and comprehensive manner, the principles, standards, and practices by which In Force Security approaches the protection of personal data. It is intended not only to inform, but also to reassure and demonstrate accountability. It reflects the standards expected of an elite organisation operating in high-risk, regulated, and often confidential environments, where discretion and responsibility are paramount.

Who This Privacy Notice Applies To

This Privacy Notice applies to all personal data processed by In Force Security in the course of its business, operational, and administrative activities. This includes, without limitation, personal data relating to:

• clients and prospective clients
• individuals protected, advised, assessed, or otherwise supported through our services
• website visitors and users of our digital platforms and communication channels
• business partners, suppliers, consultants, professional advisers, and contractors
• individuals who communicate with us, engage with our organisation, or otherwise interact with In Force Security

The principles and practices described in this Privacy Notice apply irrespective of geographic location, jurisdiction, or operational theatre. They apply regardless of the method by which personal data is collected or processed, whether through digital platforms, physical documentation, secure operational systems, verbal communications, surveillance-related records, or written correspondence.

Our Role and Accountability as Data Controller

In Force Security acts as the data controller in respect of the personal data it processes. This means that we determine the purposes for which personal data is collected, the means by which it is processed, and the safeguards applied throughout its lifecycle.

Accountability for data protection is embedded at an institutional level and is supported by a structured governance framework that includes:

• executive and senior management oversight
• clearly defined governance and reporting structures
• formally documented internal policies, standards, and procedures
• allocation of responsibilities across operational, technical, and support functions
• continuous monitoring, review, and internal audit mechanisms

Data protection is not treated as a standalone or isolated compliance function. It is integrated into operational planning, risk assessment, service delivery, contractual management, and professional conduct across the organisation. Decisions involving personal data are assessed through legal, ethical, and operational lenses to ensure alignment with both regulatory requirements and institutional values.

Core Principles That Guide Our Processing Activities

All personal data processed by In Force Security is handled in accordance with recognised and internationally accepted data protection principles. These principles include, but are not limited to:

• Lawfulness and fairness, ensuring that processing is justified, proportionate, and respectful of individual rights
• Transparency, providing clear and accessible information about how and why personal data is used
• Purpose limitation, ensuring that data is collected and used only for defined, explicit, and legitimate purposes
• Data minimisation, limiting processing to what is necessary, relevant, and proportionate
• Accuracy, taking reasonable and appropriate steps to ensure personal data is current, correct, and reliable
• Storage limitation, retaining data only for as long as necessary to fulfil its purpose or legal obligations
• Integrity and confidentiality, protecting data against unauthorised access, loss, misuse, or disclosure

These principles inform every stage of the personal data lifecycle, from initial collection and use, through storage, access, sharing, and ultimately secure archiving or disposal.

Categories of Personal Data We May Process

Depending on the nature of our relationship with you, the services provided, and the operational context, In Force Security may process various categories of personal data. These may include, without limitation:

• identification details such as names, titles, and professional credentials
• contact information including postal addresses, telephone numbers, and email addresses
• professional, contractual, or employment-related information
• financial and transactional data associated with services rendered or contractual arrangements
• technical identifiers, system logs, and digital usage data
• records of communications, correspondence, and interaction history
• preference information relevant to service delivery, security arrangements, or communications

Each category of personal data is subject to careful assessment to ensure that its collection and use are necessary, relevant, and proportionate to a clearly defined operational, contractual, legal, or regulatory purpose. Personal data is never collected indiscriminately or retained without justification.

Special Categories of Personal Data

In Force Security does not routinely process special categories of personal data, including data relating to health, biometric identifiers, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or data concerning a person’s sexual life or orientation.

Where the processing of such data becomes strictly necessary due to applicable legal obligations, contractual requirements, regulatory expectations, or the nature of a specific engagement, In Force Security applies enhanced and proportionate safeguards designed to ensure the highest level of protection and accountability.

