Privacy & Cookie Policy

InfoSec-Legislation is committed to respecting the privacy of all visitors to its website and of its clients and contacts.  You are invited to read the following privacy & cookie policy to understand how we protect and use and the information that you provide to us or that we retain about you. This will help you to understand what your rights are in relation to information that we hold.

This policy applies to information about living identifiable individuals only.

 

Information gathered from our website

You may choose to provide personal information to us when you register on our website to ask us to contact you. You may be asked to provide information about yourself including your name, title, postal address, telephone number and/or email address.

 

Information gathered automatically

We may also collect information automatically about your access and usage of our website using cookies and other analytical technology. Full details of our data collection methods are included in the ‘Cookie’ section below.  We will use your IP address, which is a numeric code that identifies a computer on the internet, to collect internet traffic data and information on your browser type and computer.  If you do not wish to receive cookies, you may reject them by amending your browser settings, unless they are required for the delivery of our website or services to visitors.

 

Information gathered from third parties

Additionally, we may obtain information about you from legitimate third parties, including existing clients, certification bodies, consultants and other specialists that are known to you or related to your enquiry or requirements.

 

How does InfoSec-Legislation use your information?

We will use your information for the specific purpose(s) for which it has been provided or collected by us, including:

  • to provide information that you may request regarding the services we offer, including whether we can assist with consultancy or audit engagements
  • to contact you to introduce our consultancy or audit services
  • to provide our clients with consultancy or audit services including referrals to other certification bodies, consultants and specialists both in the UK and overseas, as appropriate
  • to comply with our statutory and regulatory obligations
  • to deal with any feedback, queries or complaints that you may have

We may also use the information that we collect about you for marketing and business development purposes, including:

  • to provide information about InfoSec-Legislation and the services we provide, which may be of interest to you, by sending you specific information or periodic newsletters
  • to provide you with updates on relevant areas of our consultancy and audit activities
  • to contact you about other activities and events that we may undertake

Information gathered by cookies and similar analytical technologies are used to measure and analyse information on visits to our website, to update the website to improve the visitor experience and to improve technical performance. We will not use the data to identify you personally or to make any decisions about you.

Furthermore, we may use your information to administer, support and improve our business generally and to enforce our legal rights.

 

Legitimate grounds for processing your information

We must have a lawful basis for processing your information.  This will vary depending on the circumstances for obtaining your information, but will typically include:

  • the activities are within our legitimate interests as a consultancy seeking to engage with and provide services to prospective and current clients
  • you have given consent for us to process your information in relation to our marketing activities
  • we are completing necessary steps in relation to you entering into a contract with InfoSec-Legislation, because you wish to engage us to complete consultancy or audit activities for you
  • the processing is necessary for compliance with legal obligations that we are subject to

 

Marketing

If you become a client of InfoSec-Legislation, we may use your personal information to send you information that we think may be of interest to you or your business. This falls within our legitimate interests as a consultancy to use your information for marketing purposes.

You will be given the opportunity to confirm whether or not you wish to receive direct marketing materials and communications from us, either at the time you provide your details and/or within the marketing communication itself.

At any point, if you change your mind about being contacted by us, or any of your personal details change, or you believe that any information we hold about you is either inaccurate or out-of-date, please contact us by email or write to us at InfoSec-Legislation c/o PCML Consultants Ltd., Charlton House, Dour Street, Dover, Kent, CT16 1BL.

 

Disclosure of your information

The information you provide to InfoSec-Legislation will usually be held on our computers in the UK or France and accessed by staff working in the UK. Information you provide to us may be transferred to, stored or processed by third party organisations which process data on our behalf. These third parties may store or process your information in the UK or elsewhere, including outside the EEA. These third parties may include suppliers of administrative and support services, suppliers of other specialist products or outsourced IT applications and systems, including cloud-based platforms.

We may also transfer your information to other consultants or specialists with whom we are working or to whom we are referring you for additional or separate activities.

Additionally, we may be obliged to disclose information under certain laws, by order of court or other competent regulatory body or may be permitted to disclose it under applicable data protection laws.

Finally, if InfoSec-Legislation merges with another business entity, divests part of its business or carries out internal corporate restructuring, your information may be disclosed to our new business partners or owners or the new corporate entities.

We will take all reasonably practicable measures to ensure that your data is treated securely and in accordance with this privacy policy.

 

Protection of your information

We have implemented relevant administrative, technical and physical controls for our website, which are designed to mitigate the risk of loss, misuse, unauthorised processing or disclosure of the personal information that we hold.

Where we transfer information to third parties to enable them to process it on our behalf, we ensure that these third parties can meet or exceed relevant legal or regulatory requirements for transferring and securing information under their control.  We will also ensure that where information is transferred to a country or international organisation outside of the UK / EEA, we will comply with the relevant legal rules governing such transfers.

We will retain your personal information for no longer than necessary for the purposes that it was collected. Details of our information retention policy is available upon request.

 

Your rights

You have certain rights in relation to your personal information.  However, these rights do not apply in all cases or to all information that we hold about you. In certain circumstances, we may need to continue to hold and process information to establish, exercise or defend our legal rights. Additionally, your rights may not be enforceable until the EU General Data Protection Regulation 2016 (GDPR) comes into force on 25 May 2018.

You have the right to request that we:

  • Provide you with a copy of the personal information that we hold
  • Update your personal information where it is incorrect or out-of-date
  • Delete personal information that we hold
  • Restrict the way in which we process your information
  • Consider any valid objections to our processing of your personal information
  • Provide information you have given to us to a third-party provider of services, where our lawful basis for processing is consent and where processing is automated

We will respond to your request, including providing information on whether the rights apply in the particular circumstances, within the statutory time period. If we are unable to confirm your identity, we may require you to provide further information in order for us complete verification of your identity.

 

Changes to this policy

We may make changes to this policy from time to time as our business, internal practices or applicable laws change.  We will not make any use of your personal information that is inconsistent with the original purposes for which it was obtained or otherwise than is permitted by applicable law.  If we intend to use your information for any other purposes, we will notify you in advance, wherever possible.

 

How to contact us

If you would like to contact us to discuss this policy or how we use your personal information, to exercise your rights, to provide feedback or make a complaint about use of your information, please contact us as follows:

  • Paul Potts – Director and Data Protection Manager
  • Please contact us by email
  • InfoSec-Legislation c/o PCML Consultants Ltd., Charlton House, Dour Street, Dover, Kent, CT16 1BL.

You can also contact the Information Commissioner’s Office for information, advice or to make a complaint.  The ICO can be contacted online at https://ico.org.uk

 

Cookies

Cookies, including browsers or tracking cookies, are small text files that are added to your computer when you visit a website. They help websites to perform certain functions, including knowing who you are if you log into a restricted part of a website and for tracking purposes.

At InfoSec-Legislation we use the following cookies:

    • Google Analytics

We use Google analytics cookies on the website for tracking purposes. The cookies allow us to understand general traffic to our website, including the number of visitors and length of time on the website. This process collects anonymous data to help us develop the website, make improvements and enhance the user experience.

    • Privacy Preferences

We use a tracking cookie, which is added to your computer to remember your cookie preferences, including whether you have allowed or disallowed them.

    • Client Services

For areas of our website that are password protected, an essential cookie is added to your computer, which is then automatically deleted after your session has ended.

 

v1.0 – 19th March 2018

administrator