Privacy Policy
This Privacy Notice explains how NetWatch Global Limited a company registered in England and Wales under registered number 08604760 and our registered office is at Alpha Tower, Suffolk Street Queensway, Birmingham, B1 1TT and an affiliate of The Surveillance Group ("NetWatch Global", "us", "we" or "our") manages the personal information that we collect, hold, use, sell, share, retain and disclose and how to contact us if you have any further queries about our management of your personal information.
This Notice also describes the rights that you may have regarding our processing of your personal information under applicable local law.
Who are we?
NetWatch Global provides investigation, intelligence, and data-validation services to insurers, law firms, corporate clients, and public authorities. We specialise in the use of open-source intelligence (OSINT) and publicly available data to support lawful and ethical investigations, claims validation, fraud prevention, and analytical research.
What is our role under Data Protection Law?
NetWatch operates as:
- A data controller for personal data it collects directly (e.g., employee, supplier, or website data, or transforms and derives).
- A data processor for personal data handled on behalf of clients (e.g., during investigations, claims validation, or analytics services).
In all cases, NetWatch ensures processing is consistent with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
What personal information do we collect?
In the course of our business, NetWatch Global may collect personal information about you that is necessary for us to perform our functions and activities. NetWatch Global will only collect personal information about you by lawful and fair means.
The types of personal information we may collect and hold may vary depending on the nature of our interaction with you and may include:
- When you visit our website or interact with us online.
- When you act as a client, supplier, or business contact.
- When you are involved in an investigation or report handled by NetWatch.
- When you apply for a role or work for us.
- When you receive B2B marketing communications
We only collect the minimum amount of personal data necessary for our stated purposes and handle it in line with the principles of lawfulness, fairness, transparency, and data minimisation.
| Data Category | Type and examples | Where is the data obtained from? |
|---|---|---|
| NetWatch Business Data |
• Client and supplier contact details (ie name, company, job title, business email, phone number) • B2B marketing contact data (ie professional contact details of insurance, legal and compliance professionals) • Website / enquiry data (contact-form details, messages, IP address, browser type, device ID, and cookie preferences) • Corporate correspondence (ie emails, invoices, meeting records) |
• Directly from you or your employer during business engagement • Via corporate directories, LinkedIn, or lawful business-to-business data suppliers (e.g. Apollo.io) • Automatically through our website analytics and cookies • Through routine business correspondence or account setup |
| NetWatch Investigations and Services Data |
• Identification data (name, date of birth, nationality) • Contact data (addresses, emails, phone numbers, social-media handles) • Social media and open-source data (posts, images, metadata from publicly visible sites) • Vehicle and location data (registration numbers, photographs, road-traffic footage) • Professional or financial records (insolvency, CCJ, directorship and licence data) • Police and regulatory records (incident reports, evidence logs, crime references) |
• Clients (insurers, law firms, public authorities) providing instructions or case files • Publicly available online sources (social media, news, registries, corporate records) • Regulatory and law-enforcement bodies under lawful access via client agreements • Partner data-providers and licensed databases • Manual gathering by NetWatch analysts under client instruction |
| Employees, Applicants and Contractors |
• Identification and employment data (name, address, date of birth, NI number, contact details) • Recruitment data (CVs, qualifications, references, right-to-work checks) • Screening and vetting data (open-source vetting notes, DBS reference numbers, professional history) • Financial data (bank account for payroll, expenses claims) • Performance and training records (attendance, appraisals, compliance certificates) |
• Directly from you during application or employment • From referees, previous employers, or background-screening providers • From publicly available professional profiles (e.g. LinkedIn) • From clients where specific vetting is contractually required |
| Analytics and Aggregated Data |
• Aggregated and de-identified data (fraud-trend metrics, RTC heatmaps, risk dashboards) • Derived datasets (anonymised statistical outputs, traffic-pattern data, industry benchmarking) |
• Generated internally by NetWatch using de-identified outputs from investigations and client data • Compiled from publicly available data sets and research collaborations |
NetWatch does not intentionally collect special category or children's personal data as a matter of routine.
