background.png

Privacy Policy

SOUTH WEST CYBER RESILIENCE CENTRE LTD PRIVACY POLICY 

 

This privacy policy sets out how South West Cyber Resilience Centre ltd uses and protects any information that you give us when you use this website or otherwise interact with the Centre.

South West Cyber Resilience Centre ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this policy.

This policy is effective from 19 May 2021. South West Cyber Resilience Centre ltd may change this policy from time to time. We will notify you of any substantive changes to the policy which affect you. Where this policy is provided to an organisation, and its content affects or may affect individuals which work for or on behalf of that organisation, the organisation should ensure that this policy is brought to the attention of those individuals.

This privacy policy should be read in conjunction with the Centre’s website terms and conditions, our cookies policy, website privacy policy, and any supplementary privacy policies which are provided to you in connection with specific processing activities.

South Est Cyber Resilience Centre ltd (collectively referred to as “SWCRC”, “we”, “us” and “our” in this Privacy Policy) is a company registered in England with registered number 13407119 and registered address at Joint Emergency Services Building, Wimborne Road, Poole, Dorset BH15 2BP.

This privacy policy contains the following information:

1          Data we collect about you

2          How your personal data is collected

3          How we use your personal data

4          Disclosures of your personal data

5          International transfers

6          Data retention

7          Your legal rights

8          Contact us

 

  1. Data we collect about you
     

The categories of personal data that we may collect about you include:

  • Identity Data: title; first name; last name; nationality; National Insurance number; copies of identity documents

  • Contact Data: address; email address; telephone number(s); social media and communications platform aliases; company or organisation; role

  • Technical Data: internet protocol (IP) address; browser type and version; time zone setting and location; browser plug-in types and versions; operating system and platform; and the device used to access this site.

  • Usage Data: information about how you use our website.

  • Marketing and Communications Data: your preferences in receiving marketing from us and our third-party partners; topics of interest; your opinions regarding our services; communications between us; your communication preferences (you may receive marketing communications from us if you have requested information from us or have negotiated for or contracted to receive our services and you have not opted out of receiving that marketing).

  • Contractual and Transactional Data: agreements between us or which you enter into on behalf of an organisation; services you request and/or we provide to you.

  • Financial and Payment Data: bank account; credit/debit card numbers; sort code; CVC code; expiry date; related billing information.

  • Screening Data: identification and contact information concerning registered officers, and individuals with significant control; information regarding criminal and regulatory investigations, findings and convictions of individuals with significant control, registered officers and staff; the expertise, professional qualifications and certifications of registered officers and staff; and, public domain information regarding individuals with significant control, registered officers and staff.

  • Education and Work Data: academic institutions; employers; qualifications; experience; references.

  • Special Category Data: racial or ethnic origin; religious or philosophical beliefs; trade union membership; health; sexual orientation.

  • Other Data Necessary for the Provision of our Services.

 

2. How your personal data is collected
 

We may obtain your personal data:

  • directly from you;

  • from individuals or entities acting on your behalf;

  • from our clients;

  • from your organisation;

  • when you or your organisation browse, complete a form or make an enquiry or otherwise interact with us via our website, social media or other platforms;

  • from search engine and web analytics providers;

  • by referrals;

  • from our professional advisers, including, without limitation, our insurers, legal advisers and accountants;

  • from courts, law enforcement bodies, regulators, government departments or agencies, lawyers or other parties; and/or

  • from the public domain.

 

3. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • where you have provided your consent;

  • where we need to perform the contract we are about to enter into or have entered into with you;

  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

  • where we need to comply with a legal obligation; and/or,

  • where it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

Where we process special category personal data, or criminal conviction and offence data, this will usually be in the following circumstances:

  • where you have provided your explicit consent;

  • where you have manifestly made the data public;

  • where it is necessary for the establishment, exercise or defence of legal claims;

  • where it is necessary when exercising our / your rights and obligations in the field of employment, social security and social protection law;

  • where it is necessary for reasons of substantial public interest, such as being:

    • necessary for the administration of justice;

    • necessary for ensuring equality of opportunity or treatment;

    • necessary for the prevention or detection of an unlawful act;

    • necessary for making a disclosure concerning suspicions of terrorist financing or money laundering; and/or,

    • necessary for responding to a communication from an elected representative acting on behalf of an individual.

 

Alternatively, we may rely on an exemption in the GDPR and/or Data Protection Act 2018 to legitimise our processing.

