Privacy Policy
Your privacy is our priority. Learn how we collect, use, and protect your personal data during our professional lie detection services.
1. Data Controller Information
1.1 Company Details
Data Controller: DeceptionDetection.co.uk Limited
Registered Address: Professional House, Technology Park, London, UK SW1A 1AA
Company Registration: 12345678
ICO Registration: ZA123456
1.2 Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection activities:
- Email: dpo@deceptiondetection.co.uk
- Phone: 0800 123 4567
- Address: DPO, DeceptionDetection.co.uk Limited, Professional House, Technology Park, London, UK SW1A 1AA
1.3 Legal Framework
This privacy policy is designed to comply with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR)
- Human Rights Act 1998
GDPR Compliance
We are fully committed to protecting your personal data and complying with all applicable data protection laws. This policy explains how we collect, use, and protect your information.
2. Data Collection
2.1 Personal Data We Collect
We collect various types of personal data to provide our lie detection services:
2.1.1 Identity Data
- Full name and title
- Date of birth
- Gender
- Nationality
- Identification documents (driving license, passport)
- Photographs for identification verification
2.1.2 Contact Data
- Postal address
- Email address
- Telephone numbers (mobile and landline)
- Emergency contact information
- Preferred communication methods
2.1.3 Health Data
- Medical conditions and history
- Current medications and supplements
- Mental health status
- Physical limitations or disabilities
- Pregnancy status
- Allergies and medical alerts
2.1.4 Testing Data
- EEG brainwave recordings
- Polygraph physiological data
- Audio recordings of sessions
- Video recordings (where consented)
- Test questions and responses
- Behavioral observations
2.1.5 Financial Data
- Payment card details (processed securely)
- Bank account information
- Billing address
- Transaction history
- VAT information (business clients)
2.2 How We Collect Data
We collect personal data through various methods:
2.2.1 Direct Collection
- Booking forms and applications
- Pre-test questionnaires
- Consent forms and agreements
- Telephone conversations
- In-person consultations
- Testing sessions
2.2.2 Automated Collection
- Website analytics and cookies
- Testing equipment sensors
- Email tracking (open rates, clicks)
- System logs and usage data
- Security cameras (at our facilities)
2.2.3 Third-Party Sources
- Legal representatives
- Insurance companies
- Referral partners
- Public records (where legally permitted)
- Credit reference agencies (business clients)
| Data Type | Collection Method | Purpose | Legal Basis |
|---|---|---|---|
| Identity & Contact | Booking forms | Service provision | Contract performance |
| Health data | Pre-test questionnaire | Safety & accuracy | Explicit consent |
| Testing data | EEG/Polygraph equipment | Lie detection service | Contract performance |
| Financial data | Payment systems | Payment processing | Contract performance |
| Website data | Cookies & analytics | Service improvement | Legitimate interest |
3. Data Processing
3.1 Legal Basis for Processing
We process personal data under the following legal bases:
3.1.1 Contract Performance
- Providing lie detection services
- Managing bookings and appointments
- Processing payments
- Communicating about services
- Delivering test results
3.1.2 Explicit Consent
- Processing sensitive health data
- Video recording of sessions
- Marketing communications
- Third-party data sharing
- Research and development
3.1.3 Legitimate Interest
- Fraud prevention and detection
- Security monitoring
- Service improvement
- Business analytics
- Debt collection
3.1.4 Legal Obligation
- Compliance with court orders
- Regulatory reporting
- Tax and VAT obligations
- Professional standards compliance
- Health and safety requirements
3.2 Processing Activities
We process personal data for the following purposes:
3.2.1 Service Delivery
- Scheduling and conducting lie detection tests
- Analyzing test results
- Providing expert opinions and reports
- Court testimony and legal support
- Customer service and support
3.2.2 Business Operations
- Account management
- Quality assurance
- Equipment maintenance
- Staff training and development
- Insurance claims processing
3.2.3 Marketing and Communications
- Service updates and newsletters
- Promotional materials
- Customer satisfaction surveys
- Referral programs
- Social media engagement
3.3 Special Category Data
We process special category data (health information) under specific conditions:
- Explicit consent: Clear, informed consent for health data processing
- Medical purposes: Ensuring test safety and accuracy
- Legal claims: Establishing, exercising, or defending legal rights
- Substantial public interest: Fraud prevention and detection
Health Data Protection
We implement additional safeguards for health data including enhanced encryption, access controls, and regular audits. Health data is only accessible to authorized personnel for legitimate purposes.
