• 42 Risk Management Last updated: 09/01/2026

• Welcome to 42 Risk Management. We take your privacy seriously and are committed to protecting your personal information. This policy explains what data we collect, how we use it, and the rights you have under UK data protection law, including the UK GDPR and the Data Protection Act 2018.
• By using our services or visiting our website, you agree to the practices described in this policy.

• 42 Risk Management   A UK‑based security and risk management company.
• Contact us:   Email: headoffice@42riskmanagementinfo.uk 

• We may collect the following types of information:

• Name and contact details
• Identification documents (for vetting or site access)
• Employment or contractor information
• Incident reports or statements
• Billing and payment details

• IP address, browser type, and device information
• Website usage data (analytics)
• CCTV footage at sites we manage
• Access control logs (entry/exit records)

• Criminal background checks
• Health information relevant to operational safety

We only process sensitive data when legally permitted.

We use your data to:

• Provide security and risk management services
• Manage access to secure locations
• Conduct investigations and incident reporting
• Comply with legal and regulatory obligations
• Process payments and manage accounts
• Recruit and vet staff or contractors
• Improve our website and services

We never sell your personal data.

We process data under one or more of the following lawful bases:

• Contract – to deliver our services
• Legal obligation – to comply with UK law
• Legitimate interests – ensuring safety, preventing crime, improving services
• Consent – where required, especially for special category data

As part of our security operations, we may use CCTV systems. Where CCTV is in use:

• Clear signage will be displayed
• Footage is stored securely and only for as long as necessary
• Access is restricted to authorised personnel
• Footage may be shared with law enforcement when required

We may share your information with:

• Law enforcement or regulatory bodies
• Clients (where necessary for operational purposes)
• Background check providers
• Insurers, auditors, or legal advisors
• Approved subcontractors under confidentiality agreements

We do not share data for marketing without your consent.

If we transfer your data outside the UK, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations
• Standard Contractual Clauses (SCCs)

We keep your data only for as long as necessary for:

• Operational needs
• Legal or regulatory requirements
• Contractual obligations

Example: CCTV footage is typically retained for 30–90 days unless needed for an investigation.

Under UK GDPR, you have the right to:

• Access your data
• Correct inaccurate information
• Request deletion (where applicable)
• Restrict or object to processing
• Request data portability
• Withdraw consent (where processing is based on consent)
• Complain to the Information Commissioner’s Office (ICO)

We use a range of security measures, including:

• Encryption and secure storage
• Strict access controls
• Staff training in data protection
• Regular audits and risk assessments

We may update this Privacy Policy from time to time. The latest version will always be available on our website.