Skip to main content
    MySecuritas

      Privacy Policy

      General Privacy Notice

      General Privacy Notice

      General Privacy Notice 

      1. About this Privacy Notice 

      We at Securitas ("Securitas", "we" or "us"), affiliated companies worldwide (“Securitas Group”), are a multinational global security firm focused on delivering protective and digital services for our clients. We respect your integrity, and this General Privacy Notice describes how we collect and process personal data about you. This General Privacy Notice applies to the personal data processing towards any: 

      Client or prospective clients, 

      Visitors of our premises, 

      Suppliers, prospective suppliers or other third parties providing services to us, 

      Visitors of our websites and social media channels, 

      Business events attendees, 

      Other third parties whose data is obtained from publicly available sources or/and shared by other third parties, being natural persons or legal persons (their employees, representatives, or other staff) whose personal data we process). 

      This General Privacy Notice covers typical data processing within the scope of our economic activity. Please note that since Securitas is an international company, this General Privacy Notice may be replaced or supplemented in order to fulfill local requirements, as well as to provide you with additional information on why and how we process your data. You may also be provided with “just in time” privacy notice before such processing takes place, e.g. if you wish to use our Securitas Integrity Line. 

      1.1 Data controller 

      Where we determine the purpose and means of processing personal data, Securitas will be a data controller. Where we act as a processor in our capacity of providing protective and digital services to our clients, we will only process personal data in accordance with the instructions of our clients and act as a data processor (e.g. your data included in the guards’ reports). 

      Securitas is represented in many countries, and it is generally your local Securitas company that is responsible for the processing of your data. For information on what Securitas company is processing your information and how to get in contact with us, please see the Personal Data Controllers document. You can also contact our global privacy team at: privacy@securitas.com. 

      In the United Arab Emirates, the data controller is Securitas UAE LLC, Office no. 302-303 Hassanicor Bldg., Al Barsha 1, P.O. Box 123209, licensed in Dubai, United Arab Emirates. For any enquiries or to exercise your rights under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), please contact our local Data Protection Officer at siva.subramaniam@securitas.ae.  

      2. How do we get information about you 

      In general, we collect personal data about you directly from you (e.g. when you contact us, providing your feedback, performing concluded agreement, etc.) or from third parties (e.g. your business contact details received from the company for which you work). 

      We may also collect personal data based on the use of our premises (e.g. CCTV system, visitor logbook), our infrastructure (when you receive access to our IT systems) or collected automatically on the basis of your visits on our websites (e.g. through chatbot and cookies on our websites. For further information about cookies, please refer to our Cookie Policy). 

      We may also collect limited personal data from third parties or publicly available sources such as news, announcements, public registers of companies and other sources including services accessible (e.g. to create newsletters or security reports). We apply data minimization and limit the amount of such information collected as much as reasonably possible. We also anonymize or delete all copies of such information before producing any newsletters or reports or otherwise sharing the results of our research and analysis with any third parties. 

      Our services are intended for business visitors and adults. We do not knowingly collect data from children, and we ask that you do not provide any sensitive or special category data (such as health, biometric, or religious data) through our chatbot or websites. 

       

      3. Categories of personal data 

      The following information is processed about you, however, the exact scope of data processed varies depending on relevant circumstances, such as your business relation with us. In general, we may process the following information related to you: 

      CATEGORY 

      EXAMPLES 

      Identity data 

      name, business title, your organization, photographs 

      Contact information 

      address, email, phone number, country 

      Financial information 

      your account to process payment for the services 

      Client service data 

      client matter number, beneficial owner, company announcements and policies, information from messages to us/forms you fill in, including responses to surveys and feedback provided. 

      Marketing and communications data 

      information on when you receive and read marketing communications from us, open email/click data, newsletter requests, events you attend, and marketing preferences. 

      Additional information (marketing) 

      Additional information about the personal data we process in connection with marketing is included with the marketing communications we send you and your interaction with us. 

      Chatbot conversation 

      (anything submitted by a data subject into the chat box when using the chatbot) to navigate website visitor to requested content. 

      Usage, technical, and browsing data 

      your use of our websites, language used, IP address (including information about the company that provides the IP address), log data, device data, unique device identifiers, cookies and other data linked to a device, data usage of our websites, user-generated data. For more information about cookies, please refer to our Cookie Policy. 

      Conversation logs 

      We may retain chatbot conversation logs for up to 13 months for performance measurement, quality improvement, and troubleshooting, after which they are deleted or anonymised. 

