quicker cyber lightning

Transparency Notice

GDPR transparency notice for Cyber

Cyber by Riskaware is a service provided by Riskaware Limited.

Riskaware Limited, (we or us) is registered in England and Wales under company number 03812608 and have our registered office at 9th Floor Colston Tower, Colston Street, Bristol BS1 4XE.

Riskaware Limited is part of the Urtek Holdings Group. Urtek Holdings Limited is registered in England and Wales under company number 4378430 and also have their registered office at 9th Floor Colston Tower, Colston Street, Bristol BS1 4XE.

1

What is the purpose of this document?

1.1

We are committed to protecting and respecting your privacy. This transparency notice sets out the basis on which any personal data we collect about all users of our site (you), or that you provide to us through cyber.riskaware.co.uk (our site), will be processed by us.

1.2

We are a data controller. This means that we are responsible for deciding how we hold and use personal information about you, and for explaining this clearly to you.

1.3

Please read this transparency notice carefully to understand what we do with your personal information and what rights you have in relation to our activities.

1.4

This transparency notice sets applies to visitors to our site who do not make enquiries as well as those who do.

2

Information we collect from you and about you and how our use complies with the law

2.1
Information from you
Information How we use your information How our use complies with the law
Name and email address. To contact you about Cyber. It is necessary to perform the contract we have agreed with you.
Information about your use of IT systems and current cyber security arrangements. To enable us to answer any queries you have about the product, to give you an accurate quotation and to provide our service to you. It is necessary to perform the contract we have agreed with you.
Payment or invoice information (if you are purchasing on behalf of your company, this will be about the company, not you and is unlikely to contain personal data) To enable us to invoice you, or take payment. Because it is necessary to perform the contract we have agreed with you.
2.2
Information we collect about you
Information about your preferences and the types of services you are interested in via the cookies on our website. To improve the services we offer to you and others.

To provide you with information about other products and services which we think may be of interest to you. For example, cyber security training, or patch updates.
It is necessary for our legitimate interests to ensure the smooth running of our website.

We are allowed to do this as long as our do not disproportionately intrude your privacy.

You can disable cookies on your browser.
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform via cookies on our website. To improve the services we offer to you and others; and for the purposes of fraud protection and credit risk reduction. It is necessary for our legitimate interests to ensure the smooth running of our website.

We are allowed to do this as long as our do not disproportionately intrude your privacy.

You can disable cookies on your browser.
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. To improve the services we offer to you and others; and for the purposes of fraud protection and credit risk reduction. It is necessary for our legitimate interests to ensure the smooth running of our website.

We are allowed to do this as long as our do not disproportionately intrude your privacy.

You can disable cookies on your browser.
2.3
Information we receive from third parties
Tokens that reference payments you have made from technical or payment services we have a legal obligation to do; and for the purposes of fraud protection and credit risk reduction. Because we have a legal obligation to do so; and it is necessary for our legitimate interests to ensure the smooth running of our website.
Information about your credit history (if you are purchasing on behalf of your company, this will be about the company, not you) for the purposes of fraud protection and credit risk reduction. It is necessary for our legitimate interests to ensure the smooth running of our business
3

Sharing your information

3.1

We share your information with third parties as follows:

3.1.1

With any member of the Urtek Group

3.1.2

If we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets.

3.1.3

If we have a legal obligation to do so.

3.1.4

For the purposes of fraud protection and credit risk reduction.

3.2

If you object to our sharing or continuing to use your personal data with any specific third party please contact us at cyber@riskaware.co.uk.

4

If you fail to provide personal information

4.1

You are required to provide the personal information set out in section 1 and if you purchase Cyber, section 3 of the table. We will not be able to provide our services to you.

Your duty to inform us of changes

4.2

We want to be sure that the personal information we hold about you is accurate and current.

4.3

Please advise us of any changes by email to cyber@riskaware.co.uk or to your usual contact at Riskaware.

5

Change of purpose

5.1

We only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

5.2

If we want to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

5.3

We may process your personal information without your knowledge or consent but only where this is required or permitted by law.

