Privacy Policy

Privacy / Cookie Policy

 

Introduction

Your privacy and trust are important to us and this Privacy Policy (“Policy”) provides important information about how The National Cyber Management Centre Limited and its subsidiaries (“Company” “we” or “us”) handles personal information.  We are the controller and are responsible for your personal information.  This Policy applies to personal information which we process in the course of doing business with you, including when you purchase a product or service from us (collectively, our “Services”).  We will also collect personal information provided by you through the Company’s website, even if you are not a customer, for example when you sign up to our newsletter.

Please read this Policy carefully and contact us if you have any questions about our privacy practices or your personal information choices.

[This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.]

It is important that you check back often for updates to this Policy. If we make changes we consider to be important, we will let you know by placing a notice on our website and/or contacting you using other methods such as email.

This Policy was last updated on 25th May 2018.

This Policy is provided in a layered format so you can click through to the specific areas set out below.

  1. [THE DATA WE COLLECT ABOUT YOU]
  2. [HOW IS YOUR PERSONAL INFORMATION COLLECTED]
  3. [HOW WE USE YOUR PERSONAL INFORMATION]
  4. [DISCLOSURES OF YOUR PERSONAL INFORMATION]
  5. [INTERNATIONAL TRANSFERS]
  6. [DATA SECURITY]
  7. [DATA RETENTION]
  8. [YOUR LEGAL RIGHTS]

1. The data we collect about you
Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us, including hospitality event preferences and our third parties and your communication preferences.

When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns (“Aggregated Data”).   We do this to find out things such as the number of visitors to the various parts of the site.  Aggregated Data may be derived from your personal information but is not considered personal information in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal information:

Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

2. How is your personal information collected

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you:
  • apply for our Services;
  • create an account on our website;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; or
  • give us some feedback.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns.
  • Third parties or publicly available sources. In addition to collection of technical data, we may receive personal information about you from various third parties public records and Social media as set out below;
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services
  • Identity and Contact Data from publicly availably sources such as Companies House, Register of Inhibitions and the Electoral Register based inside the EU.

3. How we use your personal information

We will only use your personal information when the law allows us to.

Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Please note that we may process your personal information without your knowledge or consent, in compliance with data protection rules, where this is required or permitted by law.

Further detail on the circumstances in which we share personal information is set out below.

Customers

We will collect and store personal information including contact details of our customers and those employees of the customer who are involved in instructing us so that we can provide our Services in accordance with our contract with you.

We may also collect and store personal information about employees of the customer for whom we are providing Services. This information may include names, contact details and/or job role. We are processing this information on behalf of our customer in order to provide them with the Services.

Unless you request us not to do so, we may also contact those employees of the customer who are involved in instructing us on an individual basis about similar services which we offer, this contact may be made by telephone, e-mail or post. We will only do this if it is necessary for our legitimate interests. We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to be contacted in this way.

Suppliers

We will collect and store personal information including contact details of our suppliers and those employees of the supplier who are involved in the delivery of the Services to our customers so that we can receive your goods or services in accordance with our contract with you.

We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We will only do this if it is necessary for our legitimate interests and your interests do not override our interests.

We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to be contacted in this way.

Third parties

We will collect and store personal information including contact details of third parties with whom we are in contact during the delivery of Services to our customers or discussions relating to prospective customers. We process that information because it is in our legitimate interests to do so in order for us to be able to perform our contracts for our customers or pitch for work from prospective customers. We believe that you would reasonably expect us to process your personal information in this way and that your interests do not override our interests.

We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We will only do this if it is necessary for our legitimate interests and your interests do not override our interests.

We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to be contacted in this way.

Prospective customers or prospective suppliers

We will collect and store personal information including contact details of people who we might do business with as a supplier or a customer. We may collect this information from you, when you contact us (including through this website). We will only collect contact information from your website or another third party website if we have identified you specifically as someone who may be interested in receiving services from us or delivering goods or services to us.

For personal information which is collected on prospective customers or prospective suppliers, we may contact you about new business opportunities for us to work together with you and to keep you informed of our activities.  We will only do this if it is necessary for our legitimate interests and your interests do not override our interests.

We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to be contacted in this way.

We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer (a) Identity

(b) Contact

Performance of a contract with you
To process and deliver your order including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(c) Invitation to a hospitality event

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to partake in a prize draw, competition or complete a survey (a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

Necessary for our legitimate interests (to develop our products/services and grow our business)

 

Opting out

You can ask us [or third parties] to stop sending you marketing messages at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a Service purchase or other transaction.

Cookies

The Company and our third-party providers set and use cookies and similar technologies to store and manage user preferences, deliver targeted advertising, enable content, and gather analytic and usage data. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For further information, please see our Cookie Policy

4. Disclosures of your personal information

The Company shares or discloses personal information when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. We do not sell any personal information to third parties.  Below are the parties with whom we may share personal information and why.

  • Our business partners: We occasionally partner with other organisations based in the United Kingdom to deliver the Services, provide content, or to host events, conferences, and seminars. As part of these arrangements, you may be a customer of both the Company and our partners, and we and our partners may collect and share information about you.
  • Our third-party service providers: We partner with and are supported by service providers within the United Kingdon. Personal information will be made available to these parties only when necessary to fulfil the goods or services they provide to us, including (without limitation) software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.
  • We require our business partners and third party service providers to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
  • Third parties for legal reasons: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this privacy notice.

5. International transfers

We do not transfer your personal information outside the European Economic Area.

6. Data security

We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.  In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Data retention

We retain personal information for as long as we reasonably require it for legal or business purposes. In determining data retention periods, the Company takes into consideration local laws, contractual obligations, and the expectations and requirements of our customers and suppliers. When we no longer need personal information or when you request us to delete your information, where this is legal, we will securely delete or destroy it. The length of time that we keep customer and supplier files will depend on the nature of the goods and services provided or received.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personal information are available upon request by using the “Contact Us” option on our website.

8. Your legal rights

We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.

  • Access to personal information: If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.
  • Correction and deletion: You have the right to correct or amend your personal information if it is inaccurate or requires updating. You may also have the right to request deletion or transfer of your personal information; however, this is not always possible due to legal requirements and other obligations and factors. Remember that you can contact us about our use of your personal information by using the “Contact Us” option on our website.
  • Object to processing of your personal information: where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Withdrawal of consent: If we are processing your personal information on the basis that you have given your consent to us processing that personal information, you have a right to withdraw your consent at any time by using the “Contact Us” option on our website.
  • Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Filing a complaint: If you are not satisfied with how the Company manages your personal information, you have the right to make a complaint to the Information Commissioner’s Office (https://ico.org.uk).

Children’s privacy

Our services are not directed to children under 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us.

How to contact us

Please contact us with any requests related to your personal information.

We understand that you may have questions or concerns about this Policy or our privacy practices. Please feel free to contact us in one of the following ways:

 

Email:                   Info@thecyberclub.org

Mail                       The Data Controller,

                                The National Cyber Management Centre Limited

                                20, Imperial Square,

                                Cheltenham. GL50 1QZ