      Limited publicly available information 

      From public announcements, news, publicly available data bases or other publicly available sources which will be further included in our newsletters and security reports 

      Information from guards’ reports and third parties 

      Information included in guards’ reports created under the instructions of our clients and other data received from clients (only if permitted under the relevant agreement concluded with the client) and only processed for anonymisation purposes before further use for analytics, enhancement of our services, or development of new services 

      CCTV and physical security data 

      Footage from CCTV or other sources such as visitor logbooks, access-card usage 

       

      4. Processing your personal data 

      4.1. Purpose and the legal basis of processing 

      Securitas only processes your personal data for a specific purpose and only process the minimum relevant personal data to achieve that purpose. We will use your personal data only for the purposes for which it was collected, or for a compatible purpose where a lawful basis exists under the UAE PDPL. 

      We process your personal data only if we have a relevant lawful basis to do so. Where we require your consent, we provide opt-in mechanisms, and you have the ability to withdraw consent at all times. The exact lawful basis depends on the context of our relationship with you and may include consent, contractual necessity (including steps at your request), legal obligation, protection of public interest or the data subject’s interests, or processing data you have made public (PDPL Art. 4). 

      PURPOSE OF THE PROCESSING 

      LEGAL BASES  

      Deliver services to our clients such as protective and digital services 

      Performance of a contract 

      Legal obligation (e.g. compliance with UAE accounting and record-keeping requirements) 

      Operational necessity consistent with PDPL; lawful basis under Art. 4(9) 

      Manage our business relationship with our clients 

      Performance of a contract or consent (as applicable) 

      Lawful basis under PDPL Art. 4(9) and Art. 6 (consent withdrawal rights preserved) 

      Manage payments 

      Performance of a contract; legal obligation 

      Marketing activities, including building client profile and related profiling such as engagement scoring 

      Consent for direct electronic marketing (prospective and existing clients in UAE) 

      Right to withdraw consent at any time (PDPL Art. 17) 

      Profiling limited to consented marketing analytics; no automated decision-making producing legal or significant effects (PDPL Arts. 17–18) 

      Interacting with chatbot 

      Performance of a contract / steps at your request (to respond to inquiries) 

      Limited operational necessity for technical operation 

      Consent required if contact details collected for marketing purposes 

      Quality and staff training purposes 

      Operational necessity consistent with PDPL or consent where required 

      Lawful under PDPL Art. 4(1) and (9) 

      Asking for your feedback and other market research & business development activities 

      Consent or operational necessity, depending on context 

      Clarified to reflect PDPL lawful bases 

      Manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our premises 

      Legal obligation (PDPL Art. 7(1)) 

      Operational necessity consistent with PDPL; security measures per Art. 20 

      Check conflict of interest/ ethic check, beneficial owner, AML, fraud and other background screening 

      Performance of a contract 

      Legal obligation (if required under UAE law) 

      Explicit PDPL lawful bases only 

      Prepare newsletters, security reports and other related content 

      Consent where personal data is used for marketing; otherwise only anonymised or public data processed (PDPL Art. 5 & Art. 4(2)) 

       

       

       

      4.2. Marketing profiling and building client’s profile (data sets matching) 

      Securitas uses profiling in limited circumstances relating to our marketing activities. 
      We may combine limited engagement and interaction data (for example, newsletter opens, website visits, or event participation) to understand your preferences and provide relevant content. This processing will only occur where a lawful basis exists under the UAE Personal Data Protection Law (PDPL), typically your explicit consent for marketing activities. 

      We may use aggregated insights to tailor website content and marketing communications to your interests, provided you have consented to such use. 

      We do not carry out fully automated decision-making that produces legal or significant effects on individuals. Any automated analytics tools are limited to marketing insights, and human review is always maintained (in line with PDPL Articles 17–18). 

      For this purpose, we store one or more cookies that collect limited information for marketing and optimization purposes. These cookies are disabled by default and only activated once you have given explicit consent via our cookie banner. Data collected is used in accordance with your consent preferences and never combined with other personal data without a lawful basis. 

      You can always object to direct marketing and related profiling, and we will always respect your decision. You can always withdraw your consent to prevent your personal data being used this way at any time using the Cookie Settings. You may also contact our Data Protection Officer to exercise your rights or withdraw consent at any time. 

      To learn more about deleting cookies, please see our Cookie Policy. 

      4.3. Transparency about GenAI 

      When using chatbot on our website, you are interacting with a generative AI. This technology allows us to provide automatically generated responses to your inquiries. While the chatbot is trained to be informative and comprehensive, responses may occasionally be imprecise; our marketing and sales personnel can assist you further on request. AI-generated replies are labeled “AI answer.” 

