Privacy Policy

1. Who We Are

Cobra Protection Ltd is the data controller responsible for your personal data.

• Registered name: Cobra Protection Ltd
• Company number: 14033901
• Registered address: 54 St James Street, Liverpool, L1 0AB
• Email: info@cobraprotection.co.uk
• Telephone: +44 7704 421991

If you have any questions about how we use your personal data, or wish to exercise any of your rights, please contact us using the details above.

2. What Personal Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

2.1 Data You Provide to Us

• Full name
• Email address
• Telephone number
• Postal address
• Details of your security requirements as provided in enquiries or consultations
• Any other information you voluntarily include in correspondence with us

2.2 Data We Collect Automatically

• IP address and approximate geographic location
• Browser type and device information
• Pages visited and time spent on our website
• Referring website

2.3 Sensitive Data

In certain circumstances — for example, when providing close protection or conducting threat and risk assessments — we may be required to handle sensitive personal data, including information relating to the health, safety or security risk profile of a client or third party. We handle such data with the utmost care and only where strictly necessary for the performance of our services.

3. How We Use Your Personal Data

We use your personal data for the following purposes and on the following lawful bases:

We will not use your personal data for any purpose incompatible with those listed above without first informing you and, where required, seeking your consent.

4. Marketing Communications

We will only send you marketing communications if you have explicitly opted in to receive them. You may withdraw your consent at any time by emailing info@cobraprotection.co.uk or by using the unsubscribe link in any marketing email we send. Withdrawal of consent will not affect the lawfulness of any processing carried out prior to withdrawal.

5. Sharing Your Personal Data

We do not sell, rent or trade your personal data. We may share your data in the following limited circumstances:

• Service delivery: with vetted operatives or sub-contractors where necessary to perform the security services you have engaged us to provide, and only to the extent required
• Legal compliance: where required to do so by law, court order or a regulatory authority (including, where appropriate, the Security Industry Authority)
• Professional advisers: with our solicitors, accountants or insurers where necessary for the conduct of our business, all of whom are subject to confidentiality obligations
• Business transfers: in connection with any merger, acquisition or sale of all or part of our business, subject to appropriate confidentiality protections

All third parties with whom we share personal data are required to process it in accordance with applicable data protection law and our instructions.

6. International Transfers

We primarily process and store your personal data within the United Kingdom. Where we engage third-party service providers based outside the UK, we ensure that adequate safeguards are in place as required by Chapter V of the UK GDPR, such as the UK International Data Transfer Agreement (IDTA) or equivalent protections.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our standard retention periods are as follows:

• Enquiry / contact form data (no contract formed): 12 months from the date of enquiry
• Client data (contract formed): 6 years from the end of the last contract, in line with the Limitation Act 1980
• Financial and invoicing records: 6 years as required by HMRC
• Vetting and SIA compliance records: as required by BS7858 and applicable regulatory guidance

Once the relevant retention period has expired, your data will be securely deleted or anonymised.

8. Cookies and Website Tracking

Our website does not currently use third-party tracking or advertising cookies. We may use essential technical cookies to facilitate basic website functionality (such as form submission). No cookie consent banner is displayed as no non-essential cookies are set.

If this changes in the future, we will update this policy and implement an appropriate cookie consent mechanism in compliance with the Privacy and Electronic Communications Regulations 2003 (PECR).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration or destruction. These measures include:

• Encrypted transmission of data via HTTPS/SSL
• Restricted access to personal data on a need-to-know basis
• Secure email communication practices
• Regular review of our data handling procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours in accordance with Article 33 UK GDPR, and will notify you directly where required under Article 34.

10. Your Rights Under UK GDPR

You have the following rights in relation to your personal data. You may exercise any of these rights by contacting us at info@cobraprotection.co.uk. We will respond within one calendar month of receiving your request.

• Right of access (Article 15): the right to obtain a copy of the personal data we hold about you
• Right to rectification (Article 16): the right to have inaccurate personal data corrected
• Right to erasure (Article 17): the right to have your personal data deleted in certain circumstances ("the right to be forgotten")
• Right to restrict processing (Article 18): the right to request that we limit how we use your data
• Right to data portability (Article 20): the right to receive your data in a machine-readable format where processing is based on consent or contract
• Right to object (Article 21): the right to object to processing based on legitimate interests or for direct marketing purposes
• Rights related to automated decision-making (Article 22): we do not make solely automated decisions that have a legal or similarly significant effect on you

Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

We will not charge a fee for handling your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or refuse the request.

11. Right to Complain

If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters:

We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO, and encourage you to contact us in the first instance.

12. Third-Party Websites

Our website may contain links to third-party websites (for example, social media platforms). We are not responsible for the privacy practices of those websites and recommend you review their privacy policies independently. This Privacy Policy applies only to cobraprotection.co.uk.

13. Children's Data

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately and we will take prompt steps to delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services or legal obligations. The "Last reviewed" date at the top of this page will be updated accordingly. Where changes are material, we will take reasonable steps to bring them to your attention. We encourage you to review this policy periodically.

15. Contact Us

For any queries regarding this Privacy Policy or your personal data, please contact: