Privacy Policy

In this Privacy Policy when we refer to “ThreatAware”, “we”, “us” or “our”, we mean ThreatAware which provides businesses with cybercscurity tools and products as described in more detail on our Website. ThreatAware is committed to protecting the privacy of individuals who use our services or even if you are just visiting our website. If you would like to know more about how we process your personal information, please contact us by one of the following means:

Phone: 020 3926 6080
Email: gdpr@threataware.com

INTRODUCTION

This Privacy Notice gives you information about how we process personal information we come into contact with, via the delivery of a service or via submission to us by you. This notice is relevant to our customers only and does not cover our responsibilities as an employer. Any Personal Information we collect through the delivery of services will be processed in accord with your instructions within contract and where applicable in line with our non-disclosure agreement with you. If you do not agree for the processing of personal information in line with this Privacy Policy, then you should not sign up for any service that ThreatAware provide.

CHANGES TO OUR PRIVACY POLICY

From time to time we may amend this privacy policy to fall in line with changes to legislation, including from not limited to the General Data Protection Regulation 2016, Privacy and Electronic Communication Regulation 2003 and the Data Protection Bill 2017 – 2019. Amendments to this policy will be shown on our website. Last Updated 12/12/2018

PERSONAL DATA

‘Personal data’ is defined in law as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This may include but will not be limited to, name(s), email address, telephone number, your client’s data, your employee data. We do not collect or amass personal data outside the delivery of a contract or the purposes of employment, nor do use said information for anything other than delivering the service that you signed up for.

WHAT INFORMATION DO WE PROCESS?

ThreatAware processes information pertaining to the delivery of a service under contract; this is detailed in the license agreement when the contract offered. The data processed using cookies on this website can be reviewed in the Cookie Policy.

CLIENT FEEDBACK

We may from time to time post our client feedback on our website, this may include details such as your name and company. If you would like this removed please contact us at hello@threataware.com.

SOCIAL MEDIA

We use social media to keep you informed about our products and services and also about news that may be of interest to you. We use Linked In and Twitter social media services to achieve this, if you do not wish to receive this information you may unsubscribe from the feed on the relevant social media platform.

HOW DO WE USE THE INFORMATION WE COLLECT / PROCESS ABOUT YOU?

The information that we collect and process about you or on your behalf is used for the following:

  • The provisioning of ThreatAware services.
  • To bill you for those services.
  • To perform credit checks on you or your company.

DATA RETENTION

The length of time we retain your data will depend on the purpose for which we process it. We will retain your information for as long as you are contracted to receive a service from ThreatAware. We may retain some of your data in server logs and backups of associated systems for a period of up to seven (7) years beyond the cessation of contracted services to comply with legal obligations such as regulation or for legal defence. Other retention periods will be defined by yourself within contract.

3RD PARTY SHARING

We will never sell or pass on your details to others for marketing or advertising purposes. It may be necessary to provide your information onto a 3rd party for the delivery of a service that you have requested but we will always ensure that the appropriate safeguards are in place to protect your information prior to transferring. ThreatAware may share your information with parties on our authorised vendors list, our consultants, our staff or providers of services for which you are seeking. Additionally these parties may disclose your information to others for the delivery of the service you have requested; please ensure you have familiarised yourself with their terms and conditions and/or their privacy notices. If you would like a copy of our authorised vendors list please contact us at gdpr@threataware.com, please note that we will only disclose our vendors list to those that we process data regarding. Where we believe there is a need to investigate, prevent or report illegal activities, suspected fraud, issues pertaining to threats to the physical safety of any person we may pass your information onto other 3rd parties including but not limited to The Metropolitan Police, City Of London Police, City Of Manchester Police, Serious Fraud Office, Information Commissioners Office or the Health and Safety Executive. Where your data is transmitted internationally, outside of the EEA, we shall ensure that enforceable binding contracts are in place in the absence of a suitable data protection legislation. We will not conduct business where there is neither an enforceable contract nor a suitable data protection legislation.

SECURITY

ThreatAware and Priority One IT utilises technical controls such as intrusion prevention and detection systems, anti-virus, firewalls, encryption, internet usage monitoring and role based access to help protect your information from loss, destruction, misuse, unauthorised access or disclosure as part of our Cyber Essentials certification. In addition, we utilise organisational controls such as policies and procedures as part of our ISO/IEC 27001:2005 to govern the technical controls. These two sets of controls combined together ensures that your data is held securely and safely and is only available to you and those you provide access to.

OTHER SITES

Our website may contain links to other sites that are not controlled by us; therefore we are not responsible for the content or use of these services, whereas we always strive to vet our vendors and those we are associated with in a service provider capacity the use of services outside our control is at your own risk.

CHILD DATA

We do not knowingly process any information from anyone under 16 years of age. All services are aimed at those aged 18 and over, however if you are a client of ours that uses our hosting services you may upload data pertaining to children to our platform. In this scenario it is your responsibility as the controller of data to notify us so that we can ensure you have the appropriate technical controls in place to safeguard the confidentiality, integrity and availability of this data.

UPDATING YOUR PERSONAL INFORMATION

If you receive a service from ThreatAware, you can modify your personal information by sending us a request to hello@threataware.com with the subject ‘Right to Rectification’. A member of staff will then respond to your request in due course.

GDPR RIGHTS

You have many rights under the GDPR, they are defined as below:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

If you are an existing client of ours please contact your data controller who will then assist you in exercising your rights with us as a processor. If you are a former employee or had another relationship with ThreatAware and you would like to exercise your rights please contact us at gdpr@threataware.com

CONTACT US

We are committed to providing excellent service, however if you have a complaint about your privacy or the use of your personal data and you are an existing customer of ours, please initially contact your line manager so that they may contact our account management team. Alternatively if you are not a client then please contact us and ask to speak with the Data Protection Officer.

We may be contacted in writing at ThreatAware Ltd, 18 Crucifix Lane, London, SE1 3JW. By phone on 020 3926 6080 or via email at gdpr@threataware.com.

ThreatAware Ltd incorporated and registered in England and Wales with company number 14505300 whose registered office is at 18 Crucifix Lane, London, United Kingdom, SE1 3JW.