However, certain investigations or official reports may incidentally include such information (e.g., health data in a police report, sensitive social-media content, or details of a minor involved in a road-traffic collision).
| Type | Handling Approach | Relevant Legal Basis / Safeguard |
|---|---|---|
| Special Category Data (e.g., health, ethnicity, political opinions) | Processed only where strictly necessary for legal claims, fraud prevention, or evidence submission. Access is restricted, and such data is not used for profiling or analytics. | Article 9(2)(f) – establishment, exercise, or defence of legal claims; Schedule 1 Part 3 DPA 2018 – preventing or detecting unlawful acts. |
| Criminal-Offence Data | Occasionally contained in police reports or legal documents. Stored separately, with controlled access and audit logging. | Article 10 GDPR and Schedule 1 Part 3 DPA 2018 – crime prevention, detection, and legal proceedings. |
| Children's Data | Only processed where a minor is mentioned in an incident file (e.g., collision or witness statement). Handled with additional sensitivity; not used for secondary purposes. | Legitimate interests / Legal obligation, with enhanced security and redaction on disclosure. |
For what purposes do we collect, hold, use and disclose your personal information?
In general, NetWatch Global collects, holds, uses and discloses personal information for the following purposes and on the following legal basis:
| Purposes of processing | NetWatch Global Legal Basis |
|---|---|
| NetWatch Business Data Processing | |
| Business Administration Managing client and supplier relationships; performing contracts; issuing invoices; maintaining CRM and records. |
Contractual Necessity and Legitimate interests: business operations & relationship management. |
| B2B Marketing & Communications Informing professional contacts (insurers, law firms, law enforcement) about relevant services; maintaining mailing lists; managing opt-outs. |
Legitimate Interest: Our legitimate interest in informing existing and prospective professional clients about relevant NetWatch services and updates. |
| Website Operations & Security Operating the website, responding to contact-form enquiries, analysing site use, and applying cookie preferences. |
Legitimate Interest: Our legitimate interest in operating a secure and functional website. Consent: We rely on your consent before setting non-essential cookies or analytics tools. |
| NetWatch Investigations & Services Data Processing | |
| Claims Validation Verify incidents, confirm claimant statements, assess loss circumstances. |
Legitimate Interest: Our legitimate interest in verifying insurance claims and preventing fraud. Legal Obligation: We process data required by insurers and regulators to validate claim circumstances. |
| Fraud Detection Identify staged or linked claims and organised rings through OSINT & cross-checking data. |
Legitimate Interest: Our legitimate interest in identifying fraudulent or exaggerated claims using open-source and public data. Public Task: Where we assist law enforcement in the prevention or detection of crime. |
| Underwriting Risk Assessment Assess applicants' risk profiles and likelihood of future claims. |
Legitimate Interest: Our legitimate interest in helping insurers assess risk before issuing or renewing policies. Contractual Necessity: Processing required to perform pre-contract assessments at the client's request. |
| Litigation & Dispute Support Gather evidence to defend or pursue insurance disputes; witness verification; evidence packaging. |
Legitimate Interest: Our legitimate interest in assisting clients with the establishment, exercise, or defence of legal claims. Legal Obligation: Processing necessary to comply with disclosure and evidential requirements. |
| Regulatory & Statutory Requirements Obtain mandatory police reports or documentation to meet insurer or regulatory obligations. |
Legal Obligation: We process police reports and documentation required for regulatory or insurance compliance. |
| Due Diligence (Corporate & Transactional) Vet partners or targets for hidden risks, links, or reputational issues. |
Legitimate Interest: Our legitimate interest in assisting clients to assess partners and transactions for legal, reputational, or financial risk. |
| HR Screening & Employment Vetting (for clients) Perform open-source & reputation checks for regulated industries or sensitive roles |
Legitimate Interest: Our legitimate interest in supporting clients' integrity and compliance checks. Legal Obligation: Processing required to meet contractual or statutory screening requirements. |
| High-Net-Worth / Executive Protection (OPSEC) Identify exposure risks and potential doxxing or extortion threats. |
Legitimate Interest: Our legitimate interest in identifying and reducing online exposure risks for individuals in sensitive roles. |
| Asset Tracing & Recovery Locate individuals or assets for debt recovery or court enforcement. |
Legitimate Interest: Our legitimate interest in locating individuals or assets for lawful recovery and enforcement actions. Legal Obligation: Processing necessary to meet lawful enforcement or court requirements. |
