Privacy Policy

This privacy policy sets out how South West Cyber Resilience Centre ltd uses and protects any information that you give us when you use this website or otherwise interact with the Centre.

South West Cyber Resilience Centre ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this policy.

This policy is effective from 19 May 2021. South West Cyber Resilience Centre ltd may change this policy from time to time. We will notify you of any substantive changes to the policy which affect you. Where this policy is provided to an organisation, and its content affects or may affect individuals which work for or on behalf of that organisation, the organisation should ensure that this policy is brought to the attention of those individuals.

This privacy policy should be read in conjunction with the Centre’s website terms and conditions, our cookies policy, website privacy policy, and any supplementary privacy policies which are provided to you in connection with specific processing activities.

South Est Cyber Resilience Centre ltd (collectively referred to as “SWCRC”, “we”, “us” and “our” in this Privacy Policy) is a company registered in England with registered number 13407119 and registered address at Joint Emergency Services Building, Wimborne Road, Poole, Dorset BH15 2BP.

This privacy policy contains the following information:

Data we collect about you
How your personal data is collected
How we use your personal data
Disclosures of your personal data
International transfers
Data retention
Your legal rights
Contact us

1. Data we collect about you

The categories of personal data that we may collect about you include:

Identity Data: title; first name; last name; nationality; National Insurance number; copies of identity documents
Contact Data: address; email address; telephone number(s); social media and communications platform aliases; company or organisation; role
Technical Data: internet protocol (IP) address; browser type and version; time zone setting and location; browser plug-in types and versions; operating system and platform; and the device used to access this site.
Usage Data: information about how you use our website.
Marketing and Communications Data: your preferences in receiving marketing from us and our third-party partners; topics of interest; your opinions regarding our services; communications between us; your communication preferences (you may receive marketing communications from us if you have requested information from us or have negotiated for or contracted to receive our services and you have not opted out of receiving that marketing).
Contractual and Transactional Data: agreements between us or which you enter into on behalf of an organisation; services you request and/or we provide to you.
Financial and Payment Data: bank account; credit/debit card numbers; sort code; CVC code; expiry date; related billing information.
Screening Data: identification and contact information concerning registered officers, and individuals with significant control; information regarding criminal and regulatory investigations, findings and convictions of individuals with significant control, registered officers and staff; the expertise, professional qualifications and certifications of registered officers and staff; and, public domain information regarding individuals with significant control, registered officers and staff.
Education and Work Data: academic institutions; employers; qualifications; experience; references.
Special Category Data: racial or ethnic origin; religious or philosophical beliefs; trade union membership; health; sexual orientation.
Other Data Necessary for the Provision of our Services.

2. How your personal data is collected

We may obtain your personal data:

directly from you;
from individuals or entities acting on your behalf;
from our clients;
from your organisation;
when you or your organisation browse, complete a form or make an enquiry or otherwise interact with us via our website, social media or other platforms;
from search engine and web analytics providers;
by referrals;
from our professional advisers, including, without limitation, our insurers, legal advisers and accountants;
from courts, law enforcement bodies, regulators, government departments or agencies, lawyers or other parties; and/or
from the public domain.

3. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

where you have provided your consent;
where we need to perform the contract we are about to enter into or have entered into with you;
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
where we need to comply with a legal obligation; and/or,
where it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

Where we process special category personal data, or criminal conviction and offence data, this will usually be in the following circumstances:

where you have provided your explicit consent;
where you have manifestly made the data public;
where it is necessary for the establishment, exercise or defence of legal claims;
where it is necessary when exercising our / your rights and obligations in the field of employment, social security and social protection law;
where it is necessary for reasons of substantial public interest, such as being:
- necessary for the administration of justice;
- necessary for ensuring equality of opportunity or treatment;
- necessary for the prevention or detection of an unlawful act;
- necessary for making a disclosure concerning suspicions of terrorist financing or money laundering; and/or,
- necessary for responding to a communication from an elected representative acting on behalf of an individual.

Alternatively, we may rely on an exemption in the GDPR and/or Data Protection Act 2018 to legitimise our processing.