These enhanced safeguards may include, without limitation:

• restricted and strictly role-based access controls, limited to authorised personnel with a demonstrable operational or legal need;
• additional technical and organisational security measures, including heightened encryption, segregation of data, and reinforced monitoring;
• documented justification for the necessity and proportionality of the processing, supported by formal decision-making records;
• heightened oversight, review, and approval mechanisms within the organisation’s governance and compliance framework.

Special categories of personal data are handled with exceptional care, processed solely for clearly defined and lawful purposes, and retained only for as long as is strictly required to meet those purposes or comply with legal obligations. Upon completion of the relevant purpose, such data is securely archived or irreversibly destroyed in accordance with applicable law and recognised best practice.

How Personal Data Is Collected

Personal data processed by In Force Security may be collected through a variety of lawful and transparent channels, depending on the nature of the engagement and operational context.

These channels may include, but are not limited to:

• data provided directly by individuals when they engage with our services, enter into contractual relationships, or communicate with us;
• data generated or collected automatically through secure digital systems, platforms, or technologies used in the delivery and administration of our services;
• data obtained indirectly from reputable and lawful third-party sources, such as professional advisers, compliance and screening providers, regulatory or licensing authorities, or publicly available and legally accessible records.

In all cases, In Force Security takes reasonable and proportionate steps to ensure that personal data is obtained lawfully, fairly, and transparently, and that it is accurate, relevant, and limited to what is necessary for its intended purpose. Where required, individuals are informed of the source of their data in accordance with applicable legal requirements.

Legal Bases for Processing

Personal data is processed by In Force Security only where a valid legal basis exists under applicable data protection laws. Depending on the circumstances, processing may be carried out on one or more of the following lawful bases:

• the performance of a contract, or the taking of steps at the request of an individual prior to entering into a contract;
• compliance with legal, regulatory, or statutory obligations to which In Force Security is subject;
• the pursuit of legitimate interests by In Force Security or third parties, where such interests are not overridden by the rights and freedoms of individuals;
• the consent of the individual, where required by law and obtained in a clear, informed, and freely given manner.

Where multiple legal frameworks or jurisdictions apply, In Force Security adopts the highest applicable standard of protection to safeguard individual rights and freedoms. Legal bases are assessed and documented, and processing activities are reviewed periodically to ensure ongoing compliance and appropriateness.

Why We Use Personal Data

Personal data is processed by In Force Security strictly for legitimate, defined, and proportionate purposes connected to the conduct of our professional activities. These purposes include, without limitation:

• delivering security, close protection, risk management, and related professional services;
• conducting risk assessments, planning activities, operational coordination, and deployment management;
• establishing, managing, and maintaining contractual, commercial, and client relationships;
• processing payments, invoicing, and other financial or accounting transactions;
• complying with legal, regulatory, licensing, and insurance requirements;
• ensuring the integrity, safety, and resilience of digital, physical, and operational environments;
• investigating incidents, responding to operational events, and supporting internal or external investigations where lawfully required;
• monitoring, evaluating, and improving service quality, efficiency, and operational effectiveness.

In Force Security does not process personal data for purposes that are incompatible with the reasons for which it was originally collected. Where a new or additional purpose arises, processing will only occur where permitted by law and subject to appropriate safeguards, transparency, and, where required, additional legal justification or consent.

.

Communications and Marketing

Where In Force Security communicates with individuals, whether for informational, operational, or marketing-related purposes, such communications are conducted in a lawful, transparent, and proportionate manner. All communications are grounded in a valid legal basis, which may include consent, contractual necessity, or legitimate interest, as permitted by applicable data protection and electronic communications laws.

In Force Security respects individual autonomy and choice in relation to communications. Individuals are provided with clear and accessible mechanisms to manage their communication preferences, including the ability to opt in or opt out of specific categories of messages. Consent, where relied upon, may be withdrawn at any time without detriment, prejudice, or adverse consequences.

We do not engage in intrusive, misleading, aggressive, or disproportionate marketing practices. Communications are designed to be relevant, accurate, and respectful, reflecting the professional standards expected of an elite security organisation. Contact details are never exploited, misused, or repurposed in a manner incompatible with the context in which they were provided.

