Home Services About Careers Contact
Preview build · Copy and imagery are placeholder and will change before launch
Privacy · UK GDPR

How we handle personal data

This notice explains what information SPIKE SECURITY LIMITED collects, why we collect it, how long we keep it, and your rights under UK data protection law. Last reviewed May 2026.

1. Who we are

SPIKE SECURITY LIMITED (company number 16807138), registered at 475B Cheetham Hill Rd, Cheetham Hill, Manchester, M8 9LR, is the controller responsible for your personal data.

For any data protection enquiry, contact info@spikesecurity.co.uk.

2. What we collect

We collect only what we need to run our business. Depending on how you interact with us this may include:

  • Contact details — name, company, email, phone number — from enquiry forms and direct correspondence.
  • Career information — CV content, licence numbers, employment history — from candidates applying for roles.
  • Service details — site addresses, deployment requirements, operational notes — when clients engage us.
  • Technical data — browser type, pages viewed, approximate location — logged by our hosting provider for security and performance purposes.

3. Why we use it (legal basis)

  • To respond to enquiries and provide quotes — legitimate interest and, where engaged, performance of a contract.
  • To process job applications — legitimate interest in recruitment and, where offered a role, steps necessary prior to entering a contract.
  • To deliver security services — performance of contract with the client.
  • To meet legal and regulatory obligations — SIA licensing, BS 7858 vetting, insurance and HMRC records.

4. Who we share it with

We do not sell personal data. We share it only with parties necessary to deliver our services, under appropriate contractual controls. These may include vetting agencies, our insurers, our auditors, and our IT service providers.

5. How long we keep it

  • Enquiries — 12 months from last contact.
  • Unsuccessful job applications — 12 months, then deleted unless you ask us to keep it on file.
  • Employee and contractor records — duration of engagement plus 6 years as required by HMRC and regulatory rules.
  • Client records — duration of engagement plus 7 years for accounting, insurance and audit requirements.

6. Your rights

Under UK data protection law you have the right to access a copy of your data, correct inaccuracies, request deletion, restrict processing, object to processing, and request a portable copy. To exercise any of these rights, email info@spikesecurity.co.uk. We will respond within one month.

7. Cookies and tracking

This site does not use analytics, tracking pixels, or advertising cookies. Your browser's standard controls can be used to clear or block cookies at any time.

A small number of requests are made to third-party servers when you visit this site:

  • Google Fonts — Typography and iconography are loaded from Google's CDN. Google may log your IP address and browser information as part of this request. Google's privacy policy is available at policies.google.com/privacy.
  • Interactive map (Contact page) — The Contact page embeds an interactive map powered by Leaflet.js, with map tiles served by CARTO and geographic data provided by OpenStreetMap contributors. When the map loads, your browser connects directly to CARTO's and OpenStreetMap's servers. These third parties may log your IP address, browser type, and the map tile coordinates requested as part of their normal server operation. Spike Security Limited does not control or receive these server logs. CARTO's privacy policy is available at carto.com/privacy and OpenStreetMap's at osmfoundation.org/wiki/Privacy_Policy. The map also includes a link to open the location in Google Maps; if you choose to follow that link, Google's own privacy policy applies.

8. Third-party services

Beyond the map and font services described above, we may use other carefully selected third-party providers to support business operations (for example, secure email hosting or document signing). Each provider is bound by appropriate data processing terms and must handle any personal data to a standard compatible with UK GDPR. We do not permit third parties to use personal data we share with them for their own marketing purposes.

9. Security

We take reasonable technical and organisational measures to protect personal data against loss, unauthorised access and disclosure — including encrypted transport, access controls and staff training.

10. Complaints

If you are unhappy with how we have handled your personal data, we would like to hear from you so we can put it right. You also have the right to complain to the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113.

11. Changes to this policy

We may update this policy from time to time. The version in force is the one published on this page. The date at the top of this notice will reflect when the policy was last reviewed.