We have set out below a description of the ways we plan to use your personal data, and the legal grounds we rely on to do so. We have also identified what the relevant legitimate interests are where appropriate. Please note that we may process your personal data in reliance on one or more lawful bases depending on the specific purpose for which we are using your data. Where permitted to do so, we may also use your personal data for an alternate, but compatible, purpose.

South West Cyber Resilience Centre Ltd Privacy Policy

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.

4. Disclosures of your personal data

We may share your personal data with:

our clients;
our professional advisers, including, without limitation, our insurers, legal advisers, accountants etc;
our suppliers, business partners and sub-contractors;
search engine and web analytics providers;
with courts, the police, law enforcement bodies, regulators, government departments or agencies, lawyers or other parties;
companies providing anti-money laundering and terrorist financing services, credit reference and other fraud and crime prevention companies, financial institutions, and related regulatory bodies; and,
other third parties to which you request that we disclose your data.

In the event that we were to sell our business or assets, we may disclose your personal data to any prospective/actual purchaser and/or their advisers.

5. International transfers

When we process your personal data, we may process it in countries outside of the UK and the European Economic Area (‘the EEA’, which is comprised of the EU in addition to Iceland, Norway and Liechtenstein), for example when we engage third party service providers based in other countries. When we conduct relevant international transfers of your personal data, we will only do so in circumstances where:

You provide your explicit consent;
It is necessary to conclude or perform a contract in your interest between us and an individual or entity;
It is necessary for the establishment, exercise or defence of legal claims;
The European Commission has determined that the country to which the data is to be transferred ensures an adequate level of protection (e.g. Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay); and/or
We have entered into standard contractual clauses approved by the European Commission with the transferee and, where necessary, have conducted an appropriate risk assessment.

Should you require further information, please contact us using the details below.

6. Data retention

We will retain your personal data for as long as is necessary to fulfil the purpose(s) for which we collected it. This will typically mean that we will retain your personal data for as long as you / your organisation is a customer of ours or maintains an association with us and/or for as long as you are content to receive communications from us, and for a period thereafter as necessary to comply with legal, accounting, taxation or regulatory requirements, to prevent fraud, or as required in the context of establishing, exercising or defending legal rights or responding to your communications.

We may also retain your personal data outside of these periods, where we are unable to delete it for technical reasons, in which case we will isolate it and securely store it until secure destruction / erasure is possible.

Otherwise, we will securely destroy / erase your personal data, or shall anonymise it.

In practice, we will retain your personal data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place.

7. Your legal rights

You have the right, with some exceptions, to ask us to provide you with a copy of any personal data we hold about you in respect of which we are the data controller, and to be provided with information regarding how we process that data.

If the personal data we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it. If we rely on your consent to process your personal data, you can withdraw that consent at any time.

You can ask us not to process your personal data for marketing purposes.

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is investigated.

In some circumstances you can ask us to erase your personal data if it is no longer necessary for us to use it, you object to the use of your personal data and we don't have a good reason to continue to use it, or we haven't handled your personal data in accordance with our obligations.

If you have provided us with your personal data, you can request that we provide a copy of it to you or another data controller in a commonly used, machine-readable format.

To exercise these rights, we need to be suitably satisfied of your identity and so may request that you provide identification documents or confirm other details we may hold about you.

You can exercise these rights by contacting us using the details below. You will not have to pay a fee to exercise your rights, however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We will respond to all requests at the earliest opportunity and in most cases will do so within a month of receipt. On occasion, if your request if particularly complex or is one of a number of requests, it may take us longer to provide a substantive response to your request. If this is the case, we will inform you as soon as possible and indicate when we anticipate being in a position to respond.

We would ask that should you have any queries or concerns that you address them to us in the first instance. If you are not happy with our response, or if you wish to complain, you can contact the Information Commissioner's Office: https://ico.org.uk.

8. Contact us

Should you have any queries regarding this policy or the use of your personal data, you may contact us at our registered address or by email:

enquiries@swcrc.co.uk

South West Cyber Resilience Centre

Joint Emergency Services Building

Wimborne Road

Poole

Dorset

BH15 2BP

Membership is FREE so join today to receive your welcome pack and access to all of our cyber security advice and resources.

Want to improve your cyber resilience?

Join Free Now

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of SWCRC is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. SWCRC provides affordable services and Cyber Expert Partners if you need specific support. For specific questions please contact us. SWCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. SWCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.