MA² Security Solutions Ltd
Registered in England & Wales: Company No. 16759429
ICO Registration: ZC007590
Registered Office: 48 Abel Street, Burnley, BB10 1QU
Data Controller: Mohammed Ali — mohammedali@ma2security.co.uk
Effective Date: October 2025
Version: 1.0
Privacy Policy (UK GDPR Compliant)
- Data Controller
MA² Security Solutions Ltd
Data Controller: Mohammed Ali
Email: mohammedali@ma2security.co.uk
- Information We Collect
Personal data (name, address, email, phone number, date of birth)
Employment data (CV, job history, qualifications)
Verification documents (ID, SIA licence, DBS certificate)
Employer data (company name, contact person, and billing details)
Analytical data (cookies, IP address, browser type, site usage)
Purpose & Legal Basis
We process data to:
Verify candidate identity (legitimate interest & legal obligation)
Match candidates with employers (contractual necessity)
Maintain platform security (legitimate interest)
Process payments (contractual necessity)
Comply with UK GDPR & ICO requirements (legal obligation)
- Storage & Security
All verification documents are encrypted and stored in AWS S3 (EU/US) with restricted access.
Access is limited to authorised Data Compliance Officers only.
Data is transmitted securely via SSL/TLS encryption.
- Retention Periods
Candidate data: 6 months after inactivity unless renewed.
Employer records: 12 months post-contract.
Transaction data: 7 years (legal obligation).
Verification documents: deleted upon request after review by the Data Controller.
- Your Rights
Under UK GDPR, you have the right to:
Access your data (Subject Access Request)
Rectify inaccurate data
Request deletion (“Right to be Forgotten”)
Restrict processing or data portability
Object to processing based on legitimate interests
Requests can be made via mohammedali@ma2security.co.uk.
We respond within 30 days.
- Sharing Data
We do not sell or trade personal data.
We share limited information only with trusted partners for essential functions:
AWS (data hosting)
Stripe (payment processing)
Google (analytics)
- International Transfers
Where data is stored or transferred outside the UK, it is protected under UK-approved Standard Contractual Clauses (SCCs).
- Data Breach Procedure
In the event of a data breach:
We will notify the ICO within 72 hours, and
Affected users will be informed immediately with guidance.
