Privacy Policy & Privacy Notice

Introduction

We are Cyber Rescue Limited (“Cyber Rescue”).  We have a duty to protect, and use in a fair and transparent manner, any personal information that we control, process, record or come into contact with. 

This Privacy Policy and Notice explains how we fulfil those duties. 

This privacy notice includes:

  • Who we are, and our contact details
  • Our privacy principles
  • Why we’re processing people’s personal data;
  • How long we’ll be keeping that data for,
  • Who we’ll be sharing that data with
  • How you can make suggestions, complain, and get in touch

Who we are

Cyber Rescue Limited (“Cyber Rescue”) is a private company registered in the United Kingdom.  We provide consultancy and other services to help organisations to measure and manage risks that relate to cyber attacks.

Our contact details

  • Name:                         Cyber Rescue Limited
  • Address:                      Studio 132, The Light Box, 111 Power Road, London, W4 5PY, England
  • Phone Number:          +44 (0)20 7859 4320
  • E-mail:                         Assistance@CyberRescue.co.uk
  • Website:                      www.CyberRescue.co.uk
  • Registration:               GB 09366826 (with Companies House in England)
  • ICO Registration:        ZB563528

Our privacy principles

Cyber Rescue follows all laws and best practices relating to the privacy of individuals we keep data on, in particular the requirements of the GDPR (the UK General Data Protection Regulation) and subsequent legislation in England and Wales where our HQ is based. 

Cyber Rescue reviews and deletes information that is no longer in use, to minimise the amount of private data we store.  For example, in July 2023, we estimated we hold:

  • in our email system, the work email address of about 3,000 individuals working at organistions we have contacted since 2014, at about 1,000 organisations, as well as the personal email account of about 100 individuals, including those who have applied to work with us.
  • In our secure files, on our laptops and our mobile phones, we hold the telephone numbers of about 300 individuals we sometimes call by phone to deliver our cyber security services
  • In our secure files, on our laptops and our mobile phones, we hold the employment records of about 30 current and former employees.  This data includes personal address, age, financial information, criminal record checks and medical records (eg dates that staff were sick).

Cyber Rescue keeps the information we store secure, as described in our Information Security Policy.

The type of personal data we collect, the context, purpose and use we make of that data:

Context

Types of Data

Purpose for Collection & Use of Data

Customer User Information

We collect the name, username, and contact information, of our customers and their employees with whom we may interact.

We have a legitimate interest in contacting our customers and communicating with them concerning normal business administration such as projects, services, and billing.

Account Information (Customer User)

We collect personal data from our customers when they create an account to access and use the Services or request certain free Services from our Sites. This information could include business contact information such as name, email address, title, company information, and password for our services.

We have a legitimate interest in providing account related functionalities to our users, monitoring account logins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Services.

Contact Information (Vendors)

Users of our service may ask their vendors or service providers to submit company and security related information on our platform (e.g., to complete a security questionnaire). When a user invites a vendor we collect the name and email address of the vendor.

We have a legitimate interest in contacting vendors on behalf of our customers in order to invite them to communicate with companies through our platform. Among other things, the communication allows our customers to efficiently solicit, and receive, security questionnaires, and allows vendors to efficiently solicit, and transmit, security questionnaires. Additionally, we use this information to fulfill our contract to provide Services which may include soliciting, receiving, transmitting, and hosting responses to security questions.

Account Information (Vendors)

We collect personal data from vendors when they create an account to access and use the Services or request certain free Services from our Sites. This information could include business contact information such as name, email address, title, company information, and password for our services.

We have a legitimate interest in providing account related functionalities to our vendor-users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, in some cases, we use this information to fulfill our contract to provide vendor-users with Services.

Cookies and First Party tracking

We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed.

We have a legitimate interest in making our website operate efficiently.

Cookies and Third Party Tracking

We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites.

Where required by law, we base the use of third party cookies upon consent.

Demographic Information

We collect personal information, such as your location and IP address.

We have a legitimate interest in understanding our users and providing tailored services.