4. Data Retention
4.1 Retention Periods
We retain personal data for different periods based on data type and legal requirements:
| Data Type | Retention Period | Reason | After Retention |
|---|---|---|---|
| Client records | 7 years | Legal requirements | Secure destruction |
| Test results | 7 years | Professional standards | Secure destruction |
| Health data | 7 years | Medical records regulations | Secure destruction |
| Financial records | 7 years | Tax and VAT requirements | Secure destruction |
| Legal case files | Case completion + 7 years | Legal liability | Secure destruction |
| Private testing | 2 years | Quality assurance | Secure destruction |
| Marketing data | Until withdrawal | Consent basis | Immediate deletion |
| Website analytics | 26 months | Google Analytics default | Automatic deletion |
4.2 Retention Criteria
We determine retention periods based on:
- Legal and regulatory requirements
- Professional standards and guidelines
- Insurance and liability considerations
- Business operational needs
- Data subject preferences
4.3 Secure Destruction
When retention periods expire, we securely destroy data using:
- DoD 5220.22-M standard for digital data
- Professional shredding for paper records
- Certified destruction for sensitive materials
- Certificate of destruction provided
- Audit trail of destruction activities
4.4 Extended Retention
Data may be retained longer in specific circumstances:
- Ongoing legal proceedings
- Regulatory investigations
- Insurance claims
- Client request for extended retention
- Legitimate business interests
6. Data Security
6.1 Technical Security Measures
We implement robust technical security measures to protect your data:
6.1.1 Encryption
- AES-256 encryption for data at rest
- TLS 1.3 for data in transit
- End-to-end encryption for sensitive communications
- Encrypted backup systems
- Hardware security modules for key management
6.1.2 Access Controls
- Multi-factor authentication
- Role-based access control
- Principle of least privilege
- Regular access reviews
- Automated access logging
6.1.3 Network Security
- Firewalls and intrusion detection
- Network segmentation
- VPN for remote access
- DDoS protection
- Regular security scanning
6.2 Organizational Security Measures
We maintain comprehensive organizational security controls:
6.2.1 Staff Security
- Background checks for all staff
- Confidentiality agreements
- Regular security training
- Clear desk and clear screen policies
- Incident response procedures
6.2.2 Physical Security
- Secure facilities with access controls
- CCTV monitoring
- Visitor management systems
- Secure equipment storage
- Environmental controls
6.2.3 Operational Security
- Regular security audits
- Vulnerability assessments
- Business continuity planning
- Incident response procedures
- Third-party security assessments
6.3 Data Breach Response
In the event of a data breach, we will:
- Contain and assess the breach within 1 hour
- Notify the ICO within 72 hours if required
- Notify affected individuals without undue delay
- Provide clear information about the breach
- Offer support and mitigation measures
- Conduct a thorough investigation
- Implement additional security measures
6.4 Security Certifications
We maintain industry-standard security certifications:
- ISO 27001 Information Security Management
- ISO 13485 Medical Device Quality Management
- Cyber Essentials Plus certification
- SOC 2 Type II compliance
- Regular third-party security audits
Security Updates
We continuously update our security measures to address emerging threats. Our security team monitors the latest cybersecurity developments and implements appropriate protections.
7. Your Rights
7.1 Right to Information
You have the right to be informed about how your personal data is processed. This privacy policy provides transparent information about our processing activities.
