Legal

Privacy Policy

Fortify Intelligence Ltd is committed to protecting your personal data. This policy explains how we collect, use, and safeguard information in accordance with UK GDPR and the Data Protection Act 2018.

Last updated: 29 May 2025  ·  Version 1.0

Contents
  1. Who We Are
  2. Data We Collect
  3. Special Category Data
  4. Legal Basis for Processing
  5. How We Use Your Data
  6. Sharing Your Data
  7. Data Retention
  8. Your Rights
  9. Security
  10. International Transfers
  11. Cookies
  12. Changes to This Policy
  13. Contact Us

1. Who We Are

Fortify Intelligence Ltd ("Fortify Intelligence", "we", "us", "our") is a business crime intelligence company registered in England and Wales. We provide intelligence, investigation, and prevention services to businesses across the United Kingdom.

Company NameFortify Intelligence Ltd
Registered AddressUnited Kingdom
Emailinfo@fortifyintelligence.co.uk
ICO RegistrationZC158080

For the purposes of UK GDPR, Fortify Intelligence Ltd is the Data Controller in respect of personal data processed through our website and in the delivery of our services. Where we process data on behalf of our clients, we act as a Data Processor.

2. Data We Collect

We may collect and process the following categories of personal data:

Website Visitors

  • IP address and browser/device information (via analytics and server logs)
  • Pages visited, time on site, and referring URLs
  • Cookie identifiers (see our Cookie Policy)

Business Enquiries & Clients

  • Name, job title, and company name
  • Business email address and telephone number
  • Correspondence and communication records
  • Contractual and billing information

Service Delivery — Intelligence & Investigation

  • Names, descriptions, and identifiers of individuals involved in business crime incidents
  • CCTV footage and images submitted by clients for facial matching
  • Vehicle registration marks processed through our ANPR network
  • Intelligence reports and associated personal data about suspected offenders
  • Information shared by partner organisations and law enforcement in the course of investigations

We collect personal data directly from you, from our clients, from publicly available sources, and from partner intelligence networks. We do not collect personal data from children.

3. Special Category Data

In delivering our Facial Matching Engine and certain intelligence services, we process biometric data (facial images used for the purpose of uniquely identifying individuals). This constitutes special category data under Article 9 UK GDPR.

We process such data on the following bases:

  • Substantial public interest (Schedule 1, Part 2, DPA 2018) — specifically the prevention or detection of unlawful acts, where seeking consent would prejudice the purpose of processing.
  • Legal claims (Article 9(2)(f)) — where processing is necessary for the establishment, exercise, or defence of legal claims, including civil recovery proceedings.

All biometric processing is subject to our Data Protection Impact Assessment (DPIA) and is conducted with appropriate technical and organisational safeguards. Facial matching is performed retrospectively for investigative and intelligence purposes only and is not used for automated decision-making with legal effect.

5. How We Use Your Data

We use personal data to:

  • Deliver our intelligence, investigation, and prevention services to clients
  • Operate our Facial Matching Engine and ANPR network in support of investigations
  • Compile and distribute prevention intelligence alerts to subscriber businesses
  • Support civil recovery proceedings through civil litigation
  • Manage client relationships, contracts, and billing
  • Respond to enquiries and communications
  • Comply with legal obligations and cooperate with law enforcement
  • Improve and develop our services
  • Operate and improve our website

We will not use your personal data for purposes incompatible with those for which it was collected, unless required or permitted by law.

6. Sharing Your Data

We may share personal data with:

  • our civil recovery legal partner acts as an independent data controller for the purposes of legal proceedings.
  • Law enforcement agencies — where required by law, court order, or where we believe disclosure is necessary to prevent or detect crime.
  • Client businesses — intelligence and investigation outputs are shared with the subscribing client who commissioned the work.
  • Partner intelligence networks — anonymised or appropriately safeguarded intelligence may be shared within trusted business crime prevention networks.
  • Technology and IT service providers — third parties who provide infrastructure, software, or support services under data processing agreements.

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.

7. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, and in accordance with our data retention schedule.

  • Intelligence records and investigation files — retained for the duration of any live investigation or civil recovery proceedings, plus a further period as required for legal defence purposes (typically 6 years).
  • Facial matching data — source images and matching results are retained for the duration of the associated investigation and deleted upon completion unless required for ongoing proceedings.
  • ANPR data — vehicle movement records are retained in accordance with the applicable retention period under our ANPR operational policy, generally no longer than 2 years unless linked to an active investigation.
  • Client and commercial records — retained for 6 years following the end of the client relationship, in accordance with statutory requirements.
  • Website analytics data — retained in aggregated or anonymised form after 26 months.

When data is no longer required, it is securely deleted or anonymised.

8. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data. Note that some rights are subject to conditions and exceptions — in particular, certain exemptions apply where processing is for the prevention or detection of crime.

  • Right of access — to obtain a copy of your personal data (Subject Access Request)
  • Right to rectification — to correct inaccurate or incomplete data
  • Right to erasure — to request deletion where data is no longer necessary
  • Right to restrict processing — to limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests
  • Rights relating to automated decision-making — not to be subject to solely automated decisions with significant effects

To exercise any of these rights, please contact us at info@fortifyintelligence.co.uk. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit and at rest
  • Access controls and role-based permissions
  • Regular security assessments and staff training
  • Data minimisation and pseudonymisation where practicable
  • Incident response and breach notification procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals without undue delay.

10. International Transfers

We primarily process personal data within the United Kingdom. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as UK adequacy regulations or Standard Contractual Clauses approved by the ICO.

11. Cookies

Our website uses cookies. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on this page with the date of last update shown above. We will notify clients of material changes where appropriate.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please contact us:

Emailinfo@fortifyintelligence.co.uk
PostData Protection, Fortify Intelligence Ltd, United Kingdom

You also have the right to complain directly to the ICO: ico.org.uk/make-a-complaint