Email Inter-connectivity

If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.

We have a legitimate interest in understanding how you interact with our communications to you.

Employment

If you apply for a job posting, or become an employee, we collect information necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number. Providing this information is required for employment.

We use information about current employees to perform our contract of employment, or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and work force operations.

Feedback / Support

We collect personal data from you contained in any inquiry you submit to us regarding our Sites or Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script.

We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries.

Mailing List

When you sign up for one of our mailing lists we collect your email address or postal address.

We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.

Order Placement

We collect your name, billing address, shipping address, e-mail address, and phone number. To the extent that you have elected to pay using a credit card we also take (directly or through our payment processor) your payment card information.

We use and share your information to perform our contract to provide you with products or services.

Surveys

When you participate in a survey we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information.

We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization.

Website interactions

We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.

We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.

Web logs

We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.

We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular and helps us detect and prevent fraud.

In addition to the purposes and uses described above, we use information in the following ways:

  • To identify you when you visit our websites.
  • To provide our Services.
  • To improve our Services and offerings.
  • To promote the security of our Site and Services.
  • To conduct analytics.
  • To respond to inquiries related to support, employment opportunities, or other requests.
  • To send marketing and promotional materials including information relating to our products, services, sales, or promotions, or those of our business partners.
  • For internal administrative purposes, as well as to manage our relationships.

Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you sign up for Services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your Services. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you, for one of the following reasons:

  • Employment
  • Delivering our services to your firm
  • Purchasing services from our firm

We may also sometimes receive and record personal information indirectly, for example:

  • we have seen information in a public space (such as the list of Conference Speakers, or on LinkedIn posts)
  • we have been provided with information by another organisation, for example where we are re-selling a service of another company and they provide the email addresses of the individuals we must engage to deliver the service
  • we have requested information, for example an employment reference, or a health check, or a credit check

We use the information that you have given us in order to contact, select, engage recruit and manage employees, customers, suppliers and other stakeholders.

We may share this information with:

1. Affiliates and Acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.

2. Other Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy.

3. Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third party intermediary.

4. Service Providers. We share your information with service providers. Among other things service providers help us to administer our website, conduct surveys, provide technical support, process payments, and assist in the fulfillment of orders.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You are able to remove your consent at any time. You can do this by contacting us at Assistance@CyberRescue.co.uk
  • We have a contractual obligation.
  • We have a legal obligation.
  • We have a vital interest.
  • We need it to perform a public task.
  • We have a legitimate interest.

How we store your personal information

Your information is securely stored, as described in our Information Security Policy (available on request to Assistance@CyberRescue.co.uk )

We keep personal information for a maximum of seven years, to ensure we can respond effectively and complete the legitimate uses described above.  We will then dispose your information by wiping the files that hold that information.

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete info that is  incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at Assistance@CyberRescue.co.uk if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at Assistance@CyberRescue.co.uk.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

ICO Helpline number: 0303 123 1113.              ICO website: https://www.ico.org.uk

RESPONSIBILITY FOR THIS POLICY

The Managing Director has overall responsibility for the effective operation of this policy but has delegated day-to-day responsibility for overseeing its implementation to Director of Cyber Resilience. All managers have a specific responsibility to operate within the boundaries of this policy, take effective steps so that all employees understand the standards of behaviour expected of them, and to take action when behaviour falls below its requirements. Managers will be given training in order that they may do so.  All staff will receive training on information security, appropriate to their role, and will be required to confirm their compliance in writing, at least once per year.

Version Control:

Version

Date

Approved by

1.1

3rd April 2017

Kevin Duffey

1.2

12th April 2018

Kevin Duffey

1.3

5th April 2020

Kevin Duffey

1.4

13th April 2021

Kevin Duffey

1.5

12th April 2022

Kevin Duffey

1.6

16th July 2023

Kevin Duffey

Approval for this Version:

            Signed:            16th July 2023

            Name:             Kevin Duffey                           Role:   Managing Director

Ends