7.2 Right of Access
You can request access to your personal data, including:
- Confirmation of data processing
- Copy of your personal data
- Information about processing purposes
- Categories of data processed
- Recipients of data
- Retention periods
7.3 Right to Rectification
You can request correction of inaccurate or incomplete personal data. We will:
- Respond within one month
- Verify the accuracy of corrections
- Update our records accordingly
- Notify third parties of corrections
- Confirm completion of updates
7.4 Right to Erasure
You can request deletion of your personal data in certain circumstances:
- Data no longer necessary for original purpose
- Withdrawal of consent (consent-based processing)
- Objection to processing (legitimate interest basis)
- Unlawful processing
- Legal obligation to delete
7.5 Right to Restrict Processing
You can request restriction of processing in certain situations:
- Disputing accuracy of data
- Unlawful processing
- Data needed for legal claims
- Pending objection assessment
7.6 Right to Data Portability
You can request transfer of your data in a structured, commonly used format for:
- Consent-based processing
- Contract-based processing
- Automated processing
- Direct transfer to another controller
7.7 Right to Object
You can object to processing based on:
- Legitimate interests
- Direct marketing
- Profiling
- Scientific/historical research
7.8 Rights Related to Automated Decision-Making
You have rights regarding automated decision-making and profiling:
- Right to human intervention
- Right to explanation
- Right to challenge decisions
- Right to express views
7.9 Exercising Your Rights
To exercise your rights, contact us:
- Email: dpo@deceptiondetection.co.uk
- Phone: 0800 123 4567
- Post: Data Protection Officer, DeceptionDetection.co.uk Limited
We will:
- Respond within one month
- Verify your identity
- Provide free assistance
- Explain any limitations
- Offer alternative solutions
Free Exercise of Rights
You can exercise your data protection rights free of charge. We may charge a reasonable fee for manifestly unfounded or excessive requests, particularly repetitive requests.
9. International Transfers
9.1 Transfer Necessity
We may transfer your personal data internationally for:
- Cloud storage and backup services
- Technical support and maintenance
- Legal advice and representation
- Professional consultation
- Equipment calibration services
9.2 Transfer Safeguards
All international transfers are protected by appropriate safeguards:
9.2.1 Adequacy Decisions
We transfer data to countries with adequacy decisions from the UK government, including:
- European Economic Area (EEA)
- Switzerland
- Israel
- New Zealand
- Canada (commercial organizations)
9.2.2 Standard Contractual Clauses
For transfers to countries without adequacy decisions, we use UK-approved standard contractual clauses that provide equivalent protection.
9.2.3 Additional Measures
We implement additional technical and organizational measures:
- Enhanced encryption
- Access controls
- Data minimization
- Regular audits
- Incident response procedures
9.3 Specific Transfer Scenarios
9.3.1 Cloud Storage
We use secure cloud storage providers with data centers in the UK and EU. Data is encrypted in transit and at rest.
9.3.2 Technical Support
Some technical support services may be provided by suppliers in other countries. Access to personal data is strictly limited and controlled.
9.3.3 Legal Services
International legal consultation may require data transfer to qualified lawyers in other jurisdictions under attorney-client privilege.
9.4 Your Rights Regarding Transfers
You have the right to:
- Information about international transfers
- Copy of transfer safeguards
- Object to specific transfers
- Withdraw consent for consent-based transfers
- Complain to supervisory authorities
10. Policy Updates
10.1 Regular Reviews
We regularly review and update this privacy policy to ensure it remains current and compliant with:
- Legal and regulatory changes
- Technology developments
- Business practice changes
- Industry best practices
- User feedback
10.2 Notification of Changes
We will notify you of significant changes through:
- Website banner notifications
- Email notifications to registered users
- Updates to our privacy policy page
- Social media announcements
- Direct communication for material changes
10.3 Version History
We maintain a history of privacy policy versions:
- Version 3.0: July 9, 2025 - Current version
- Version 2.1: January 15, 2025 - Updated GDPR compliance
- Version 2.0: September 1, 2024 - Enhanced security measures
- Version 1.0: March 1, 2024 - Initial version
10.4 Consent to Changes
Your continued use of our services after policy updates constitutes acceptance of the changes. For material changes affecting your rights, we may require explicit consent.
Stay Informed
We recommend reviewing this privacy policy periodically to stay informed about how we protect your data. Subscribe to our newsletter for policy update notifications.
11. Complaints & Dispute Resolution
11.1 Internal Complaints Process
If you have concerns about our data processing, please contact us first:
11.1.1 How to Complain
- Email: complaints@deceptiondetection.co.uk
- Phone: 0800 123 4567
- Post: Complaints Officer, DeceptionDetection.co.uk Limited
- Online: Complaint form on our website
11.1.2 Complaint Handling
We will:
- Acknowledge receipt within 2 working days
- Investigate thoroughly and fairly
- Provide a response within 30 days
- Offer appropriate remedies
- Follow up on resolution
11.2 Supervisory Authority
You have the right to complain to the UK's supervisory authority:
Information Commissioner's Office (ICO)
- Website: www.ico.org.uk
- Phone: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- Online: Report a concern on ICO website
11.3 Alternative Dispute Resolution
We participate in alternative dispute resolution schemes:
- Industry ombudsman services
- Mediation services
- Arbitration procedures
- Professional body dispute resolution
11.4 Legal Remedies
You have the right to seek legal remedies for data protection violations:
- Compensation for material and non-material damages
- Injunctive relief to stop processing
- Court orders for data correction or deletion
- Judicial review of our decisions
- Class action proceedings where applicable
11.5 No Retaliation
We will not retaliate against individuals who:
- Exercise their data protection rights
- File complaints with supervisory authorities
- Participate in legal proceedings
- Report data protection concerns
- Seek legal advice about their rights
Independent Resolution
You can pursue complaints and legal remedies independently without affecting your ability to use our services. We respect your right to seek independent advice and resolution.
12. Contact Our Data Protection Officer
12.1 DPO Contact Details
Our Data Protection Officer is available to help with all privacy-related matters:
Data Protection Officer
Name: Sarah Mitchell, CIPP/E, CIPM
Email: dpo@deceptiondetection.co.uk
Phone: 0800 123 4567 (Ext. 101)
Direct Line: 0800 555 0123
Address: DPO, DeceptionDetection.co.uk Limited, Professional House, Technology Park, London, UK SW1A 1AA
12.2 When to Contact the DPO
Contact our DPO for:
- Data protection questions and concerns
- Exercising your data subject rights
- Privacy impact assessments
- Data breach notifications
- Consent management
- Third-party data sharing queries
- Cross-border data transfer questions
- Training and guidance requests
12.3 DPO Independence
Our DPO operates independently and:
- Reports directly to senior management
- Has no conflicts of interest
- Maintains professional confidentiality
- Provides independent advice
- Monitors compliance activities
12.4 Response Times
Our DPO will respond to your inquiries:
- Urgent matters: Within 24 hours
- General inquiries: Within 3 working days
- Rights requests: Within 1 month
- Complex matters: Acknowledgment within 3 days, resolution within 1 month
12.5 Specialized Support
Our DPO can provide specialized support for:
- Legal representatives
- Healthcare professionals
- Corporate clients
- International clients
- Vulnerable individuals
12.6 Additional Resources
For additional privacy resources, visit:
- Privacy Center: www.deceptiondetection.co.uk/privacy
- FAQs: www.deceptiondetection.co.uk/privacy-faq
- Cookie Management: www.deceptiondetection.co.uk/cookies
- Rights Portal: www.deceptiondetection.co.uk/data-rights
- Consent Management: www.deceptiondetection.co.uk/consent
Questions About Our Privacy Policy?
If you have any questions about how we protect your privacy, please contact our Data Protection Officer.
DPO Email: dpo@deceptiondetection.co.uk
Phone: 0800 123 4567
Hours: Monday-Friday 9AM-6PM, Saturday 9AM-2PM
Emergency: 0800 999 8888 (24/7)