We have set out below a description of the ways we plan to use your personal data, and the legal grounds we rely on to do so. We have also identified what the relevant legitimate interests are where appropriate. Please note that we may process your personal data in reliance on one or more lawful bases depending on the specific purpose for which we are using your data. Where permitted to do so, we may also use your personal data for an alternate, but compatible, purpose.

Purpose/Activity

Type of Data

Lawful basis for processing, including basis of legitimate interest 

  • To manage our relationship with you or your organisation

  • To comply with applicable legal, regulatory and financial obligations

  • To develop and carry out our marketing activities

  • To analyse how our products and services are used, including our website

  • To communicate with you about our products and services

  • To develop, manage and improve our brands, products, services and relationships

  • Identity

  • Contact

  • Technical

  • Usage

  • Marketing and Communications

  • Contractual and Transactional

  • Financial and payment

  • Screening

  • Consent

  • Legitimate interests, including: selecting our customers and partners in accordance with our Objects,  values and policies; registering you / your organisation as a client; developing, promoting and expanding our business, products and services; obtaining feedback on our products and services; understanding the products and services our clients require and how we can best deliver them, including personalising our communications, products and services; sharing updates regarding our products and services; maintaining our records; identifying and resolving technical issues

  • To deliver our products and services

  • To process and fulfil the contract

  • To exercise our rights set out in agreements or contracts

  • To collect and recover money that is owed to us

  • Identity

  • Contact

  • Marketing and Communications

  • Contractual and Transactional

  • Financial and Payment

  • Screening

  • Other Data Necessary for the Provision of our Services

  • Consent

  • Legitimate interests: facilitating the provision of our services; maintaining our standards of service; conducting administrative activities; maintaining our records; managing our finances, including in connection with accounting and auditing; complying with our policies and standards; maintaining security; complying with legal and other regulations; handling legal issues and claims

  • Performance of a contract

  • Compliance with our legal obligations

  • Prevention, investigation, detection or prosecution of criminal offences

  • Manifestly made public

  • Establishment, exercise or defence of legal claims

  • Administration of justice

  • Prevention or detection of an unlawful act

  • Making a disclosure concerning suspicions of terrorist financing or money laundering

  • Responding to a communication from an elected representative acting on behalf of an individual

  • To administer and protect our business, brand, assets and staff

  • Identity

  • Contact 

  • Technical

  • Contractual and Transactional

  • Financial and Payment

  • Special Category

  • Screening

  • Legitimate interests: ensuring the efficient operation of our business and website, including in connection with accounting and auditing; monitoring compliance with our policies and standards; maintaining our standards of service; conducting administrative activities; maintaining our records; managing our finances; maintaining security; providing an appropriate working environment; preventing or detecting unlawful acts; enforcing our legal rights and interests; complying with legal and other regulatory obligations; handling legal issues and claims; contributing to the administration of justice

  • Legal obligation

  • Prevention, investigation, detection or prosecution of criminal offences

  • Establishment, exercise or defence of legal claims

  • Manifestly made public

  • Making a disclosure concerning suspicions of terrorist financing or money laundering

  • To detect, investigate, report, and seek to prevent financial crime

  • To manage risk for us and our customers

  • To obey laws and regulations that apply to us

  • To respond to complaints and seek to resolve them

  • Identity

  • Contact

  • Technical

  • Contractual and Transactional

  • Financial and Payment

  • Special Category

  • Criminal Conviction and Offence

  • Consent

  • Legitimate interests: determining the suitability of working with you / your organisation; maintaining our standards of service; managing security; preventing or detecting unlawful acts; enforcing our legal rights and interests; complying with legal and other regulations; handling legal issues and claims; contributing to the administration of justice; maintaining our insurance

  • Legal obligations

  • Prevention, investigation, detection or prosecution of criminal offences / unlawful acts

  • Establishment, exercise or defence of legal claims

  • Manifestly made public

  • Administration of justice

  • Making a disclosure concerning suspicions of terrorist financing or money laundering

  • In connection with advertising, considering responses to, and engaging individuals to fulfil job vacancies

  • To manage employment and staffing

  • To obtain or respond to references

  • To monitor and ensure equal opportunities

  • Identity

  • Contact

  • Contractual and Transactional

  • Education and Work

  • Financial and Payment

  • Special Category

  • Screening

  • Consent

  • Performance of a contract

  • Legitimate interests: matching your education, skills, and experience with our requirements; carrying out background checks; monitoring compliance with our policies and standards; monitoring and managing your performance; providing an appropriate working environment; conducting diversity monitoring; managing our finances and resourcing; conducting legal, accounting and taxation administration; complying with our legal obligations and/or handling legal issues and claims; contributing to the administration of justice; maintaining security; preventing or detecting unlawful acts

  • Compliance with our legal obligations

  • Prevention, investigation, detection or prosecution of criminal offences / unlawful acts

  • Manifestly made public

  • Establishment, exercise or defence of legal claims

  • Exercising our / your rights and obligations in the field of employment, social security and social protection law

  • Administration of justice

  • Equality of opportunity or treatment

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.

