1. INTRODUCTION

DoorNet Limited ("DoorNet", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform, website, mobile applications, and related services (the "Platform").

This Privacy Policy applies to all Users of the Platform, including security professionals ("Guards") and businesses seeking security services ("Venues").

1.1 Data Controller

DoorNet Limited is the data controller for personal data processed through the Platform.

1.2 Legal Basis

We process personal data in accordance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations 2003
• Other applicable UK data protection laws

2. INFORMATION WE COLLECT

2.1 Information You Provide

For All Users:

• Name, email address, phone number
• Username and password
• Profile information and preferences
• Communications with us
• Feedback, reviews, and ratings

For Guards:

• SIA license number and details
• National Insurance number
• UTR (Unique Taxpayer Reference) number
• Date of birth
• Right to work documentation
• DBS certificate details
• Professional qualifications and certifications
• Work history and experience
• Bank account details for payment
• Insurance policy information
• Availability and scheduling preferences
• Profile photo

For Venues:

• Business name and registration details
• Company registration number
• VAT number (if applicable)
• Business address and operating locations
• Contact person details
• Billing and payment information
• Insurance policy information
• Business license information

2.2 Information Collected Automatically

When you use the Platform, we automatically collect:

• Device information (type, operating system, unique identifiers)
• IP address and approximate location
• Browser type and language settings
• Cookies and similar tracking technologies
• Platform usage data (pages visited, features used, time spent)
• Shift booking and completion data
• Payment transaction information
• Log files and analytics data

2.3 Information from Third Parties

We collect information from external sources to verify credentials:

2.4 Location Data

We collect location information:

• GPS location when you use our mobile app (with permission)
• Check-in/check-out location data during Shifts
• Approximate location from IP address
• Venue location information

You can disable GPS location tracking through your device settings, but this may limit Platform functionality.

3. HOW WE USE YOUR INFORMATION

3.1 Platform Operation

We use your information to:

• Create and manage your account
• Verify your identity and credentials
• Connect Guards with Venues
• Process and manage Shift bookings
• Facilitate payments and invoicing
• Provide customer support
• Send transactional notifications (booking confirmations, payment receipts, etc.)

3.2 Compliance Verification

We use your information to:

• Verify SIA license validity continuously
• Confirm right to work in the UK
• Validate tax registration and UTR numbers
• Check insurance coverage
• Monitor credential expiration dates
• Ensure regulatory compliance
• Prevent fraud and unauthorized access

3.3 Safety and Security

We use your information to:

• Detect and prevent fraud
• Investigate Terms violations
• Ensure Platform security
• Verify identity and prevent unauthorized access
• Respond to legal requests and prevent harm
• Enforce our Terms of Service

3.4 Communication

We use your information to:

• Send booking confirmations and updates
• Provide shift notifications and reminders
• Send credential expiration alerts
• Communicate important Platform changes
• Respond to your inquiries and support requests
• Send administrative messages

3.5 Improvement and Analytics

We use your information to:

• Analyze Platform usage and performance
• Improve Platform features and user experience
• Conduct research and development
• Generate aggregated, anonymized statistics
• Test new features and functionality

3.6 Marketing (With Consent)

With your consent, we may use your information to:

• Send promotional emails about Platform features
• Provide personalized recommendations
• Inform you about special offers or new services
• Send newsletters and updates

You can opt out of marketing communications at any time by clicking "unsubscribe" in emails or updating your preferences in your account settings.

4. LEGAL BASIS FOR PROCESSING

We process your personal data under the following legal bases:

4.1 Contractual Necessity

• Account creation and management
• Shift booking and payment processing
• Platform service delivery

4.2 Legal Obligation

• SIA license verification (regulatory compliance)
• Right to work checks (immigration law)
• Tax verification (HMRC requirements)
• Financial record keeping
• Response to legal requests

4.3 Legitimate Interests

• Fraud prevention and security
• Platform improvement and analytics
• Customer support
• Network and information security

4.4 Consent

• Marketing communications
• Optional location tracking
• Cookies and similar technologies (where required)
• Third-party data sharing beyond what's necessary for service delivery

5. HOW WE SHARE YOUR INFORMATION

5.1 With Other Users

5.2 With Verification Services

We share information with third parties to verify credentials:

• SIA (Security Industry Authority): SIA license number, license type and validity queries
• Home Office: Right to work documentation, verification requests
• HMRC: UTR number, tax registration verification
• DBS: DBS certificate numbers, status check requests
• Insurance Providers: Policy numbers, coverage verification requests

5.3 With Service Providers

We share information with trusted service providers who assist us:

• Payment Processors: Bank account details, transaction information, identity verification
• Cloud Hosting Providers: Platform data and backups, user account information
• Analytics Providers: Anonymized usage data, platform performance metrics
• Customer Support Tools: Support ticket information, communication history
• Communication Services: Email addresses for transactional emails, phone numbers for SMS notifications

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.4 For Legal Reasons

We may disclose your information:

• To comply with legal obligations or court orders
• To respond to lawful requests from public authorities
• To protect our rights, property, or safety
• To investigate fraud or Terms violations
• In connection with legal proceedings
• To prevent harm or illegal activity

5.5 Business Transfers

If DoorNet is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you before your information is subject to a different privacy policy.

