Privacy Policy
1. Who We Are
AXON Fire & Security ("we", "us", "our") is a fire and security systems business operating across the United Kingdom. We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller: AXON Fire & Security
Contact: [email protected]
Phone: +44 7452 892145
ICO Registration: We are registered with the Information Commissioner's Office (ICO) as required under the Data Protection Act 2018. If you have concerns about how we handle your data, you have the right to complain to the ICO at ico.org.uk or by calling 0303 123 1113.
2. What Data We Collect and Why
We collect and process personal data for the following purposes, each with a lawful basis under UK GDPR:
- Name, address, contact details — to provide fire & security services, schedule maintenance and send reminders. Lawful basis: Contract performance.
- Email address — for service reminders, invoices and quote responses. Lawful basis: Contract performance / Legitimate interests.
- Phone number — for engineer scheduling and emergency contact. Lawful basis: Contract performance.
- Site photographs — taken during visits as job completion evidence. Lawful basis: Legitimate interests.
- Digital signatures — confirming completion of work as a legal record. Lawful basis: Contract performance / Legal obligation.
- System installation details — for maintenance scheduling and compliance. Lawful basis: Legal obligation / Contract.
- Quote request details — to respond to your enquiry. Lawful basis: Pre-contractual / Legitimate interests.
- Engineer timesheet data — for payroll processing. Lawful basis: Contract performance / Legal obligation.
3. Data Retention
We retain your personal data only for as long as necessary:
- Customer records and service history — 7 years after contract end (HMRC requirement)
- Job completion records and signatures — 6 years (statutory limitation period)
- Quote enquiries (non-customers) — 12 months
- Engineer timesheets and payroll data — 7 years (HMRC requirement)
- Site photographs — Duration of contract plus 3 years
4. Who We Share Your Data With
We do not sell your personal data. We share it with the following processors only where necessary to deliver our services:
- Supabase Inc. — database and file storage (EU region). Privacy Policy
- Resend Inc. — email delivery for reminders and confirmations. Privacy Policy
- Cloudflare Inc. — website hosting and security. Privacy Policy
All processors are bound by data processing agreements and required to protect your data in accordance with UK GDPR.
5. International Transfers
Some service providers operate outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place including Standard Contractual Clauses or adequacy decisions approved by the UK Government.
6. Your Rights
Under UK GDPR you have the right to: access your data (Subject Access Request, responded to within 30 days); rectification of inaccurate data; erasure where we have no lawful basis to retain it; restriction of processing; data portability; and to object to processing based on legitimate interests. We do not use automated decision-making or profiling.
To exercise any right contact [email protected]. If unsatisfied with our response, complain to the ICO at ico.org.uk.
7. Security
Security measures include: encrypted database storage with row-level access policies; TLS encryption for all data in transit; access restricted to authorised AXON personnel; PIN authentication with automatic lockout for engineer access; email/password authentication with lockout for admin access; private access-controlled file storage. In the event of a breach posing risk to your rights, we will notify the ICO within 72 hours and affected individuals without undue delay.
8. Cookies and Local Storage
We use only strictly necessary session storage — no advertising cookies, tracking pixels or analytics. Session storage maintains your portal login and is cleared when you close your browser tab. The engineer app uses local storage to remember logins and store offline job data. No consent is required for strictly necessary storage under PECR.
9. CCTV Systems at Your Premises
When we install CCTV at your premises, you become the data controller for any footage captured. You are responsible for: displaying ICO-compliant signage; registering with the ICO as a data controller; establishing a footage retention policy; and responding to Subject Access Requests. See our CCTV Data Obligations guide. AXON accepts no liability for any failure by the customer to meet their data controller obligations.
10. Changes to This Policy
We may update this policy periodically. The date at the top shows when it was last revised. Continued use of our services constitutes acceptance of any updates.
11. Contact
Email: [email protected]
Phone: +44 7452 892145
We aim to respond to all privacy requests within 30 days.