4. Disclosures of your personal data

We may share your personal data with:

  • our clients;

  • our professional advisers, including, without limitation, our insurers, legal advisers, accountants etc;

  • our suppliers, business partners and sub-contractors;

  • search engine and web analytics providers;

  • with courts, the police, law enforcement bodies, regulators, government departments or agencies, lawyers or other parties;

  • companies providing anti-money laundering and terrorist financing services, credit reference and other fraud and crime prevention companies, financial institutions, and related regulatory bodies; and,

  • other third parties to which you request that we disclose your data. 

In the event that we were to sell our business or assets, we may disclose your personal data to any prospective/actual purchaser and/or their advisers.

 

5. International transfers 

When we process your personal data, we may process it in countries outside of the UK and the European Economic Area (‘the EEA’, which is comprised of the EU in addition to Iceland, Norway and Liechtenstein), for example when we engage third party service providers based in other countries. When we conduct relevant international transfers of your personal data, we will only do so in circumstances where:

  • You provide your explicit consent;

  • It is necessary to conclude or perform a contract in your interest between us and an individual or entity;

  • It is necessary for the establishment, exercise or defence of legal claims;

  • The European Commission has determined that the country to which the data is to be transferred ensures an adequate level of protection (e.g. Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay); and/or

  • We have entered into standard contractual clauses approved by the European Commission with the transferee and, where necessary, have conducted an appropriate risk assessment.
     

Should you require further information, please contact us using the details below.

 

6. Data retention

We will retain your personal data for as long as is necessary to fulfil the purpose(s) for which we collected it. This will typically mean that we will retain your personal data for as long as you / your organisation is a customer of ours or maintains an association with us and/or for as long as you are content to receive communications from us, and for a period thereafter as necessary to comply with legal, accounting, taxation or regulatory requirements, to prevent fraud, or as required in the context of establishing, exercising or defending legal rights or responding to your communications.

We may also retain your personal data outside of these periods, where we are unable to delete it for technical reasons, in which case we will isolate it and securely store it until secure destruction / erasure is possible.

Otherwise, we will securely destroy / erase your personal data, or shall anonymise it.

In practice, we will retain your personal data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place.

 

7. Your legal rights

You have the right, with some exceptions, to ask us to provide you with a copy of any personal data we hold about you in respect of which we are the data controller, and to be provided with information regarding how we process that data.

If the personal data we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it. If we rely on your consent to process your personal data, you can withdraw that consent at any time.

You can ask us not to process your personal data for marketing purposes.

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is investigated.

In some circumstances you can ask us to erase your personal data if it is no longer necessary for us to use it, you object to the use of your personal data and we don't have a good reason to continue to use it, or we haven't handled your personal data in accordance with our obligations.

If you have provided us with your personal data, you can request that we provide a copy of it to you or another data controller in a commonly used, machine-readable format.

To exercise these rights, we need to be suitably satisfied of your identity and so may request that you provide identification documents or confirm other details we may hold about you.

You can exercise these rights by contacting us using the details below. You will not have to pay a fee to exercise your rights, however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We will respond to all requests at the earliest opportunity and in most cases will do so within a month of receipt. On occasion, if your request if particularly complex or is one of a number of requests, it may take us longer to provide a substantive response to your request. If this is the case, we will inform you as soon as possible and indicate when we anticipate being in a position to respond.   

We would ask that should you have any queries or concerns that you address them to us in the first instance. If you are not happy with our response, or if you wish to complain, you can contact the Information Commissioner's Office: https://ico.org.uk.

 

8. Contact us

Should you have any queries regarding this policy or the use of your personal data, you may contact us at our registered address or by email:

 

enquiries@swcrc.co.uk

 

South West Cyber Resilience Centre

Joint Emergency Services Building

Wimborne Road

Poole

Dorset

BH15 2BP