Introduction
We are Cyber Rescue Limited (“Cyber Rescue”). We have a duty to protect, and use in a fair and transparent manner, any personal information that we control, process, record or come into contact with.
This Privacy Policy and Notice explains how we fulfil those duties.
This privacy notice includes:
Who we are
Cyber Rescue Limited (“Cyber Rescue”) is a private company registered in the United Kingdom. We provide consultancy and other services to help organisations to measure and manage risks that relate to cyber attacks.
Our contact details
Our privacy principles
Cyber Rescue follows all laws and best practices relating to the privacy of individuals we keep data on, in particular the requirements of the GDPR (the UK General Data Protection Regulation) and subsequent legislation in England and Wales where our HQ is based.
Cyber Rescue reviews and deletes information that is no longer in use, to minimise the amount of private data we store. For example, in July 2023, we estimated we hold:
Cyber Rescue keeps the information we store secure, as described in our Information Security Policy.
The type of personal data we collect, the context, purpose and use we make of that data:
Context |
Types of Data |
Purpose for Collection & Use of Data |
Customer User Information |
We collect the name, username, and contact information, of our customers and their employees with whom we may interact. |
We have a legitimate interest in contacting our customers and communicating with them concerning normal business administration such as projects, services, and billing. |
Account Information (Customer User) |
We collect personal data from our customers when they create an account to access and use the Services or request certain free Services from our Sites. This information could include business contact information such as name, email address, title, company information, and password for our services. |
We have a legitimate interest in providing account related functionalities to our users, monitoring account logins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Services. |
Contact Information (Vendors) |
Users of our service may ask their vendors or service providers to submit company and security related information on our platform (e.g., to complete a security questionnaire). When a user invites a vendor we collect the name and email address of the vendor. |
We have a legitimate interest in contacting vendors on behalf of our customers in order to invite them to communicate with companies through our platform. Among other things, the communication allows our customers to efficiently solicit, and receive, security questionnaires, and allows vendors to efficiently solicit, and transmit, security questionnaires. Additionally, we use this information to fulfill our contract to provide Services which may include soliciting, receiving, transmitting, and hosting responses to security questions. |
Account Information (Vendors) |
We collect personal data from vendors when they create an account to access and use the Services or request certain free Services from our Sites. This information could include business contact information such as name, email address, title, company information, and password for our services. |
We have a legitimate interest in providing account related functionalities to our vendor-users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, in some cases, we use this information to fulfill our contract to provide vendor-users with Services. |
Cookies and First Party tracking |
We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed. |
We have a legitimate interest in making our website operate efficiently. |
Cookies and Third Party Tracking |
We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites. |
Where required by law, we base the use of third party cookies upon consent. |
Demographic Information |
We collect personal information, such as your location and IP address. |
We have a legitimate interest in understanding our users and providing tailored services. |
Email Inter-connectivity |
If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. |
We have a legitimate interest in understanding how you interact with our communications to you. |
Employment |
If you apply for a job posting, or become an employee, we collect information necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number. Providing this information is required for employment. |
We use information about current employees to perform our contract of employment, or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and work force operations. |
Feedback / Support |
We collect personal data from you contained in any inquiry you submit to us regarding our Sites or Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script. |
We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries. |
Mailing List |
When you sign up for one of our mailing lists we collect your email address or postal address. |
We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services. |
Order Placement |
We collect your name, billing address, shipping address, e-mail address, and phone number. To the extent that you have elected to pay using a credit card we also take (directly or through our payment processor) your payment card information. |
We use and share your information to perform our contract to provide you with products or services. |
Surveys |
When you participate in a survey we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information. |
We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization. |
Website interactions |
We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. |
We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud. |
Web logs |
We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. |
We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular and helps us detect and prevent fraud. |
In addition to the purposes and uses described above, we use information in the following ways:
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you sign up for Services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your Services. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you, for one of the following reasons:
We may also sometimes receive and record personal information indirectly, for example:
We use the information that you have given us in order to contact, select, engage recruit and manage employees, customers, suppliers and other stakeholders.
We may share this information with:
1. Affiliates and Acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
2. Other Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy.
3. Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third party intermediary.
4. Service Providers. We share your information with service providers. Among other things service providers help us to administer our website, conduct surveys, provide technical support, process payments, and assist in the fulfillment of orders.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
How we store your personal information
Your information is securely stored, as described in our Information Security Policy (available on request to Assistance@CyberRescue.co.uk )
We keep personal information for a maximum of seven years, to ensure we can respond effectively and complete the legitimate uses described above. We will then dispose your information by wiping the files that hold that information.
Your data protection rights
Under data protection law, you have rights including:
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at Assistance@CyberRescue.co.uk if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at Assistance@CyberRescue.co.uk.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ICO Helpline number: 0303 123 1113. ICO website: https://www.ico.org.uk
RESPONSIBILITY FOR THIS POLICY
The Managing Director has overall responsibility for the effective operation of this policy but has delegated day-to-day responsibility for overseeing its implementation to Director of Cyber Resilience. All managers have a specific responsibility to operate within the boundaries of this policy, take effective steps so that all employees understand the standards of behaviour expected of them, and to take action when behaviour falls below its requirements. Managers will be given training in order that they may do so. All staff will receive training on information security, appropriate to their role, and will be required to confirm their compliance in writing, at least once per year.
Version Control:
Version |
Date |
Approved by |
1.1 |
3rd April 2017 |
Kevin Duffey |
1.2 |
12th April 2018 |
Kevin Duffey |
1.3 |
5th April 2020 |
Kevin Duffey |
1.4 |
13th April 2021 |
Kevin Duffey |
1.5 |
12th April 2022 |
Kevin Duffey |
1.6 |
16th July 2023 |
Kevin Duffey |
Approval for this Version:
Signed: 16th July 2023
Name: Kevin Duffey Role: Managing Director
Ends