SecureNest Website Privacy Policy
A. Data Security (Our Core Competency)
This Privacy Policy explains how SecureNest (referred to as “we,” “us,” or “our”), a UK-based Cybersecurity Consultancy firm, collects, uses, and protects personal data from visitors to our website and clients who engage our services.
We are committed to protecting the privacy and security of your personal data in accordance with the UK General Data Protection Regulation (GDPR) and other applicable UK data protection legislation.
1. Information About Us
SecureNest Registered Address: [Insert Company UK Address] Email: [Insert Dedicated Privacy/Contact Email, e.g., privacy@securenest.co.uk] Data Protection Officer (DPO): [Insert DPO Name or Contact, if applicable, otherwise state: Available upon request via email.]
2. Data We Collect and Why
We collect different types of data depending on your interaction with SecureNest.
A. Website Interaction Data (for all visitors)
| Data Category | Purpose of Collection | Legal Basis (GDPR) |
|---|---|---|
| Contact Data (Name, Email, Phone) | To respond to enquiries submitted via contact forms or direct emails. | Legitimate Interest (responding to enquiries); Performance of a Contract (pre-contractual steps). |
| Technical Data (IP address, Browser type, Operating System, Timezone) | To ensure website functionality, security, and integrity (e.g., preventing cyber attacks). | Legitimate Interest (security and system administration). |
| Usage Data (Pages visited, duration, referral source) | To analyse website performance, visitor trends, and improve marketing effectiveness. | Legitimate Interest (business development and service improvement). |
B. Consultancy Service Data (for Clients)
As a Cybersecurity Consultancy, we require access to certain data to perform agreed-upon services (assessments, audits, compliance assistance).
| Data Category | Purpose of Collection | Legal Basis (GDPR) |
|---|---|---|
| Client Contact Data (Key personnel names, emails, roles, phone numbers) | To manage the contract, schedule audits, communicate findings, and issue invoices. | Performance of a Contract. |
| Sensitive Operational Data (System reports, Network logs, Policy Documents, Asset Inventories) | To perform tailored security assessments, risk audits, and compliance gap analysis (e.g., for GDPR, ISO 27001 certification readiness). | Performance of a Contract; Legitimate Interest (delivery of specialized security services). |
| Billing Data (Bank details, billing address) | To process payments for services rendered. | Performance of a Contract; Legal Obligation (tax reporting). |
3. How We Use Your Data
- Provide Services: Deliver the agreed-upon security assessments, risk audits, and compliance guidance as defined in our Statement of Work (SOW).
- Communicate: Send essential service-related updates, audit reports, and billing information.
- Security: Detect and prevent fraudulent or unauthorized access to our website and services (critical for a cybersecurity firm).
- Improve Services: Analyze client and website feedback to enhance the effectiveness of our consultancy offerings.
- Marketing (Only with Consent): Send newsletters or information about new services only if you have explicitly opted-in. You can withdraw consent at any time.
4. Data Storage, Security, and Retention
A. Data Security (Our Core Competency)
As security experts, we take the protection of your data seriously. We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. These measures include:
- End-to-end encryption for all data transmissions.
- Strict access controls and robust identity and access management (IAM) protocols.
- Regular security audits and penetration testing of our own systems.
- All client operational data handled during audits is processed and stored in secured environments compliant with relevant standards (e.g., ISO 27001 best practices).
B. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Contractual Data: Retained for the duration of the consultancy contract plus [Insert Number, e.g., six] years to meet legal and accounting requirements (e.g., HMRC in the UK).
- Enquiry Data: Retained for up to 12 months if the enquiry does not lead to a contract, unless consent is given for marketing.
5. Sharing Your Personal Data
We do not sell or lease your personal data to third parties. We may share your data with:
- Sub-processors: Trusted third-party service providers (e.g., secure cloud hosting providers, secure data backup services, payment processors) essential for delivering our services. These providers are bound by strict contractual agreements to keep your data secure and to process it only on our instructions.
- Professional Advisors: Lawyers, bankers, auditors, and insurers based in the UK who provide professional services.
- Legal Obligation: When we are legally required to do so by a court order or regulatory body (e.g., in response to a request from the ICO).
6. Your Legal Rights (UK GDPR)
Under GDPR, you have the following rights regarding your personal data:
- Right to Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can ask us to correct incomplete or inaccurate data we hold about you.
- Right to Erasure (The ‘Right to be Forgotten’): You can ask us to delete or remove personal data where there is no good reason for us to continue processing it.
- Right to Restrict Processing: You can ask us to suspend the processing of your personal data.
- Right to Object to Processing: You can object to the processing of your personal data where we are relying on a legitimate interest.
- Right to Data Portability: You can request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format.
- Right to Withdraw Consent: Where we rely on consent to process your data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us using the details provided in Section 1.
7. Complaints
If you have any concerns about our use of your personal data, please contact us first so we can try to resolve it for you. You also have the right to make a complaint at any time to the relevant supervisory authority in the UK for data protection issues, which is the Information Commissioner’s Office (ICO).
8. Changes to this Privacy Policy
We may update this policy from time to time by publishing a new version on our website. We encourage you to review this policy periodically.