Phone: 020 3926 6080
‘Personal data’ is defined in law as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This may include but will not be limited to, name(s), email address, telephone number, your client’s data, your employee data. We do not collect or amass personal data outside the delivery of a contract or the purposes of employment, nor do use said information for anything other than delivering the service that you signed up for.
WHAT INFORMATION DO WE PROCESS?
We may from time to time post our client feedback on our website, this may include details such as your name and company. If you would like this removed please contact us at email@example.com.
We use social media to keep you informed about our products and services and also about news that may be of interest to you. We use Linked In and Twitter social media services to achieve this, if you do not wish to receive this information you may unsubscribe from the feed on the relevant social media platform.
HOW DO WE USE THE INFORMATION WE COLLECT / PROCESS ABOUT YOU?
The information that we collect and process about you or on your behalf is used for the following:
- The provisioning of ThreatAware services.
- To bill you for those services.
- To perform credit checks on you or your company.
The length of time we retain your data will depend on the purpose for which we process it. We will retain your information for as long as you are contracted to receive a service from ThreatAware. We may retain some of your data in server logs and backups of associated systems for a period of up to seven (7) years beyond the cessation of contracted services to comply with legal obligations such as regulation or for legal defence. Other retention periods will be defined by yourself within contract.
3RD PARTY SHARING
We will never sell or pass on your details to others for marketing or advertising purposes. It may be necessary to provide your information onto a 3rd party for the delivery of a service that you have requested but we will always ensure that the appropriate safeguards are in place to protect your information prior to transferring. ThreatAware may share your information with parties on our authorised vendors list, our consultants, our staff or providers of services for which you are seeking. Additionally these parties may disclose your information to others for the delivery of the service you have requested; please ensure you have familiarised yourself with their terms and conditions and/or their privacy notices. If you would like a copy of our authorised vendors list please contact us at firstname.lastname@example.org, please note that we will only disclose our vendors list to those that we process data regarding. Where we believe there is a need to investigate, prevent or report illegal activities, suspected fraud, issues pertaining to threats to the physical safety of any person we may pass your information onto other 3rd parties including but not limited to The Metropolitan Police, City Of London Police, City Of Manchester Police, Serious Fraud Office, Information Commissioners Office or the Health and Safety Executive. Where your data is transmitted internationally, outside of the EEA, we shall ensure that enforceable binding contracts are in place in the absence of a suitable data protection legislation. We will not conduct business where there is neither an enforceable contract nor a suitable data protection legislation.
ThreatAware and Priority One IT utilises technical controls such as intrusion prevention and detection systems, anti-virus, firewalls, encryption, internet usage monitoring and role based access to help protect your information from loss, destruction, misuse, unauthorised access or disclosure as part of our Cyber Essentials certification. In addition, we utilise organisational controls such as policies and procedures as part of our ISO/IEC 27001:2005 to govern the technical controls. These two sets of controls combined together ensures that your data is held securely and safely and is only available to you and those you provide access to.
Our website may contain links to other sites that are not controlled by us; therefore we are not responsible for the content or use of these services, whereas we always strive to vet our vendors and those we are associated with in a service provider capacity the use of services outside our control is at your own risk.
We do not knowingly process any information from anyone under 16 years of age. All services are aimed at those aged 18 and over, however if you are a client of ours that uses our hosting services you may upload data pertaining to children to our platform. In this scenario it is your responsibility as the controller of data to notify us so that we can ensure you have the appropriate technical controls in place to safeguard the confidentiality, integrity and availability of this data.
UPDATING YOUR PERSONAL INFORMATION
If you receive a service from ThreatAware, you can modify your personal information by sending us a request to email@example.com with the subject ‘Right to Rectification’. A member of staff will then respond to your request in due course.
You have many rights under the GDPR, they are defined as below:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
If you are an existing client of ours please contact your data controller who will then assist you in exercising your rights with us as a processor. If you are a former employee or had another relationship with ThreatAware and you would like to exercise your rights please contact us at firstname.lastname@example.org
We are committed to providing excellent service, however if you have a complaint about your privacy or the use of your personal data and you are an existing customer of ours, please initially contact your line manager so that they may contact our account management team. Alternatively if you are not a client then please contact us and ask to speak with the Data Protection Officer.
We may be contacted in writing at ThreatAware Ltd, 18 Crucifix Lane, London, SE1 3JW. By phone on 020 3926 6080 or via email at email@example.com.
ThreatAware Ltd incorporated and registered in England and Wales with company number 14505300 whose registered office is at 18 Crucifix Lane, London, United Kingdom, SE1 3JW.