Privacy Policy

PRIVACY POLICY AND COOKIE NOTICE

BACKGROUND:

Pentesec Limited was founded in 2014, born out of a passion for technology and business.  Built on strong technology foundations, Pentesec has quickly grown to become one of the most reputable, industry leading security specialists in the UK.  We offer professional services, managed security services and expertise within an extensive range of security technologies to small, medium and enterprise level businesses in an array of industries including construction, engineering, health, education and finance.  What’s more, we are one in only five UK SandBlast Certified Check Point Partners and were recently promoted to become a four-star Check Point partner, acknowledging our cyber security excellence.

Our Site is owned and operated by Pentesec Limited, a limited company registered in England under company number 08940056, whose registered address is 1 Bond Street, Colne, Lancashire BB8 9DG and whose main trading address is 20 Commerce Road, Lynch Wood, Peterborough, Cambridgeshire PE2 6LR.

In this Policy, the following terms shall have the following meanings:

“Account”

means an account required to access and/or use certain areas and features of Our Site;

“Cookie”

means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in section 13, below;

“personal data”

means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and

“We/Us/Our”

means Pentesec Limited, a limited company registered in England under company number 08940056, whose registered address is 1 Bond Street, Colne, Lancashire BB8 9DG, and whose main trading address is 20 Commerce Road, Lynch Wood, Peterborough, Cambridgeshire PE2 6LR.

 

GDPR Principles

The following principles are complied with when processing personal data:

  • Data is processed fairly and lawfully and in a transparent manner;
  • Data is processed only for specified, legitimate and lawful purposes;
  • Processed data is adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed;
  • Processed data is accurate and, where necessary, kept up to date
  • Data is kept in a form which permits identification of data subjects for no longer than is necessary; and
  • Data is processed in a manner that ensures appropriate security including protection against unlawful or unauthorised processing, loss, destruction or damage.
Lawful Basis of Processing Data

The lawful basis of processing of data will always be determined prior to any data being processed. Pentesec processes personal data under one, or more, of the following Lawful Bases in accordance with GDPR:

  • Consent – the individual has given their Consent to the processing of their personal data
  • Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party, or for Pentesec to take pre-contractual steps at the request of the individual
  • Legal Obligation – processing of personal data is necessary for compliance with a legal obligation to which Pentesec is subject
  • Legitimate Interests – processing of personal data is necessary under the Legitimate Interests of Pentesec or a Third Party, unless these interests are overridden by the individual’s interest or fundamental rights
Type of Personal Data collected

The type of personal data collected may include:

  • Name
  • Date of Birth
  • Address
  • Gender
  • Business/company name
  • Job Title
  • Profession
  • Email address
  • Job Title
  • Telephone number
  • Business name
  • IP address
  • Financial information such as credit/debit card numbers
  • Web browser type and version
  • Operating System
  • Demographic information such as postcode
  • A list of URLs starting with a referring site, your activity on Our Site, and the site you exit to;
How Personal Data is collected

Personal data is obtained from one or more of the following: 

  • Visits and use of the above Pentesec websites, and Company Portals
  • Use of Pentesec’s social media 
  • Use of Google Analytics
  • Attendees of corporate seminars and webinars hosted by Pentesec
  • Subscribers to Pentesec’s Company updates
  • Parties entering into agreements with Pentesec
  • Requests for information about products and services offered by Pentesec, and/or quotes
  • Employment enquiries
Why Personal Data is collected

Personal data is collected to provide legitimate business services which include:

  • For Marketing purposes
  • For us to review and reply to your enquiry
  • To provide an opinion for a service you have requested
  • To meet our statutory monitoring and reporting responsibilities
  • To handle and communicate orders, billings and payment, delivery of products and services 
  • To improve Pentesec’s services and product offering

However, where indicated, some of the information is optional and you can choose not to complete.

