Processing of your personal data (i.e., any information which may potentially allow your identification through reasonable means; hereinafter "Personal Data") is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and for compliance with legal and financial regulatory obligations to which we are subject.
2. What information do we collect?
We collect two types of data and information from Customers.
- Un-identified and non-identifiable information pertaining to a Customer(s), which may be made available or gathered via your use of the Site (“Non-personal Data”).
- We are not aware of a person’s identity from which the Non-personal Data was collected.
- Non-personal Data which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g., the type of browser and operating system your device uses, language preference, access time, etc.) to enhance the functionality of our Site.
- We may also collect information about your activity on the Site (e.g., pages viewed, online browsing, clicks, actions, etc.).
- Individually identifiable information, i.e., information that identifies an individual or may, with reasonable effort, identify an individual (“Personal Data”). Such information includes:
- Device Information - We collect Personal Data from your device. Such information includes geolocation data, IP address, unique identifiers (e.g., MAC address and UUID) and other information which relates to your activity through the Site.
- Contact information - When you use the contact or bookings features on our Site you will be asked to provide us with certain details such as: full name; email or physical address, and other information.
3. Who provides the information we have about you?
The Personal Data and organisation information we hold are mostly provided by yourself:
- When you use or access our Site in connection with your use of our services, such as;
- Using our ‘contact us’ widget; data goes to our Customer Relationship Management (CRM) system;
- Making a booking for a discovery call; data is recorded in our automatic bookings system and shared with our email for notifications and appointments booked in our calendars.
- When you engage our services as a customer or guest speaker (paid and pro bono);
- Your details are added to our cloud hosted Customer Relationship Management (CRM) system;
- For some of our services we will create an account on our cloud hosted Cybility Support Portal;
We may also receive your Personal Data and organisation information from clients that have engaged us as sub-contractors, associate consultants, partners, third-party providers, services, and public registers.
4. What information do we collect?
Typically, we collect the following information at the point of initial contact, via the Site or otherwise:
- First name
- Last name
- Job title
- Job role
- Email address
- Contact phone number (landline and/or mobile)
- Reason for contacting us
In respect of our services, where additional confidential information is required for the purpose of scoping a proposal; we will sign a mutual non-disclosure agreement.
When a formal engagement is underway with a contract in place; we will request access to the minimum confidential information we consider necessary to deliver the service effectively. Whilst not exhaustive, such documentation typically includes everything from technical network architecture diagrams to penetration test reports; from governance documents such as reports to audit committee to project plans and meetings minutes.
5. How do we use it?
We may use the information for the following:
- To respond to requests for information, proposals, or any customer service concerns you may have;
- To deliver our services in performance of a contract;
- To communicate with you and to keep you informed about our latest updates and services;
- To market our websites and products (see more under "Marketing");
- To serve you advertisements when you use our Site (see more under "Advertisements");
- For statistical and analytical purposes, intended to improve the Site.
6. Who do we share it with?
We may transfer or disclose Personal Data to affiliated companies and subcontractors.
- Hosting and operating our Site;
- Providing you with our services, including providing a personalised display of our Site;
- Storing and processing such information on our behalf;
- Serving you with selected advertisements and to assist us in evaluating the success of our advertising campaigns and help us retarget any of our customers;
- Providing you with marketing offers and promotional materials related to our Site and services;
- Performing research, technical diagnostics, or analytics;
We may also disclose information if we have good reason to believe that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our customers, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.
7. Your Rights
You may request to:
- Receive confirmation as to whether personal data concerning you is being processed and access your stored personal information, together with supplementary information.
- Receive a copy of personal data you directly volunteer to us in a structured, commonly used, and machine-readable format.
- Request rectification of your personal data that is in our control.
- Request erasure of your personal information.
- Object to the processing of personal data by us.
- Request to restrict processing of your personal data by us.
- Lodge a complaint with the Information Commissioner’s Office or relevant supervisory authority.
However, please note that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements.
If you wish to exercise any of the above rights or receive more information, please email our Data Protection Officer (“DPO”) at firstname.lastname@example.org.
8. Data Retention
We will keep your personal data for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes and enforce our policies.
We will keep records containing client personal data, account opening documents, communications, and anything else as required by applicable laws and regulations.
Retention periods will be determined considering the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable opportunity.
We may rectify, replenish, or remove incomplete or inaccurate information, at any time and at our own discretion.
A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various purposes. These purposes include allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences, and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services.
The Site uses the following types of cookies:
- 'session cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed;
- 'persistent cookies ' which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in;
- 'third-party cookies' which are set by other online services who run content on the page you are viewing, for example by third-party analytics companies who monitor and analyse our web access.
Cookies do not contain any information that personally identifies you, but Personal Data that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly, and your online experience may be limited.
We also use an open-source tool called “Matomo” (formerly known as Piwik) to collect information about your use of the Site. Matomo collects information such as how often customers access the Site, which pages they visit, when they do so, etc. We use the information we obtain from Matomo only to improve our Site and services. Matomo collects the IP address assigned to you on the date you visit sites, rather than your name or other identifying information. We do not combine the information collected with Matomo with personally identifiable information.
10. Third-party collection of information
11. How do we safeguard your information?
During an engagement we encourage Customer’s to keep their Confidential information stored within their own information systems, providing us with access to it as is necessary. We recognise that this is not always practical.
Although we take reasonable steps to protect information, it is impossible to be 100% secure. We cannot be responsible for the acts of those who gain unauthorised access or abuse our Site, and we make no warranty, express, implied, or otherwise, that we will prevent such access.
- Transfer of data outside the UK
Please note that some data recipients may be located outside the UK. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection or enter into legal agreements ensuring an adequate level of data protection.
We may use your Personal Data such as your name, email address, telephone number, etc., ourselves or by using our third-party subcontractors, for the purpose of providing you with promotional materials concerning our services which we believe may interest you.
To respect your right to privacy, within such marketing materials we provide you with the means to opt out of receiving further marketing offers from us. If you unsubscribe, we will remove your email address or telephone number from our marketing distribution lists.
Please note that even if you have unsubscribed from receiving marketing emails from us, we may send you other types of important email communications without offering you the opportunity to opt out of receiving them. These may include customer service announcements or administrative notices.
- Corporate transaction
We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow the use of our services by minors without prior consent or authorisation by a parent or legal guardian. We do not knowingly collect Personal Data from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without their consent, he or she should contact us at email@example.com.
- How to contact us
If you have any general questions about the Site or the information, we collect about you and how we use it, please contact our Data Protection Officer at firstname.lastname@example.org.