Cookies and Digital Technologies

In Force Security’s digital platforms utilise cookies and similar technologies to ensure essential website functionality, operational security, system integrity, and performance optimisation. These technologies support user authentication, fraud prevention, system stability, and the reliable delivery of digital services.

Cookies and analytics tools are also used to gain insight into how our websites and digital services are accessed and utilised, allowing us to identify technical issues, assess performance, and improve overall user experience. Such processing is conducted in a measured and privacy-conscious manner.

Where analytics data is collected, it is processed in aggregated and anonymised or pseudonymised form wherever possible and is not used to identify individuals without a clear and lawful basis. The deployment of non-essential cookies is subject to applicable consent requirements, and users are provided with appropriate controls to manage their preferences.

Further details regarding the types of cookies used, their purpose, and available user choices are set out in our separate Cookie Policy, which forms an integral part of our broader data protection framework.

Sharing and Disclosure of Personal Data

Personal data processed by In Force Security may be shared internally strictly on a need-to-know basis, and only with personnel whose roles and responsibilities require such access for legitimate operational, contractual, or legal purposes. Internal access is governed by role-based controls, confidentiality obligations, and documented authorisation procedures.

Where necessary, personal data may also be shared with carefully selected third parties, including professional advisers, service providers, or operational partners, who support In Force Security’s activities. Such third parties are subject to rigorous due diligence and are bound by contractual obligations requiring confidentiality, data security, and compliance with applicable data protection laws.

Personal data is never sold, traded, or disclosed for unrelated, speculative, or exploitative purposes. Disclosures are limited to what is strictly necessary, proportionate, and lawful. Where required, data sharing arrangements are documented and reviewed to ensure ongoing compliance and risk management.

In all cases, In Force Security retains oversight and accountability for personal data entrusted to it, reinforcing our commitment to lawful processing, discretion, and the preservation of trust placed in us by individuals and stakeholders alike.

International Operations and Data Transfers

In Force Security operates across multiple jurisdictions and fully recognises the legal, regulatory, and operational complexities inherent in international data processing activities. Our global footprint requires a disciplined and harmonised approach to cross-border data protection, ensuring that personal data is handled with consistency, integrity, and lawful authority regardless of geographic location.

Where personal data is transferred between countries or regions, In Force Security implements appropriate and legally recognised safeguards to ensure that such data benefits from a level of protection that is materially equivalent to that afforded in the originating jurisdiction. These safeguards may include, where applicable, contractual protections, internal binding policies, recognised international data transfer mechanisms, and enhanced technical and organisational controls.

All international data transfers are assessed in advance through a risk-based and legally informed process that considers the destination country’s legal framework, regulatory environment, enforcement practices, and potential risks to data subjects. Transfers are conducted strictly in accordance with applicable data protection legislation and regulatory guidance, and are limited to what is necessary for legitimate operational, contractual, or legal purposes.

Data Security, Retention and Disposal

In Force Security applies a defence-in-depth security model, combining layered administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, accidental or unlawful loss, alteration, destruction, or disclosure. These measures are proportionate to the sensitivity, volume, and risk profile of the data processed and are reviewed regularly to address evolving threats and operational realities.

Access to personal data is restricted on a strict need-to-know basis and governed by role-based controls, authentication mechanisms, and documented authorisation protocols. Systems handling personal data are monitored, maintained, and updated to preserve confidentiality, integrity, and availability.

Personal data is retained only for as long as is necessary to fulfil its original purpose, comply with contractual obligations, meet regulatory and statutory requirements, or support legitimate operational needs. Retention schedules are formally documented, approved through governance channels, reviewed periodically, and enforced consistently across the organisation.

Upon expiry of the applicable retention period, personal data is securely archived or disposed of using irreversible and industry-accepted destruction methods. These processes are designed to eliminate the risk of recovery, misuse, or unauthorised access, and are conducted in accordance with legal requirements, recognised standards, and professional best practice.

Your Rights and How We Respond

Individuals whose personal data is processed by In Force Security are entitled to exercise rights afforded to them under applicable data protection laws. These rights may include, subject to lawful limitations, the right to access personal data, request rectification of inaccurate information, seek erasure, restrict or object to certain forms of processing, and request data portability.