| Law Enforcement Data Infrastructure Support Provide tooling to police and justice bodies. |
Public Task: Processing necessary support law-enforcement agencies. Legitimate Interest: Our legitimate interest in ensuring these systems operate securely, efficiently and effectively. |
| Employees, Applicants & Contractors | |
| Recruitment & Onboarding Collect applications, conduct screening and interviews. |
Contractual Necessity: Processing required to assess candidates and enter into employment or contractor agreements. |
| Employment Administration & Payroll Manage HR records, pay, training and performance. |
Contractual Necessity: Processing required to manage employment records and pay staff. Legal Obligation: Processing required for payroll, tax, and employment law compliance. |
| Compliance & Security Management Ensure access-control, vetting, and confidentiality compliance for client contracts. |
Legitimate Interest: Our legitimate interest in maintaining internal security, confidentiality, and compliance with client requirements. |
| Analytics & Aggregated Data Purposes | |
| Market Intelligence & Pattern Analysis Identify fraud trends and portfolio patterns across industries using aggregated outputs. |
Legitimate Interest: Our legitimate interest in analysing anonymised investigation data to identify industry trends and fraud patterns. |
| Mobility, Safety & Infrastructure Analytics Support urban design and transport policy using anonymised RTC data. |
Public Task: Processing necessary for public-interest research supporting councils and transport authorities. Legitimate Interest: Our legitimate interest in providing anonymised safety insights. |
| Urban Safety & Predictive Risk Modelling Model and predict collision hotspots to improve public safety. |
Public Task: Processing necessary to help public authorities predict and reduce collision risks. |
| Vehicle Safety & OEM Analytics Assess vehicle safety performance and recall risk for manufacturers and regulators. |
Legitimate Interest: Our legitimate interest in assisting manufacturers and regulators to identify vehicle-safety risks. Legal Obligation: Processing required to meet regulatory reporting requirements. |
| Law Enforcement Operational Efficiency Analyse processing metadata and case flows to optimise resources. |
Public Task: Processing necessary for law-enforcement performance and operational improvement projects. |
| Product Development & Service Improvement Use anonymised outputs to train and improve NetWatch tools and processes. |
Legitimate Interest: Our legitimate interest in improving our products and analytical tools using anonymised or aggregated data. |
We also may disclose information in the following circumstances.
- Business Transfers. If we are or may be acquired by or merged with another company, if any of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer your personal information to the other company.
- In Response to Legal Process. We also may disclose your personal information in order to comply with the law, a judicial proceeding, court order, or other legal processes, such as in response to a court order or a subpoena.
- To Protect Us and Others. We also may disclose your personal information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Notice, or as evidence in litigation in which NetWatch Global is involved.
- Aggregate and De-Identified Information. We may share aggregate and de-identified information with third parties for services, research or similar purposes.
Cookies and Similar Technologies
When you visit our website, small data files called cookies may be placed on your device. Cookies help the site operate properly, remember your preferences, and understand how visitors use our pages. We use only a limited number of cookies that are:
- Necessary for our website to function, you can block these in your browser settings but parts of our site will not work
- Used for aggregate analytics (ie Google Analytics) to understand our site and its performance. You are not personally identifiable from these cookies.
- Required to remember your preferences, passwords or enhanced features. These are optional and set only with your consent.
For more information on how to control cookies, visit www.allaboutcookies.org.
Our approach to Profiling and Automated Decision Making?
NetWatch does not carry out profiling or automated decision-making in the sense defined by Article 22 of the UK GDPR.
- Profiling: While our technology and analytic tools may analyse data sets to identify patterns or connections, these activities do not amount to "profiling" under Article 4(4) UK GDPR, as no automated evaluation or inference is used to make individual decisions.
- Automated Decision-Making: NetWatch does not make decisions that have legal or similarly significant effects on individuals. All assessments, risk flags, or insights generated by NetWatch tools are advisory and require human interpretation.
Our technology and analytical tools are designed to assist human investigators, insurers, and legal professionals in reaching their own conclusions, not to make automated determinations about individuals.