      4.4. How long we keep your data? 

      We retain your personal information only for as long as is necessary to fulfil the purposes we collected it for and no longer than is permitted under the law. Usually, when it’s client or supplier’s relationship, we retain your data as long as it is necessary to perform the contract and then as long necessary for legal and regulatory purposes (e.g. to satisfy accounting and tax obligations). When the processing is based on your consent, we process data until you withdraw it.  

      All personal data is held in accordance with our local data retention policy/ schedule. If you would like more details, please contact us. 

      Chat logs used for performance measurement and troubleshooting are kept for up to 13 months and then deleted or anonymised. 

       

       

      5. Who do we share your personal data with? 

      Securitas will only share your personal data with those who have a legal basis, including the legitimate interest in it. Each time we share your personal data, we will ensure the personal data is used in a manner consistent with this General Privacy Notice and taking into consideration the nature of the data. 

      Service Providers and Subcontractors: Your personal data will be processed by our service providers or subcontractors (including data storage service providers, technical support, and maintenance of the service) on instruction from Securitas. All service providers and subcontractors act as Securitas personal data processors and are under contractual arrangements only allowed to process data for the purposes as set out above. Furthermore, the personal data processor (service provider or subcontractor) and those acting under instructions of the processor will not access more personal data than is required for the performance of the service covered by the agreement with Securitas.   

      Securitas Group: Your personal data may be processed by companies within the Securitas Group that provide services to Securitas in relation to our common internal services, such as IT support, management and administration. In such a case, Securitas Group companies act as Securitas personal data processor, joint controller with Securitas or as a separate data controller. The processor or joint controller may only process personal data under the purposes or instructions provided by Securitas for the processing and only process data for the purposes as set out above. Furthermore, the personal data processor and those acting under the processor's instructions will not access more personal data than is required for the performance of the service covered by the agreement with Securitas. 

      For example, your personal data may be shared within the entities within Securitas Group only if there is a lawful basis to do so, including the legitimate interests above.   

      Public authorities: Securitas shares your personal data with public authorities (such as the police, the tax authority, or other authorities) in response to lawful requests by public authorities (such as regulatory bodies, law enforcement authorities, and national security organizations) as well as to manage and defend legal claims. Public authorities that receive your personal data will be the controller for such processing, which means that it is not Securitas who governs how your personal data is processed if shared with an authority. Thus, if your personal data is shared with authorities, this General Privacy Notice will not cover that subsequent processing. 

      Other third parties: We may also share your personal data with other third parties who acts as a separate data controllers (i.e. not instructed by us) and have a separate privacy notice for such purposes. For example, where necessary to manage and defend legal claims, we share personal data with legal advisors that we have engaged or if we are legally obliged. Other examples of separate data controllers to whom we may share your personal data are: external parties placing cookies on our websites (e.g. YouTube and Spotify) and only if you consent via cookies (please refer to our Cookie Policy for more information). Please note that our websites may contain links to non-Securitas Group websites. The Securitas Group is not responsible for the privacy policies or practices of such websites. You will be clearly informed if the link is to the external service. 

      In relation to our chatbot, we use Leadoo Marketing Technologies Ltd and Clearbit Inc. as technical service providers acting on our instructions. They are contractually bound to maintain confidentiality and not to use Securitas data for AI-model training or any independent purpose. 

       

      6. Where we are processing your personal data 

      Your personal data may be processed in the UAE and the EU/EEA (including Ireland on AWS). We enter into confidentiality and data processing terms with all our partners to ensure they comply with high levels of confidentiality, data protection laws, and best practices in privacy and security standards. 

      Nevertheless, certain services are carried out by subcontractors in third countries. For transfers outside the UAE, we apply PDPL-compliant safeguards, including adequacy (where designated by the UAE Data Office) or contractual protections ensuring an equivalent level of protection (PDPL Arts. 22–23). For further information, please contact us. 

       

      7. How we protect your data 

      Securitas takes appropriate technical and organizational measures to protect your personal data. Securitas is constantly working to protect your personal data from accidental or unlawful destruction, loss or alteration, unauthorized disclosure of, or unauthorized access to the personal data transferred, stored, or otherwise processed by Securitas. 

      Where required by UAE law, we will notify the UAE Data Office and affected data subjects of a personal data breach within applicable timeframes and with the required information (PDPL Art. 9). 