How Personal Data is used

Personal data may be used for:

  • providing and managing your Account;
  • providing and managing your access to Our Site;
  • personalising and tailoring your experience on Our Site; process orders, process a request for further information, to maintain records and to provide pre and after-sales service (please note that We require your personal data in order to enter into a Contract with you);
  • personalising and tailoring our products and services for you;
  • replying to emails from you;
  • supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by emailing data-access@pentesec.com).
  • market research;
  • analysing your use of Our Site and gathering feedback to enable Us to continually improve our Site and your user experience;
  • pass to another organisation to supply/deliver products or services you have purchased and/or to provide pre or aftersales service; 
  • carry out our obligations arising from any contracts entered into by you and us;
  • carry out security checks (this may involve passing your details to our Identity Verification partners, who will check details we give them against public and private databases - this helps to protect us from credit risk and both you and us from fraudulent transactions);
  • comply with legal requirements; 
  • assist third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use our site and issuing our emails for us;
  • seek your views or comments on the services we provide;
  • notify you of changes to our services;
  • send you communications which you have requested and that may be of interest to you. These may include information about product updates, newsletters, events, webinars; 
  • inform you of various promotions, goods and services that may be of interest to you. You may be contacted by post, email, telephone, SMS or such other means with carefully selected marketing communications we deem relevant to send to you in the legitimate interests of Pentesec as an IT service provider. Each marketing communication sent to you by Pentesec will provide you with the option to unsubscribe and manage your data profile and communication preferences from Pentesec at any time;
  • process a job application;  
  • create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
Where Personal Data is Stored

Information collected is stored on the Company’s CRM system and other associated  support related systems. 

We only keep your personal data for as long as We need to in order to use it as described and/or for as long as We have your permission to keep it.

Your data will only be stored in the UK. 

Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Our Site.

How long Personal Data is stored?

We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Who has access to Personal Data

Only Pentesec employees are granted access to customer data. This is ensured by the use of strict operational processes and procedures.

Staff are trained on security systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose. All employees are kept up-to-date on the Pentesec security and privacy practices. Employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure that customer information is protected.

Personal data provided via the Company’s portals is secured using Secure Socket Layer (SSL) server and is encrypted before being transmitted. Secure pages have a lock icon or key on the bottom of web browsers such as Microsoft Internet Explorer, information supplied by you on these webpages is securely stored and can only be accessed for the purposes for which it was provided.

All IT systems are kept in a secure environment with appropriate access control. We are audited on a regular basis by various independent security companies, plus internal and external audits by various Governing bodies.

Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We will not sell or rent your information to third parties.       

Third Party Service Providers working on our behalf: 

  • We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure. 

Third Party Product Providers we work in association with:

  • We work closely with various third-party product providers to bring you a range of quality and reliable products and services designed to meet your needs. When you enquire about or purchase one or more of these products, the relevant third-party product provider will use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. In some cases, they will be acting as a data controller of your information and therefore we advise you to read their Privacy Policy.  These third-party product providers will share your information with us which we will use in accordance with this Privacy Policy.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party including for a merger, acquisition, divestiture, or similar transaction or as part of any business restructuring or reorganisation. 

We may also further transfer data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to law enforcement. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Individuals’ Rights

Different rules apply depending on the type of Lawful Processing being undertaken, however many of the following individuals’ rights apply whatever the basis of processing:

  • The right to be informed how personal data is processed
  • The right of access to their personal data
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting data-access@pentesec.co.uk. You can request that your data is updated and/or deleted at any time, unless Pentesec can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned. 

You can change your marketing preference at any time by calling us on 0345 519 1337, or by post at 20 Commerce Road, Lynch Wood, Peterborough, Cambridgeshire PE2 6LR.  Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you. 

Links to other websites / from other websites

Pentesec’s Privacy Policy only applies to Pentesec’s websites and you are encouraged to read the Privacy Statements on the third-party websites that you visit such as Google. Pentesec is not responsible for the Privacy Policies and practices of other websites even if they were accessed via a Pentesec website. Equally, if you link to a Pentesec website from a third-party site (including YouTube), Pentesec is not responsible for the Privacy Policies and practices of that third-party site.

16 Years or Under

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.        

COOKIES

What are cookies?

A cookie is a text file containing small amounts of information which a server downloads to your personal computer (PC) or mobile device when you visit a website. The server then sends a cookie back to the originating website each time you subsequently visit it, or if you visit another website which recognises that cookie.

