This document is
to outline the policy for processing of personally identifiable information
relating to users of ResponSec's website (www.responsec.co.uk).
This policy applies
to all visitors that come to the website. Depending on the level of interaction
a user has with the website, can depend on the amount of personally
identifiable information processed.
3.1 Identity
& Contact Details of The Controller & The Data Protection Officer
ResponSec Ltd (ResponSec) are a professional,
friendly and considerate organisation, delivering quality security services in
London, the South East, Europe and Africa. ResponSec is committed to protecting
and respecting your privacy whilst remaining compliant with The General Data
Protection Regulation (EU GDPR) and the Data Protection Act (DPA). In order for
us to drive compliance, we work in accordance with our Information Security Management
System which is compliant with ISO 27001:2013.
ResponSec Ltd (ResponSec) are the Data Controller
and have an appointed Data Protection Officer who can be contacted via
email; info@responsec.co.uk.
You can also contact ResponSec via post at; 500
Larkshall Road,Highams Park, London, E4 9HH.
3.2 Purpose
of The Processing and the Legal Basis for the Processing
In order forResponSec to fulfil its contractual and
customer obligations, there is a requirement to collect specific personally identifiable
information relating to our clients such as their employees and other relevant
business information. The legal basis for the processing of such personally
identifiable information is that it is necessary for the performance of a
contract to which the data subject is party or in order to take steps at the
request of the data subject prior to entering into a contract (e.g., service
level agreement).
Should there be a requirement to market at
organisations who have never enquired or bought into our products and/or
services, we shall only do this on the basis that we have received freely
given, explicit Consent.
3.3 Legitimate
Interests of ResponSec Ltd
ResponSec have a legitimate interest in further
processing the information which is provided by clients at the point of enquiry
or sale for marketing purposes.
We may also use your information for other specific
legitimate purposes such as:
•
To ensure that
content from our site is presented in the most effective manner for you and for
your computer.
•
To provide you
with information, products or services that you request from us or which we
feel may interest you, where you have either explicitly consented to or we
believe you have a legitimate interest in.
•
To carry out our
obligations arising from any contracts entered into between you and us.
•
To notify you
about changes to our service.
We do not sell, rent or lease customer lists to
third parties. We may share data with trusted partners to help us perform
marketing, statistical analysis, send you email or postal mail. All such third
parties are prohibited from using your personal information except to provide
these services to us, and they are required to maintain the confidentiality of
your information.
If you are an existing customer, we may contact you
bye-mail, or telephone with information about goods and services similar to
those which were the subject of a previous sale to you.
If you are a new customer, we will contact you by
e-mail or telephone means only if you have consented to this or we are able to
demonstrate that there is a legitimate interest.
3.4 Information we may Collect from you
We may collect and
process the following data about you:
•
Information that
you provide by filling in the contact form on our website www.responsec.co.uk such as:
•
Name • Without
this we won •t know who to contact when responding to an enquiry made by you.
•
Email address • We
use this in order to respond to enquiries made through our website.
•
Phone • If we need
to discuss something with you such as your enquiry or a current contract, we
will use this to contact you.
•
Message -
•
If you contact us,
we may keep a record of that correspondence.
•
We may also ask
you to complete surveys that we use for research purposes, although you do not
have to respond to them.
•
Details of your
visits to our site and the resources that you access.
3.5 Categories of Recipients of the Personal
Data
ResponSec are required to transfer the personal
information provided by its customers to third parties in order to fulfil
contractual obligations and legitimate interests of the organisation. The
following are categories of recipients that customer information could be
transferred to:
All information you provide to us is stored on our
secure systems. Unfortunately, the transmission of information via the internet
is not completely secure. Although we will do our best to protect your personal
data, we cannot guarantee the security of your data transmitted to our site or
to our mailboxes; any transmission is at your own risk. Once we have received
your information, we will use strict procedures and security features to try to
prevent unauthorised access.
We will not disclose your information to any of the
relevant third parties listed above for marketing purposes.
3.6 Details of Transfers to Third Countries
& Safeguards
ResponSec do not make any transfers of personal
data to third countries. All personal data resides within the EEA.
3.7 Retention Period
ResponSec retains all customer information for 7
years after they last interacted with us. Where there has been a period of 7 years
and there has been no interaction between the organisation and the customer,
their information is erased and securely disposed of. Our justification for
retaining this information is that it is necessary for HMRC purposes.
3.8 Rights of Data Subjects
As a Data Subject (individual) which ResponSec
process information on behalf of, you have the right to withdraw from our
processing at any given time. You are able to do this through the contact
details provided on page 1 of this policy. You can exercise the right at any
time by contacting us at info@responsec.co.uk
You have the right to make a Subject Access Request
to ResponSec's Data Protection Officer if you wish to determine what
information we hold on you. You also have the following rights which you may
exercise at any given time by contacting us, right to Rectification, Erasure,
Restriction of Processing, Portability and Objection to processing. We welcome
these requests and aim to respond within 72 working hours of receipt.
You also have a right to lodge a complaint with the
Supervisory Authority (Information Commissioners Office in the UK), should you
feel that we have not handled your information in line with legislative and
regulatory requirements.
3.9 Automated Decision Making, including
Profiling & Information about how decisions are made, the Significance of
the Consequences
We do not use automated decision making or
profiling when processing your personal data.
3.10 Cookies
• We do not use Cookies on this website.
3.11 Changing your Privacy Settings or
Unsubscribing from our Privacy Policy
If you wish to you alter your Privacy settings or
opt-out, you can dothis by emailing our Data Protection Officer at info@responsec.co.uk. Our Data Protection Officer shall provide you
with contact details of our third parties upon request if required.
Alternatively, you can hit the unsubscribe link in one of our marketingemails
which will auto-generate an email you can send to us.
3.12 Changes to our Privacy Policy
We may change this Privacy Policy from time to
time. If we make significant changes in the way, we treat your personal
information, or to the Privacy Policy, we will make that clear on our websites
or by email, so that you are able to review the changes.
3.14 Contact
Questions, comments, and requests regarding this
privacy policy are welcomed and should either be emailed to info@responsec.co.uk or addressed to ResponSec Ltd, 500 Larkshall
Road, Highams Park, London, E4 9HH.