       

      8. Your rights 

      Securitas respects your integrity and your rights under relevant legislation related to the processing of personal data. Under the UAE PDPL, you have the right to: 

      We have the right to request additional information in order to confirm your identity and ensure the request originates from you before fulfilling your request. 

      Details of your rights include: 

      right to receive information about processing purposes, recipients (inside/outside UAE), storage criteria, safeguards for cross-border transfers, procedures to exercise rights, breach actions, and how to complain (PDPL Art. 13), 

      right to access your personal data, 

      right to rectify your personal data if inaccurate or incomplete, 

      right to have your personal data deleted in certain circumstances (i.e. the right to be forgotten), 

      right to restrict processing of personal data in certain circumstances, 

      right to data portability where processing is based on consent or contract and carried out by automated means (PDPL Art. 14), 

      right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes such as direct marketing and related profiling, and to stop processing for direct marketing at any time (PDPL Art. 17), 

      right not to be subject to automated decisions that are based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, and to request human review of such decisions (PDPL Art. 18). 

      To exercise your rights, don't hesitate to get in touch with your local Securitas entity or our UAE DPO at siva.subramaniam@securitas.ae may also lodge a complaint with the UAE Data Office (PDPL Art. 24). 

       

      9. Changes to this General Privacy Notice 

      We reserve the right to change this General Privacy Notice. If we make any significant changes to this General Privacy Notice, we will notify you by displaying a notice on our Securitas website or by communicating to you directly. Please note that pure editorial or similar minor changes will not prompt specific information. 

      This General Privacy Notice was last updated on 03 November 2025. 

      Set my preferences

      You can decide how we use cookies on your device by adjusting the settings below. Click on “Accept all” if you accept all cookies. In this list of cookies you can choose the cookies that you would like to accept. If you do not accept the Google Analytics cookies to be stored, please leave the box unchecked. If you do not accept the Microsoft application insight cookies to be stored, please uncheck the box. All other cookies are considered as strictly necessary in order for you to be able to use and interact with the website and can therefore not be unselected. When you have made your choice, scroll down the list and then click on the “Confirm my choices” button in the bottom of the list. Please be aware that if you disable cookies you will not have access to the full functionality of the website.

      • Name:
        _ga

        Used to distinguish users. A unique identifier associated with each user is sent with each hit in order to determine which traffic belongs to which user. This cookie enables the website's owner to track a visitor’s behavior and measure the website's performance. The main purpose of this cookie is to improve the website's performance.

        Name:
        _gat

        Used to throttle request rates for information on the website. This cookie does not store any user information. The main purpose of this cookie is to improve the website's performance.

        Name:
        _gid

        Used to distinguish users. This cookie enables the website's owner to track a visitor’s behavior and measure the website's performance. The main purpose of this cookie is to improve the website's performance.

      • Name:
        ai_session

        Speeds up page loading times and overrides any security restrictions that may be applied to a browser based on the IP address from which it comes.

        Name:
        ai_user

        Unique user identifier cookie for counting the number of users accessing an application over time.

      • Name:
        ARRAffinity

        Routes the request made through a web browser to the same machine in the DXC cloud environment. See ARRAffinity - Microsoft Azure. This cookie is deleted when you close your browser.

      • Name:
        __cfuid

        Speeds up page loading times and overrides any security restrictions that may be applied to a browser based on the IP address from which it comes.

      • Name:
        CookiesAccept

        Used to keep track of whether the user has accepted the cookie usage or not. This is not set unless the visitor has clicked on "Accept" in the cookie banner in the bottom of the website. The main purpose of this cookie is to improve the website's performance.

      • Name:
        EPiForm_{FormGuid}:{Username}

        Stores partial form submissions so that a visitor can continue with a form submission upon return. One cookie is created for each form and each logged in visitor. Stores the current submission status of the form (formGuid, submissionID, and if submission is finalized or not).

        Name:
        .EPiForm_BID

        Identifies the form submission made to the site when a visitor submits data via an Episerver form. Stores a GUID as the browser ID.

        Name:
        .EPiForm_VisitorIdentifier

        Identifies the form submission to the site when a visitor submits data to via an Episerver form. Stores a GUID which is the visitor identifier. Persistent (90 days from creation).

      • Name:
        EPI-MAR-<Content GUID>

        Records a visitor’s interaction with a running website optimization test, to ensure that a visitor has a consistent experience.

      • Name:
        ASP.NET_SessionId

        Used to keep track of a user navigating through the website. This is used to transfer information between pages and to store information that the user might reuse on different pages. The main purpose of this cookie is to improve the website's performance.