1. Purpose
This document is to outline the policy for processing of personally identifiable information relating to users of ResponSec’s website (www.responsec.co.uk).
2. Scope
This policy applies to all visitors that come to the website. Depending on the level of interaction a user has with the website, can depend on the amount of personally identifiable information processed.
3. Policy
3.1 Identity & Contact Details of The Controller & The Data Protection Officer
ResponSec Ltd (ResponSec) are a professional, friendly and considerate organisation, delivering quality security services in London, the South East, Europe and Africa. ResponSec is committed to protecting and respecting your privacy whilst remaining compliant with The General Data Protection Regulation (EU GDPR) and the Data Protection Act (DPA). In order for us to drive compliance, we work in accordance with our Information Security Management System which is compliant with ISO 27001:2013.
ResponSec Ltd (ResponSec) are the Data Controller and have an appointed Data Protection Officer who can be contacted via email;
info@responsec.co.uk.
You can also contact ResponSec via post at; 500 Larkshall Road, Highams Park, London, E4 9HH.
3.2 Purpose of The Processing and the Legal Basis for the Processing
In order forResponSec to fulfil its contractual and customer obligations, there is a requirement to collect specific personally identifiable information relating to our clients such as their employees and other relevant business information. The legal basis for the processing of such personally identifiable information is that it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (e.g., service level agreement).
Should there be a requirement to market at organisations who have never enquired or bought into our products and/or services, we shall only do this on the basis that we have received freely given, explicit Consent.
3.3 Legitimate Interests of ResponSec Ltd
ResponSec have a legitimate interest in further processing the information which is provided by clients at the point of enquiry or sale for marketing purposes.
We may also use your information for other specific legitimate purposes such as:
-
To ensure that content from our site is presented in the most effective manner for you and for your computer.
-
To provide you with information, products or services that you request from us or which we feel may interest you, where you have either explicitly consented to or we believe you have a legitimate interest in.
-
To carry out our obligations arising from any contracts entered into between you and us.
-
To notify you about changes to our service.
We do not sell, rent or lease customer lists to third parties. We may share data with trusted partners to help us perform marketing, statistical analysis, send you email or postal mail. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information.
If you are an existing customer, we may contact you bye-mail, or telephone with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new customer, we will contact you by e-mail or telephone means only if you have consented to this or we are able to demonstrate that there is a legitimate interest.
3.4 Information we may Collect from you
We may collect and process the following data about you:
- Information that you provide by filling in the contact form on our website www.responsec.co.uk such as:
- Name • Without this we won •t know who to contact when responding to an enquiry made by you.
- Email address • We use this in order to respond to enquiries made through our website.
- Phone • If we need to discuss something with you such as your enquiry or a current contract, we will use this to contact you.
- Message –
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site and the resources that you access.
3.5 Categories of Recipients of the Personal Data
ResponSec are required to transfer the personal information provided by its customers to third parties in order to fulfil contractual obligations and legitimate interests of the organisation. The following are categories of recipients that customer information could be transferred to:
- Accountants
- Data Centres
- External IT Providers
- Management Software
All information you provide to us is stored on our secure systems. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site or to our mailboxes; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will not disclose your information to any of the relevant third parties listed above for marketing purposes.
3.6 Details of Transfers to Third Countries & Safeguards
ResponSec do not make any transfers of personal data to third countries. All personal data resides within the EEA.
3.7 Retention Period
ResponSec retains all customer information for 7 years after they last interacted with us. Where there has been a period of 7 years and there has been no interaction between the organisation and the customer, their information is erased and securely disposed of. Our justification for retaining this information is that it is necessary for HMRC purposes.
3.8 Rights of Data Subjects
As a Data Subject (individual) which ResponSec process information on behalf of, you have the right to withdraw from our processing at any given time. You are able to do this through the contact details provided on page 1 of this policy. You can exercise the right at any time by contacting us at
info@responsec.co.uk.
You have the right to make a Subject Access Request to ResponSec’s Data Protection Officer if you wish to determine what information we hold on you. You also have the following rights which you may exercise at any given time by contacting us, right to Rectification, Erasure, Restriction of Processing, Portability and Objection to processing. We welcome these requests and aim to respond within 72 working hours of receipt.
You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office in the UK), should you feel that we have not handled your information in line with legislative and regulatory requirements.
3.9 Automated Decision Making, including Profiling & Information about how decisions are made, the Significance of the Consequences
We do not use automated decision making or profiling when processing your personal data.
3.10 Cookies
We do not use Cookies on this website.
3.11 Changing your Privacy Settings or Unsubscribing from our Privacy Policy
If you wish to you alter your Privacy settings or opt-out, you can dothis by emailing our Data Protection Officer at
info@responsec.co.uk. Our Data Protection Officer shall provide you with contact details of our third parties upon request if required. Alternatively, you can hit the unsubscribe link in one of our marketingemails which will auto-generate an email you can send to us.
3.12 Changes to our Privacy Policy
We may change this Privacy Policy from time to time. If we make significant changes in the way, we treat your personal information, or to the Privacy Policy, we will make that clear on our websites or by email, so that you are able to review the changes.
3.14 Contact
Questions, comments, and requests regarding this privacy policy are welcomed and should either be emailed to
info@responsec.co.uk or addressed to ResponSec Ltd, 500 Larkshall Road, Highams Park, London, E4 9HH.