Search on this blog

Search on this blog

  • bell-ring
    Get 40% discount for Security Tools Development
Get a free quote
Our Privacy

Privacy Policy

HomePrivacy Policy

1. PURPOSE OF THIS POLICY

The purpose of this document is to ensure that data subjects (individuals) are adequately informed about the collection and use of their personal data by SECZAP in its capacity as a Data Controller.

Ensuring data subjects are informed correctly can help SECZAP to comply with other aspects of the GDPR and build trust with people but getting it wrong can leave SECZAP open to fines and lead to reputational damage.

2. THE POLICY

The GDPR is more specific about the information that Data Controllers need to provide to people about what they do with their personal data. Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.

Data Controllers shall actively provide this information to individuals in a way that is easy to access, read and understand.

If you are processing personal information, on behalf of SECZAP, as a Data Controller, you shall: –

  • Provide individuals with information including (but not limited to): – the purposes for processing their personal data, the retention periods for that personal data, and who it will be shared with. We call this a ‘privacy notice’.
  • Provide privacy notice information to individuals at the time you collect their personal data from them.
  • If you obtain personal data from other sources, provide individuals with privacy information within a reasonable period of obtaining the data and no later than one month.

There are a few circumstances when SECZAP does not need to provide people with privacy information, such as if an individual already has the information or if it would involve a disproportionate effort to provide it to them.

The information SECZAP provides to people will be concise, transparent, intelligible, easily accessible, and it shall use clear and plain language.

We shall regularly review, and where necessary, update our privacy information. We shall bring any new uses of an individual’s personal data to their attention before we start the processing.

 

2.1 What we shall provide

SECZAP shall provide individuals with all the following privacy information: –

  • The name and contact details of our organisation.
  • The contact details of our data protection officer/representative.
  • The purposes of the processing.
  • The lawful basis for the processing.
  • The legitimate interests for the processing (if applicable).
  • The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).
  • The recipients or categories of recipients of the personal data.
  • The details of transfers of the personal data to any third countries or international organisations (if applicable).
  • The retention periods for the personal data.
  • The rights available to individuals in respect of the processing.
  • The right to withdraw consent (if applicable).
  • The right to lodge a complaint with a supervisory authority.
  • The source of the personal data (Note: this is only applicable if the personal data is not obtained from the individual it relates to).
  • The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).
  • The details of the existence of automated decision-making, including profiling (if applicable).

2.2 When we shall provide it

SECZAP shall provide individuals with privacy information at the time we collect their personal data from them.

If we obtain personal data from a source other than the individual it relates to, we shall provide them with privacy information: –

  • within a reasonable of period of obtaining the personal data and no later than one month;
  • if we plan to communicate with the individual, at the latest, when the first communication takes place; or
  • if we plan to disclose the data to someone else, at the latest, when the data is disclosed.
  • SECZAP’s Internal Privacy Notice shall be provided to our employees and contractors and shall not be included in the Company’s External Privacy Notice.

3. DEFINITIONS

Data Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Personal data – any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

4. What we do with your Personal Information

We use your data for the following purposes to enable us to deliver our services to you in the most effective way.

Customer login information is stored in a MySQL database that is held in the India. Data held includes the following:

  • Username
  • Company
  • Email address
  • Phone Number

We also use your data for the following purposes:-

  • To identify if you have notified us that you do not wish to be contacted and/or receive direct marketing information regarding our services and activities;
  • Unless we have identified you do not wish to receive marketing information, as per above – to contact you directly in the future regarding our services, campaigns and/or events (i.e. via postal and electronic marketing);
  • To send you newsletters regarding the Company’s activities.
  • To create publicity materials to promote the Company’s activities – for inclusion on/in our or other website(s), social media, press articles and/or case studies;
  • For use in our internal publications;
  • For financial reporting;
  • For external use such as Annual Review.

5. Who we may share your personal information with

We may share your information with SECZAP technology providers who we engage to support our operations and/or host our data.

 

6. How long we keep hold of your data

We retain the personal information processed by us, only for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for your personal information and other documents is 6 months. Specific retention periods are given in the SECZAP Record of Processing.

 

7. HOW TO COMPLAIN

In the event you wish to complain about our use of your personal information, please contact us. We will look into and respond to any complaints we receive.

You also have a right to lodge a complaint with the Information Commissioner’s Office (ICO) (the UK’s data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website:www.ico.org.uk.

 

8. CHANGES TO OUR PRIVACY POLICY

We keep our privacy policy under regular review and we will place any updates on this web page.

If we believe that the changes are material, we’ll let you know by posting the changes on this website and sending you a message about the changes.