Privacy Policy

Praesova Ltd ("Praesova", "we", "us", "our") is the data controller responsible for your personal data. We operate a two-sided marketplace connecting SIA-licensed security professionals with clients who require security services across the United Kingdom.

We are registered with the Information Commissioner's Office (ICO) under registration number ZB123456. Our registered office is:

This policy applies to all users of the Praesova platform, including security professionals ("Professionals") and organisations or individuals hiring security staff ("Clients").

The data we collect depends on whether you are a Professional or a Client, and how you interact with our platform.

For Security Professionals:

• Identity data: Full name, date of birth, profile photograph
• Contact data: Email address, phone number, town/city of residence
• SIA licence data: Licence number, licence type, issue date, expiry date (self-declared)
• Professional data: Work history, qualifications, skills, certifications, references
• Availability data: Calendar availability you set on your profile
• Financial data: Preferred hourly rate, payment details for receiving funds (processed via our payment provider)
• Bid data: Job applications, bid amounts, cover notes, outcome records

For Clients:

• Identity data: Full name (or authorised representative's name)
• Contact data: Email address, phone number
• Company data: Company name, Companies House number (if applicable), registered address, nature of business
• Job posting data: Job descriptions, requirements, location, dates, pay rates
• Payment data: Billing information processed via our payment provider

For Training Enquiries:

• Contact data: Name, email address, and phone number submitted when applying for a training course listed on our platform
• Preference data: Preferred course start date and any additional information you voluntarily provide

Automatically collected data (all users):

• IP address and approximate location
• Browser type and device information
• Pages visited and time spent on platform
• Session tokens and authentication records

Purpose	Description	Applies To
Account creation & authentication	Creating and managing your account, verifying your identity, maintaining session security	All users
SIA licence display	Storing and displaying self-declared SIA licence details on professional profiles	Professionals
Marketplace operation	Enabling job postings, anonymous bid submission, shortlisting, and hiring workflows	All users
Anonymous bidding	Presenting your profile to clients without revealing your identity until shortlisted	Professionals
Payment processing	Processing platform fees and payments via our third-party payment provider	All users
Platform safety	Detecting fraud, abuse, or misuse of the platform and enforcing our terms of service	All users
Communications	Sending transactional emails (bid updates, job confirmations, account notifications)	All users
Platform improvement	Analysing usage patterns to improve features and user experience (anonymised where possible)	All users
Training enquiry processing	Forwarding your contact details to the relevant training provider when you submit a course application through our platform, with your explicit consent	Course applicants
Legal compliance	Maintaining records required by law, responding to legal requests	All users

We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

Under UK GDPR, we must have a valid legal basis for each processing activity. We rely on the following:

• Contract performance (Article 6(1)(b)): Processing necessary to provide the Praesova service you have contracted for — account management, job matching, bid processing, payments.
• Legal obligation (Article 6(1)(c)): Processing required to comply with applicable law — including identity verification obligations, financial record-keeping, and responding to law enforcement requests.
• Legitimate interests (Article 6(1)(f)): Processing for fraud prevention, platform security, and service improvement, where our interests are not overridden by your rights.
• Consent (Article 6(1)(a)): Where we ask for your consent (e.g. marketing emails), you may withdraw it at any time without affecting prior processing.

We do not sell your personal data. We share data only where necessary and with appropriate safeguards in place.

Recipient	Purpose	Safeguards
Clients (anonymised)	Clients see anonymised Professional profiles when reviewing bids. Identity revealed only on shortlisting and with Professional awareness.	Contractual controls; identity locked by default
Payment processor	Processing platform fees and paying Professionals	PCI DSS compliant; Data Processing Agreement in place
Cloud hosting provider	Storing platform data securely	UK/EEA data residency; ISO 27001 certified
Email service provider	Sending transactional notifications	Data Processing Agreement; limited to transactional use
SIA register (public)	Professionals may self-verify their own details via the SIA public register	Not accessed by Praesova; user-directed only
Training providers	Passing your name, email address, and phone number to the specific training provider you apply to, so they can process your course enquiry and contact you	Your explicit consent given at point of application; providers are contractually prohibited from using data for any other purpose
Law enforcement / regulators	Responding to lawful requests or court orders	Only where legally required; minimum data disclosed

We do not transfer personal data outside the UK or EEA without appropriate safeguards (Standard Contractual Clauses or UK adequacy decisions).

We retain data only for as long as necessary for the purposes described in this policy, or as required by law.

Data Type	Retention Period	Reason
Active account data	Duration of account + 2 years	Service provision and dispute resolution
SIA licence details	Duration of account	Displayed on profile; deleted when account closes
Bid and job records	6 years after completion	Legal and financial record-keeping requirements
Payment records	7 years	HMRC / tax compliance
Security & audit logs	12 months	Fraud detection and incident investigation
Training enquiry data	90 days from submission	Sufficient time for the training provider to respond; deleted thereafter
Deleted account data	30 days (then purged)	Grace period for accidental deletion requests

When data is no longer required, it is securely deleted or anonymised. You can request deletion at any time subject to our legal retention obligations — see Your Rights.

We implement technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure.

• Encryption at rest: All personal data is encrypted in our database using AES-256.
• Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.3.
• Password hashing: Passwords are hashed using bcrypt with a high work factor. We never store plaintext passwords.
• Access controls: Role-based access ensures staff can only access data necessary for their function.
• Session management: Short-lived JWT tokens with refresh rotation. Sessions expire after 24 hours of inactivity.
• Anonymous bidding: Professional identity is technically isolated from bid data shown to clients until the shortlisting threshold is reached.
• Security audits: We conduct annual penetration tests and regular vulnerability assessments.

We use cookies and similar technologies to operate the platform and improve your experience.

Cookie Type	Purpose	Consent Required?
Strictly necessary	Authentication sessions, CSRF protection, load balancing	No — essential to service
Functional	Remembering preferences (filters, dark mode, language)	No — legitimate interest
Analytics	Understanding how pages are used (anonymised aggregates)	Yes — opt-in consent
Marketing	We do not use marketing or third-party advertising cookies	N/A — not used

You can manage cookie preferences via your browser settings. Disabling strictly necessary cookies will impair your ability to use the platform.