In Force Security is committed to respecting and facilitating the lawful exercise of these rights. Requests are handled in a transparent, structured, and professional manner, and are assessed on a case-by-case basis in accordance with applicable legal requirements.

To protect the rights and freedoms of all parties, identity verification may be required before processing any request. Requests are responded to within statutory timeframes, and, where permitted by law, are processed free of charge. In limited circumstances where a request is manifestly unfounded, excessive, or legally restricted, In Force Security reserves the right to apply lawful limitations or charges, with appropriate justification provided.

Governance, Ethics and Professional Standards

Data protection within In Force Security is underpinned by an enterprise-level governance framework that reflects the organisation’s commitment to accountability, professionalism, and ethical conduct. This framework includes senior management oversight, clearly defined responsibilities, documented policies and procedures, internal audits, training programmes, and continuous improvement mechanisms.

Privacy and data protection principles are embedded into systems, processes, and operational decision-making from the outset, rather than treated as an afterthought. This privacy-by-design and privacy-by-default approach ensures that personal data is processed lawfully, fairly, proportionately, and transparently.

Beyond legal compliance, In Force Security applies ethical standards aligned with professional security conduct, human rights principles, and societal expectations. Personal data is used only for legitimate purposes and in a manner consistent with the trust placed in us by clients, personnel, partners, and other stakeholders.

Incident Response and Organisational Resilience

In Force Security maintains a structured and documented incident response framework designed to ensure prompt identification, escalation, containment, investigation, and remediation of any data security incident or suspected breach.

In the event of an incident involving personal data, appropriate internal stakeholders are engaged without delay to assess the nature, scope, and potential impact of the incident. Where required by law, relevant supervisory authorities and affected individuals will be notified in a timely and transparent manner.

Post-incident reviews are conducted to identify root causes, assess the effectiveness of controls, and implement corrective actions. Lessons learned from incidents are systematically integrated into our governance, training, and security measures to strengthen organisational resilience and reduce the likelihood of recurrence.

Through preparedness, disciplined response, and continuous refinement, In Force Security seeks not only to manage incidents effectively, but to reinforce long-term trust, operational robustness, and institutional credibility.

Continuous Review and Evolution

In Force Security maintains a rigorous and ongoing process of review, assessment, and enhancement of its privacy and data protection practices. These practices are not static; they are continuously monitored and evaluated to ensure full alignment with evolving legal and regulatory frameworks, including international, regional, and local data protection laws and standards.

Our approach reflects awareness of emerging and sophisticated threats, advancements in technology, changes in operational risk profiles, and the development of best practices across the global security and risk management sector. As new risks, methodologies, and regulatory expectations arise, our internal policies, controls, and safeguards are reviewed and, where necessary, strengthened to ensure the continued protection of personal data entrusted to us.

This Privacy Notice may be updated periodically to reflect such developments. Any revisions are implemented with due consideration for transparency, accountability, and proportionality. The most current version of this Privacy Notice will always apply and will be made available through appropriate and accessible channels to ensure stakeholders are informed of any material changes.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Notice, or if you wish to obtain further information about our data protection principles, policies, or practices, you are encouraged to contact us directly.

In Force Security
Email: privacy@inforcesecurity.com

All communications relating to privacy and data protection are handled with professionalism, discretion, and due regard for confidentiality. Where required, enquiries will be escalated to the appropriate internal governance or compliance function to ensure accurate and timely responses.

Our Closing Commitment

In Force Security does not operate on the basis of minimal or superficial compliance. We reject a checkbox approach to data protection.

Our commitment is grounded in institutional excellence, operational resilience, and the cultivation of enduring trust with our clients, partners, personnel, and stakeholders. The protection of personal data is regarded as a core operational responsibility and an essential component of our ethical and professional standards.

Through robust governance, disciplined operational controls, and a culture of accountability, we strive to uphold the highest standards in the lawful, fair, and secure handling of personal data. This commitment reflects not only regulatory expectations, but also our broader duty to act with integrity, discretion, and respect in all aspects of our operations.