Version 1.0 · Effective date: 1 July 2025
Data Controller: DOORNET LTD · Company No. 16820748
402 The Gateway, Sheffield, S2 5TN, United Kingdom · admin@doornet.co.uk
DoorNet Ltd ("DoorNet", "we", "us") is a technology company registered in England and Wales (Company No. 16820748) with its registered office at 402 The Gateway, Sheffield, S2 5TN, United Kingdom.
DoorNet is the data controller for personal data processed in connection with the Platform. We are responsible for deciding how and why your personal data is used.
For all data protection queries, subject access requests, or complaints, please contact us at admin@doornet.co.uk or by post at DoorNet Ltd, 402 The Gateway, Sheffield, S2 5TN, United Kingdom.
DoorNet is registered with the Information Commissioner's Office (ICO). If you have an unresolved concern, you have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.
This Privacy Policy explains how DoorNet collects, uses, stores, shares, and protects your personal data when you use the DoorNet website at doornet.co.uk, the DoorNet Client web application, and the DoorNet Guard mobile application.
This Policy applies to all users including Guards, Clients (venues and security companies), and website visitors. It complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
When you register and use the Platform as a Guard, we collect: identity data (full name, date of birth, profile photograph); contact data (email, phone number, home address); SIA licence data (licence number, category, expiry date, status); right to work data (nationality, immigration status, Home Office share code); insurance data (PLI policy details); tax data (UTR, collected pre-payout only); work history data (shifts worked, GPS clock-in/out, attendance); performance data (reliability scores, ratings); financial data (bank details for disbursements); device and usage data; and communications via in-app messaging.
When you register as a Client, we collect: company data (name, Companies House number, address); contact data (name, role, email, phone); regulatory data (SIA ACS licence, trade licences); shift data (requirements, locations, booking history); financial data (invoicing, payment); in-app messaging; and usage data.
When you visit doornet.co.uk without registering, we collect: usage data via Google Analytics (anonymised IP, pages visited, session duration); waitlist/signup form data (email, user type); and cookie data as described in our Cookie Policy.
| Purpose | Data used | Legal basis |
|---|---|---|
| Register and manage your account | Identity, contact, compliance | Contract (Art 6(1)(b)) |
| Verify SIA licence | SIA licence number, category, expiry | Legal obligation; Contract |
| Verify right to work | Share code, nationality, immigration status | Legal obligation |
| Match Guards to shifts | Compliance, location, availability, reliability | Contract; Legitimate interests |
| Process bookings and attendance | GPS, clock-in/out, work history | Contract |
| Process payments | Financial data, UTR, bank details | Contract; Legal obligation |
| Maintain audit trails | Shift logs, compliance documents | Legal obligation; Legitimate interests |
| Transactional communications | Email, phone | Contract; Legitimate interests |
| Marketing communications | Email (opted-in only) | Consent (Art 6(1)(a)) |
| Improve the Platform | Usage data, analytics, crash reports | Legitimate interests |
| Investigate fraud or misuse | All relevant account data | Legal obligation; Legitimate interests |
The processing of right to work data (which may reveal nationality and immigration status) constitutes processing of data that is sensitive in nature. We process this data for the purpose of complying with our obligations under UK immigration law and the Security Industry Act 2001, on the legal basis of legal obligation (UK GDPR Article 6(1)(c)) and employment law obligations (Article 9(2)(b)), and only to the minimum extent necessary for compliance verification.
We do not collect data revealing racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health data, or sexual orientation, except where strictly required to verify regulatory compliance and only with your explicit knowledge.
DoorNet does not sell your personal data. We share your data only in the following circumstances:
When a Client posts a shift and a Guard matches to it, DoorNet shares relevant Guard compliance and profile data (name, SIA details, reliability score, PLI summary) with the Client, and shift details with the Guard. This is necessary to perform the matching and booking functions of the Platform.
We use third-party data processors who act on our instructions, including: cloud hosting and database providers; website hosting; web analytics; transactional and marketing email providers; the SIA API; UK Visas & Immigration; and payment processing providers. Full details are available on request.
We may disclose personal data to the SIA or other regulatory authorities, law enforcement agencies, or other parties where required by law.
In the event of a merger, acquisition, or sale of DoorNet's business, personal data may be transferred to the acquiring entity. We will notify affected users before transfer.
Some of our third-party processors (including Google LLC, Bubble Group Inc., Twilio/SendGrid, and Webflow Inc.) are based in or operate infrastructure in the United States and other countries outside the UK. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place including adequacy decisions, standard contractual clauses, or the UK-US Data Bridge.
| Data type | Retention period |
|---|---|
| Account data (active users) | Duration of account + 6 years after closure |
| SIA and compliance verification records | 6 years from date of verification |
| Shift and attendance records | 6 years from shift date |
| Financial records and invoices | 7 years (HMRC requirement) |
| Right to work records | Duration of engagement + 2 years |
| Marketing consent records | Until withdrawn + 1 year |
| Website analytics data | 26 months |
| Waitlist/enquiry emails | Until onboarded or 2 years |
Under the UK GDPR and the Data Protection Act 2018, you have the following rights:
To exercise any of these rights, contact admin@doornet.co.uk. We will respond within one calendar month. There is no charge unless requests are manifestly unfounded or excessive.
DoorNet uses cookies and similar tracking technologies. Our full Cookie Policy explains this in detail. In summary, strictly necessary cookies are always active; analytics, functional, and marketing cookies require your consent.
The Platform is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. All users must be 18 or over to register. If we become aware that we have inadvertently collected data from a minor, we will delete it immediately.
DoorNet implements appropriate technical and organisational measures including encryption in transit and at rest, access controls, regular security assessments, secure deletion procedures, and incident response procedures.
In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, in accordance with UK GDPR Articles 33 and 34.
DoorNet may update this Privacy Policy from time to time. Where we make material changes, we will notify registered users by email and update the effective date above. Your continued use of the Platform following any update constitutes acknowledgement of the revised Policy.
If you have a complaint about how we have handled your personal data, please contact us first at admin@doornet.co.uk. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):