Legal

Privacy Policy

This policy explains how RedLion Protection Group collects, uses, and protects personal information when you use our website or contact us. We handle personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

RedLion Protection Group ("RedLion", "we", "us", "our") is the data controller responsible for your personal data.

2. What information we collect

We only collect the information necessary to respond to enquiries and deliver our services. Depending on how you interact with us, this may include:

• Identity & contact data — name, organisation, email address, phone number.
• Enquiry content — the message you choose to send us via our contact form or by email, including any details you provide about the nature of your enquiry.
• Engagement data — information needed to fulfil a service contract, such as addresses, schedules, and operational details, shared on a need-to-know basis.
• Technical data — basic information your browser sends automatically (IP address, browser type, referring page, time of visit). This is collected by our hosting provider for security and performance.

We do not knowingly collect data from children under 16. We do not collect special-category data (such as health or biometric data) through this website. Where such data is necessary to deliver a service, it is handled separately under a written engagement agreement.

3. How we use it

We use your information for the following purposes:

• To respond to enquiries and provide information about our services.
• To negotiate, agree, and deliver services under a contract with you or your organisation.
• To meet legal, regulatory, vetting, and insurance obligations.
• To protect the safety and security of our personnel, clients, and assets.
• To maintain the security and integrity of this website.

4. Lawful basis

We rely on the following lawful bases under Article 6 of the UK GDPR:

• Consent — when you voluntarily submit an enquiry through our contact form.
• Contract — where processing is necessary to take steps at your request before entering, or to perform, a contract.
• Legitimate interests — to operate, secure, and improve our services, provided those interests are not overridden by your rights.
• Legal obligation — where we are required to retain or disclose information by law (for example, vetting or licensing requirements).

5. Sharing your information

We do not sell personal data. We share information only where necessary, and only with parties bound by appropriate confidentiality and data-protection obligations:

• Trusted service providers (for example, our website host, email provider, and form-handling service) acting on our instructions.
• Vetting bodies, regulators, insurers, and licensing authorities, where required.
• Law enforcement or government bodies, where we are legally obliged to do so.
• Professional advisers (legal, accounting, insurance) where reasonably required.

6. International transfers

Some of our service providers may process data outside the UK. Where this is the case, we ensure appropriate safeguards are in place — typically the UK International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK Addendum, or transfers to jurisdictions covered by an adequacy decision.

7. How long we keep it

We keep personal data only for as long as needed for the purpose for which it was collected:

• Enquiry correspondence: typically 24 months from last contact, unless a relationship is established.
• Client records and contracts: for the duration of the engagement and up to 7 years after, to meet legal, tax, and insurance obligations.
• Vetting and personnel records: in line with statutory and SIA requirements.

We periodically review and securely delete data that is no longer needed.

8. Your rights

Under the UK GDPR you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure of your data, where applicable.
• Restrict or object to certain processing.
• Request the portability of data you have provided to us.
• Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, please email office@redlionpg.com. We will respond within one month.

You also have the right to complain to the UK supervisory authority, the Information Commissioner's Office (ico.org.uk), if you believe we have not handled your data properly.

9. Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. These include access controls, encryption in transit, and a need-to-know approach to internal access. No system is perfectly secure, but we take our duty of care seriously.

10. Cookies & analytics

This website uses only essential cookies required for the site to function. We do not use advertising or tracking cookies. Our hosting provider may log basic technical information (such as IP address and request time) for security and performance purposes.

If we add analytics or other non-essential cookies in future, we will request your consent first and update this policy.

11. Third-party links

Our website may include links to third-party sites (for example, partner organisations or referenced bodies). This policy does not cover those sites — we recommend reviewing their own privacy notices.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date above will reflect the most recent revision. Material changes will be highlighted on the homepage or notified by email where appropriate.

13. Contact us

For any privacy questions, requests, or concerns, please contact: