Privacy Policy

Effective Date: 11 March 2026

Version: 2026.1 (DUAA Compliant)

1. Scope and Identity

Templar Protection Ltd ("the Company") is a UK-registered risk advisory and protective services firm. We act as the Data Controller for all personal data processed during our engagements. This policy outlines our commitment to Operational Security (OPSEC) and our legal obligations under the UK GDPR, the Data Protection Act 2018, and the Data Use and Access Act 2026.

2. Lawful Basis for Processing (2026 Statutory Framework)

In accordance with the Data Use and Access Act 2026, we process personal data under the following bases:

Recognised Legitimate Interests (S.103 DUAA 2026): We rely on the statutory presumption of legitimacy for processing essential to Crime Prevention, Public Security, and Safeguarding.

Contractual Necessity: Fulfillment of protective and advisory obligations as per the Letter of Engagement.

Vital Interests: Processing necessary to protect the life or physical integrity of the Principal or others in high-risk environments.

Operational Necessity: Monitoring technical signatures and public-domain intelligence to preempt hostile intent.

3. Intelligence Categories & Collection

To maintain a "Clean Space" for our Principals, we collect and process:

Identity Intelligence: Vetting credentials, biometric access data, and government IDs for access control.

Technical Signatures: Radio frequency (RF) and digital signatures gathered during TSCM (Technical Surveillance Counter-Measures) to identify and neutralize illicit monitoring.

Logistical Data: Real-time movement patterns and transit intelligence required for secure mobility.

4. Hardening and Data Sovereignty

Manual Oversight: In accordance with the 2026 Act, we explicitly state that no automated decision-making or profiling is used. All risk evaluations are subject to human verification by a qualified Director.

Personnel Hardening: All staff and strategic partners (including Templar Strategic Risks LLC) are bound by Enhanced Vetting and Non-Disclosure Agreements (NDAs).

International Transfers: Transfers to our US affiliate are governed by International Data Transfer Agreements (IDTA) ensuring institutional-grade equivalence.

5. Retention and Secure Decommissioning

We adhere to strict data minimization. Personal data is retained only for the duration of the operational mission. Upon conclusion, data is securely decommissioned (purged) unless retention is strictly required for legal defense or UK statutory insurance mandates.

6. Data Subject Rights & Mandatory Complaints Procedure

Under UK law, you have rights of access, rectification, and erasure.

Proportionate Search (2026 Update): In response to a Subject Access Request (SAR), we conduct "reasonable and proportionate" searches as defined by the 2026 Act.

Right to Complain: You have the right to lodge a complaint directly with our Director of Operations. Per statutory requirements, we will acknowledge any data complaint within 30 days and take appropriate steps to resolve it without undue delay.

Regulator: You maintain the right to escalate inquiries to the Information Commissioner's Office (ICO).

7. Electronic Privacy & Cookie Disclosure

This website is a clinical information tool.

Consent Exemptions: We utilize only "strictly necessary" cookies for site security and fault detection. We do not use invasive tracking, marketing pixels, or third-party analytics.

Security Monitoring: Our digital environment is monitored to preserve the confidentiality of visitor engagements and prevent hostile collection.