6

Where will we store your personal information?

6.1

Any personal information that you submit to us will be held on secure servers, based within the European Economic Area (EEA), except where indicated in 6.2 and 6.3.

Transferring information outside the EEA

6.2

We use Google Analytics to evaluate the performance of our site and improve the service we offer you. We may transfer information about you outside the EEA for this purpose. We will only do so where permitted by law.

6.3

We use Google G Suite to securely email your personal information. Version 1.6 of the Google Data Processing Amendment will apply (in relation to G Suite Agreements) until 24 May 2018 inclusive and, as from 25 May 2018 (when the EU’s GDPR Regulation comes into force), will be replaced by Version 2.0 of the Data Processing Amendment.

6.4

Google Services comply with the EU-US Privacy Shield Framework as set out by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries. It is subject to enforcement by the Federal Trade Commission. Google, including Google Inc. and its wholly-owned US subsidiaries, has certified that it adheres to the relevant Privacy Shield Principles, including for Google Analytics. For more information about this protective measure, please visit the following: https://www.google.de/intl/en/....

6.5

We use Twitter Analytics to evaluate the performance of our site and improve the service we offer you. We may transfer information about you outside the EEA for this purpose. We will only do so where permitted by law.

6.6

Twitter Services comply with the EU-US Privacy Shield Framework as set out by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries. It is subject to enforcement by the Federal Trade Commission. Twitter, including Twitter Inc. and its wholly-owned US subsidiaries, has certified that it adheres to the relevant Privacy Shield Principles, including for Twitter Analytics. For more information about this protective measure, please visit the following: https://help.twitter.com/en/rules....

7

Data security

7.1

We have put in place:

(a)

appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

(b)

procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

8

How long will we keep your personal information for?

8.1

We will keep your personal information in our database for up to 24 months after your last contact with Riskaware, to allow us to securely review and delete inactive records.

8.2

We will retain transaction data for subscriptions for 7 years after the last payment to allow us to meet our legal obligations in relation to our accounting records.

9

Your rights

You have the following rights:

(a)

to be told what we are doing with your personal information. We do this by providing you with this transparency notice;

(b)

to correct or update the personal information we hold about you: you can do this by emailing us at cyber@riskaware.co.uk or talking to your contact at Riskaware.

(c)

to object to the processing of your personal information;

(d)

to request a copy of the personal information we hold about you;

(e)

to ask us to delete the information that we hold about you where there is no good reason for us continuing to process it;

(f)

to ask us to stop processing your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground;

(g)

to ask us to restrict how we use your personal information for a period of time if you claim that it is inaccurate and we want to verify the position or in some limited other circumstances;

(h)

to ask us to send your personal information to another organisation in a computer-readable format;

(i)

to complain to the Information Commissioner's office if you are unhappy with our use of your personal data: you can do this at https://ico.org.uk/concerns/. Do contact us straight away if you consider that we are not handling your personal information properly so we can try and sort the problem out.

If we delete your personal information or restrict our use of it, we will not be able to provide our services to you.

If you want to exercise any of your rights, please contact cyber@riskaware.co.uk We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

10

Cookie policy

10.1

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

Information about our use of cookies

10.2

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

10.3

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

10.4

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

10.5

We use the following cookies:

10.5.1

to manage your login to the website;

10.5.2

to optionally remember your username; and

Google Analytics

10.6

We also use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate visitors' use of our site.

10.61

Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

10.62

For more information on Google Analytics please go to https://www.google.com/analytics....

Twitter Analytics

10.7

We also use Twitter Analytics, a web analytics service provided by Twitter, Inc. Twitter Analytics sets a cookie in order to evaluate visitors' use of our site.

10.71

Twitter stores the information collected by the cookie on servers in the United States. Twitter may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Twitter's behalf. Twitter will not associate your IP address with any other data held by Twitter.

10.72

For more information on Twitter Analytics please go to https://analytics.twitter.com/about.