5.6 With Your Consent

We may share your information with third parties when you provide explicit consent, such as:

• Connecting to third-party services
• Participating in surveys or research
• Sharing information with specific partners

6. DATA RETENTION

6.1 Active Accounts

We retain your personal data while your account is active and for the purposes described in this Privacy Policy.

6.2 After Account Closure

After you close your account:

• Most personal data is deleted within 90 days
• Financial records are retained for 7 years (legal requirement)
• Anonymized data may be retained indefinitely for analytics
• Information required for legal compliance is retained as required by law

6.3 Specific Retention Periods

6.4 Deletion Requests

You can request deletion of your personal data at any time. We will comply within 30 days unless retention is required by law.

7. YOUR RIGHTS

Under UK GDPR, you have the following rights:

7.1 Right of Access

You can request a copy of your personal data. Contact admin@doornet.co.uk to request your data.

7.2 Right to Rectification

You can correct inaccurate personal data through your account settings or by contacting us.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal retention requirements.

7.4 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

7.5 Right to Data Portability

You can request your data in a structured, machine-readable format for transfer to another service.

7.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

7.7 Rights Related to Automated Decision Making

We use automated systems for credential verification. You have the right to:

• Be informed about automated decisions
• Request human review of automated decisions
• Challenge decisions that significantly affect you

7.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

7.9 Right to Complain

8. DATA SECURITY

8.1 Security Measures

We implement industry-standard security measures:

• Encryption of data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Secure authentication and access controls
• Regular security audits and penetration testing
• Employee training on data protection
• Secure cloud infrastructure
• Regular backups and disaster recovery plans
• Network security and firewalls

8.2 Your Responsibility

You are responsible for:

• Keeping your password secure
• Not sharing your account credentials
• Using secure networks when accessing the Platform
• Notifying us immediately of any security breach

8.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours
• Notify affected individuals without undue delay
• Provide information about the breach and steps taken
• Offer guidance on protective measures you can take

9. INTERNATIONAL DATA TRANSFERS

9.1 UK-Based Processing

Your data is primarily processed and stored within the United Kingdom.

9.2 Third-Country Transfers

Some service providers may process data outside the UK. When this occurs:

• We ensure adequate safeguards are in place
• We use Standard Contractual Clauses approved by the ICO
• We conduct transfer impact assessments
• We ensure the third country provides adequate data protection

9.3 Your Consent

By using the Platform, you consent to necessary international data transfers described in this Policy.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies

We use the following types of cookies:

Essential Cookies:

• Required for Platform functionality
• Cannot be disabled without affecting service
• Examples: session management, security features

Performance Cookies:

• Collect anonymized usage data
• Help us improve the Platform
• Examples: analytics, error tracking

Functional Cookies:

• Remember your preferences
• Enhance user experience
• Examples: language settings, location preferences

Marketing Cookies:

• Used for advertising and personalization
• Require your consent
• Examples: ad tracking, remarketing

10.2 Cookie Management

You can control cookies through:

• Browser settings (to block or delete cookies)
• Our cookie consent banner (to manage preferences)
• Privacy settings in your account

Disabling certain cookies may limit Platform functionality.

10.3 Third-Party Cookies

We use third-party services that may set their own cookies:

• Google Analytics (analytics)
• Payment processors (transaction security)
• Social media plugins (if applicable)

10.4 Do Not Track

Our Platform does not currently respond to "Do Not Track" signals. You can control tracking through browser settings and our cookie preferences.

11. CHILDREN'S PRIVACY

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we become aware that we have collected information from a child without parental consent, we will delete it immediately.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

We will notify you of material changes by:

• Email notification to your registered address
• Prominent notice on the Platform
• In-app notification

Your options:

• Continued use after notification constitutes acceptance
• If you disagree, you may close your account

Version history:

• Version 1.0 - January 2026 (Initial version)

14. SPECIFIC INFORMATION FOR GUARDS

14.1 Sensitive Data

As a Guard, we process special category data including:

• Criminal convictions (through DBS checks)
• National Insurance numbers

We process this data:

• With your explicit consent
• For legal compliance (SIA and employment law requirements)
• With appropriate safeguards

14.2 Continuous Monitoring

Your SIA license and other credentials are monitored continuously. You will receive alerts before expiration, but you remain responsible for maintaining valid credentials.

14.3 Work History

We maintain records of Shifts you complete, including:

• Venues worked at
• Dates and hours worked
• Ratings and reviews
• Payment history

This information may be shared with prospective Venues to facilitate bookings.

15. SPECIFIC INFORMATION FOR VENUES

15.1 Business Information

We collect and verify your business information to ensure legitimacy and compliance with regulations.

15.2 Guard Information Access

You can view Guard information necessary for booking decisions, but you must:

• Use information only for legitimate booking purposes
• Not share Guard information with unauthorized parties
• Comply with your own data protection obligations as a data controller
• Maintain appropriate security for Guard information

15.3 Independent Controller

When you book a Guard, you become an independent data controller for any personal data you collect directly from the Guard during the Shift. You are responsible for your own data protection compliance in this context.