NetWatch's systems may organise, analyse, or correlate information to highlight relevant facts, relationships, or indicators (for example, matching public data to verify an incident). However, these outputs are informational only and are always subject to independent human review by NetWatch analysts and by the client organisation before any action or decision is taken. Clients remain responsible for any decisions they take based on our reports or dashboards.
Who do we share your personal information with?
NetWatch Global works with various partners and service providers to deliver its services and improve your experience. We share your personal information with:
- Client Organisations: NetWatch acts as a processor for insurers, law firms, law enforcement bodies, and other professional clients. We share investigation outputs, reports, and analytics data only with the client that commissioned the work.
- Law Enforcement and Regulatory Bodies: Where instructed by our client or required by law, we may share information with police, regulators (e.g. FCA, ICO), or courts in connection with investigations, fraud prevention, or compliance.
- Specialised Subcontractors and Advisors: We may share limited personal data with specialists, solicitors, barristers, or external data experts engaged by NetWatch or its clients to review evidence, defend legal claims, provide professional advice or assist with technical matters.
- Technology and Infrastructure Providers: NetWatch uses reputable third-party service providers to host data, maintain systems, and deliver secure communication tools (for example, Microsoft 365, AWS, and encrypted file-transfer platforms).
- Corporate Affiliates: Certain administrative and support functions (such as HR, finance, and compliance) are carried out within The Surveillance Group structure. Data may be accessed by authorised staff within the group under common control and consistent security policies.
We may also share your personal information with:
- regulatory authorities; and
- parties involved in a prospective or actual transfer of our assets or business.
How do we hold your personal information and manage the data quality and security of your personal information?
NetWatch Global stores your personal information as encrypted electronic data on AWS servers located in the UK, and physical servers located in the UK, all with high level security and access only available by password.
NetWatch Global will take reasonable steps to ensure that personal information that is no longer required, including under any contractual or legal requirement, is destroyed or de-identified in a secure manner. Data within NetWatch Global is set with an expiry date and is automatically destroyed in accordance with our Data Deletion Policy when the expiry date is reached.
Do you transfer personal information overseas?
Our servers are located in the UK. Your personal information may be processed, transferred to, and maintained on servers and databases located outside of the jurisdiction in which you are based and where the privacy laws may not be as protective as your jurisdiction. Where required by applicable law, we have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below in the "Contact Us" section of this Policy.
How do you use your data rights?
Depending on the jurisdiction in which you live, including if you are a data subject in the UK, EEA, or Switzerland, you may have the following rights under applicable local law:
- request information about our processing of your personal information (right to know);
- request a copy of your personal information (right to access)
- rectify, correct, or update the personal information we hold about you (collectively right to correct);
- request deletion of your personal information;
- opt-out of "sales" of personal information or "sharing" of personal information for cross-contextual behavioural advertising purposes (as these terms are defined under applicable law);
- opt-out of targeted advertising;
- restrict or limit our use of your personal information or your sensitive personal information (right to restrict);
- object to our use of your personal information;
- where you have provided consent, withdraw such consent to our processing of your personal information at any time;
- ask that we transfer the personal information we maintain about you to another organisation, or to you, in certain circumstances (right to portability);
- not be unlawfully discriminated against for exercising your rights;
- lodge a complaint with your local data protection authority.
If you wish to exercise any of the above rights, send us an email at legal@netwatchglobal.com headed "Data Subject Request."
Before we process any request, we may ask you for certain Personal Data to verify your identity, and in situations where NetWatch Global is the Data Processor, consult with the Data Controller of your data. Where permitted by local law, we may refuse requests that are unreasonable or impractical. Please allow us a reasonable time to respond to your inquiries and requests in line with local law requirements.
How does NetWatch Global handle complaints?
If you have any concerns or complaints about the manner in which your personal information has been collected or handled by NetWatch Global, please advise us of your concern or complaint in writing and send it to the Data Protection Officer using the email address set out below.
It is our intention to use our best endeavours to resolve any complaint to your satisfaction. However, if you are unhappy with our response, you may contact your local data or privacy authority who may investigate your complaint further.
Contact
For any questions about this privacy notice, our data practices or the way in which you can exercise your rights, you can contact the Data Protection Officer (DPO) by email on legal@netwatchglobal.com.