Why do websites use cookies?

Web pages have no memory. If you are surfing from page to page within a website, you will not be recognised as the same user across pages. Cookies enable your browser to be recognised by the website. So, cookies are mainly used to remember the choices you have made – choices such as the language you prefer and the currency you use. They will also make sure you are recognised when you return to a website.

Do all cookies do the same thing?

No, there are different types of cookies and different ways of using them. Cookies can be categorised according to their function, their lifespan and according to who places them on a website.

How does Pentesec use cookies?

Our website uses the following types of cookie:

Compliance Cookies

This cookie is placed when you click ‘Continue’ on the cookie information warning bar that is displayed at the top of our website and tells us you have given your consent to the use of cookies on our site and stops this message from appearing. A compliance cookie is also placed if you change your cookie preferences using the control panel on our website.

Session Cookies

Session cookies allow users to be recognised within a website so any page changes or item/data selection you make is remembered from page to page.

Cookies used: CFID - ColdFusion Unique Identifier, CFTOKEN - ColdFusion Unique Identifier, JSESSIONID – Java session Unique Identifier, FRONTUNIQUEID – SiteMachine Unique Identifier

Analytics Cookies

These cookies collect information in an anonymous form, including the number of visitors to the site, where visitors come from and the pages they visited, so that we can measure and improve the performance of our site, using a service provided by Google Analytics. Click here to read Google’s privacy policy.

Cookies used: __utma, __utmb, __utmc, __utmz

Social Cookies (including YouTube)

We may embed videos from YouTube. This may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos.

We may use social widgets to enhance visitor interaction on our site. Addthis collects non-personally identifiable information from many of the websites in which it is enabled, and uses that information to deliver targeted advertising on other websites you may visit.

Advertising Cookies

At times advertising cookies may be set to track and monitor the effectiveness of ad related activity (e.g. by using statistical analysis cookies for tracking Google Pay-Per-Click campaigns). You can choose whether or not to allow these cookies to be set in cookie settings.

How long do Pentesec cookies stay active?

The cookies we use have varying lifespans. The maximum lifespan we set on some of them is five years from your last visit to our website. You can erase all cookies from your browser any time you want to.

Controlling Cookies?

In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser.  Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party Cookies.  By default, most browers accept Cookies but this can be changed.  For further details, please consult the help menu in your internet browser or the documentation that came with your device. 

You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.

It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings

Does Pentesec use third-party cookies?

Yes, Pentesec uses the services of trusted and recognised online advertising and marketing companies. Pentesec may also use third-party providers for analytical purposes. To enable their services, these companies need to place cookies.  

The providers we use are committed to building consumer awareness and establishing responsible business and data management practices and standards.

In order to control the collection of data for analytical purposes by Google Analytics, you may want to visit the following link: https://tools.google.com/dlpage/gaoptout

Who has access to Pentesec Technology Group cookie data?

Only Pentesec has access to Pentesec cookies. Cookies placed by third parties can be accessed by these third parties.

How can you manage your cookie preferences?

Using your browser settings in, for example, Internet Explorer, Safari, Firefox or Chrome, you can set which cookies to accept and which to reject. Where you find these settings depends on which browser you use. Use the “Help” function in your browser to locate the settings you need.

If you choose not to accept certain cookies, you may not be able to use some functions on our website. And opting out of an online advertising network does not mean that you will no longer receive or be subject to online advertising or marketing analysis. It means that the network from which you opted out will no longer deliver ads tailored to your web preferences and browsing patterns.

We have taken great care to ensure that your privacy is not at risk by allowing them

Questions, Complaints and Subject Access Requests (SARs)

Any Subject Access Requests (SARs) should be sent to: data-access@pentesec.com.

Any questions should be sent to datacontroller@pentesec.com.

You have a right to lodge a complaint in the event that you believe that Pentesec has not upheld the rights, obligations and responsibilities set out in this Privacy Policy. Please send any complaints to: feedback@pentesec.com.

If you feel there has been a breach of your personal data, please email us at data-breach@pentesec.com.

Review of this Policy

This Policy is regularly reviewed.