This is the privacy notice for Cysec Resource Co Limited (CRC or We). This privacy notice sets out the basis on which any personal data We collect from you, or that you provide to us, directly or indirectly, will be processed by us. Please read the following carefully to understand our views and practices regarding personal data and how We treat it.
Cysec Resource Co Limited is a company registered in England and Wales under company number 09369239 whose registered office is c/o Sempar Accountancy and Tax, Lymedale Business Centre Hooters Hall Road, Lymedale Business Park, Newcastle, Staffordshire, United Kingdom, ST5 9QF.
For the purpose of the General Data Protection Regulation 16/679, the data controller is Cysec Resource Co Limited. We can be contacted at the registered office address or email info’cysec-rco.com .
WHO WE ARE
CRC is an information security, cyber security and data protection resourcing partner.
OUR STATUS UNDER GDPR
Depending on the nature of the interaction, we act as a processor in that we are acting upon instructions from our Clients when we provide our services to them; and when we control the purposes and means of the processing of personal data, such as processing our employee’s personal data, we are a controller, as defined under the Regulation.
THE PERSONAL DATA WE COLLECT ABOUT YOU
We collect personal data for a number of purposes in order to undertake our business model. These include the collection of personal data which identifies you when you sign up to our mailing list, register with our business (as a client or a candidate), or communicate with us. We keep a record of our interactions; and when we collect personal data from you we store it under a strict safeguarding and confidentiality regime.
THE REASON WE USE PERSONAL DATA
CRC will collect data from you to process payments and provide you with information or services you have requested, to meet contractual requirements and comply with our administrative duties, sectoral regulations and the general law. Personal data collected this way will only be used to provide you with information that you would reasonably expect or have agreed to. When we run activities in partnership with other organisations we will only share your personal data with them if your consent is required, and you have given us consent to do so. We do not share or sell your personal data with other organisations to use for their own purposes without your agreement. We may pass your personal data on to third-party service providers contracted to us. In these circumstances, the third party will be obliged to keep your details securely, and to use them only to fulfil their contractual obligations to us. When they no longer need your personal data to fulfil this service, they will dispose of the details in line with our data retention policy. Personal data may be held on a customer relationship management system which holds contact details and a record of your interactions with us.
As set out above, we may share information with third parties so that they can assist us in providing our services; selected third parties could include:
- Clients, suppliers and sub-contractors for the performance of any contract we enter into with them. For example, so that our platform can work effectively, we may engage with contractors to carry out part of our services.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
We will disclose your personal information to third parties:
- If CRC or substantially all of its assets are acquired by a third party, in which case personal data held by it about its Clients will be one of the transferred assets.
- If we are under a duty to disclose or share personal data to comply with any legal obligation, or in order to enforce or apply our terms and other agreements; or to protect the rights, property, or safety of CRC, our Clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
THE LEGAL BASIS UPON WHICH WE ACT
We only process personal information where we have a lawful basis for doing so. These are:
Where We enter into a contract with third parties, processing of personal data may, as a matter of course, be necessary to execute such contract or take pre-contract preparation steps. This can include obligations under our terms and conditions with our members.
Where We have legal obligations, processing of personal data may be required by law. This may include contact with our regulators or public institutions.
Where We process personal data as it is necessary for the purpose of our legitimate interests, We do so on the basis of a balanced evaluation of our interests and yours. We may therefore contact you about things which we feel are of interest to you or which, based on what we know about you, are in the interests of our charitable objectives to let you know. This will from time to time include marketing and raising awareness, but at any stage you can tell us that you do not want to receive such information and we will stop contacting you with it.
WITHDRAWAL OF CONSENT
Consent should be as easy to withdraw as it is to give and you may ask that we do not process your personal data at any time. You may contact us to withdraw your consent using the contact details at the end of this privacy statement. Equally, where we process personal data based on our legitimate interest, you have a right to request that we stop processing personal data for our legitimate interests and withdraw your consent.
HOW WE PROTECT YOUR PERSONAL INFORMATION
We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date, and that we only keep it as long as is reasonable and necessary. Any external providers we use to process your data (for instance the operators of our contact management system) must meet our security policies and comply with all relevant legislation about how they store and process your personal data. We may also receive information about you from third parties but will only contact you if we have your express permission.
YOUR RIGHTS TO FURTHER INFORMATION
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a third country or international organisation, information about how We ensure this is done securely.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
We accept the following forms of ID when information on your personal data is requested: passport, driving licence, birth certificate, utility bill from the previous 3 months.
SENSITIVE PERSONAL DATA
Where CRC processes sensitive personal data, we do so on the basis that the Client has established a lawful exception to the prohibition on processing sensitive personal data under Article 9 of the Regulation; and where CRC is processing sensitive personal data of employees, it does so pursuant to its employment relationship with its personnel and so uses the exception set out in paragraph 2(b) of Article 9 of GDPR.
TRANSFERRING OUT OF THE EEA
Storing: We use cloud providers to store our personal data. Personal data may be transferred to and stored at a destination outside of the European Economic Area (EEA).
Processing: We may use third parties to help us deliver our services and they may be based outside the EEA. Where data is transferred outside the EEA, We adhere to compliance mechanisms that are identified by the European Commission, for example, the use of EU model contract clauses or conformity to US Privacy Shield.
Where we are the processor: in general, personal data is stored in the locations required by our Clients. Periodically, our Clients may agree specific terms as to where customer data, venue employee data and head office employee data is stored by us. At all times, We act in accordance with the Regulation.
DATA RETENTION PERIODS
CRC has a data retention policy which sets out how long it will store personal data, which is consistent with Article 5 of the Regulation. CRC only keeps personal data for as long as is necessary. For example, CRC is required to retain certain information in accordance with the general law, where information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on CRC’s business needs, which are balanced against the requirements of GDPR and the rights of the individual.
Where we are the controller
We will retain personal data for as long as necessary. As described above, in some cases, we will have a legal or statutory obligation to retain information for a set period, such as the limitation period.
Where we are the processor
SUMMARY OF DATA PROCESSORS
In order to provide our services to our Clients and their customers, CRC defines the different categories of personal data and works with carefully selected third parties. Some of our selected third parties are required to process personal data on our behalf, in compliance with our role as both a controller and processor.
The personal data We process is subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure. We will get in touch with the supervisory authority (which in our case is the Information Commissioner on the United Kingdom) and with affected data subjects where this is required under GDPR.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Strictly necessary cookies
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily
These are used to recognize you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region)
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests.
FIRST PARTY COOKIES
How do I block first party cookies?
You block first party cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
THIRD PARTY COOKIES
We may use Google Analytics cookies to track anonymous usage statistics but we do not collect any personal information that can be used to identify you. This data helps us analyze web page usage and improve our website to tailor it to our audience needs.
Google Analytics stores information about what pages you visit, how long you are on the site, how you got there and what you clicked on.
These are cookies served by a third-party service provider and are usually used to identify your computer when it visits another website, for example, when you log in to a social media site to share an article.
How do I block third party cookies?
You block third party cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
For more information on cookies, go to www.aboutcookies.org
YOUR RIGHT TO COMPLAIN
If you have a complaint about the way we process your personal data, you can register your concern by contacting the Information Commissioner and following the instructions set out at www.ico.org.uk
Cysec Resource Co Limited
|Address:||FAO Data Protection Owner
c/o Sempar Accountancy and Tax
Lymedale Business Centre
Hooters Hall Road
Lymedale Business Park
United Kingdom, ST5 9QF