Data protection privacy notice
This document provides you with information about how we are handling, or are intending to handle, your personal information. This document clearly shows the lawful reason why data is held and used by LRQA Nettitude and to clarify the definition of an ‘active client’.
2 About us
LRQA Nettitude provides cyber assurance services, consultancy and products. We are based in various global locations but have headquarters in the UK (Leamington Spa).
LRQA Nettitude is committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
3 How to contact us
If you wish to contact us about your personal data or exercise any of the rights described in this policy please contact: firstname.lastname@example.org
Data Controller, LRQA Nettitude, 1 Jephson Court, Tancred Close, Leamington Spa, CV31 3RZ, UK
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com
Head of Marketing, LRQA Nettitude, 1 Jephson Court, Tancred Close, Leamington Spa, CV31 3RZ, UK
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
4 The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details);
We may also collect other information as part of the services we deliver. This will be specifically covered under service contracts with our clients.
5 How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- Information about you that you provide directly to us by filling in forms while registering for downloads, services, sales applications, responding to recruitment adverts or requests for information through our websites (e.g. LRQA Nettitude.com, LRQA Nettitude.co.uk);
- Information that we need in order to deliver services that you have contracted with us;
- Contact details to provide you with marketing, research and innovation information about our activities and services;
- We may also ask you for information when you contact us through our support desk (Security Operations Centre) or make a complaint and, if you contact us, we may keep a record of that correspondence;
- You’re an employee and we use your data to process and manage your employment;
LRQA Nettitude also receive personal information indirectly, from the following sources in the following scenarios:
- Sales referrals – We will contact you and ask for your consent if a 3rd party passes us your details as a referral;
- Sales contact data purchased from 3rd parties. This is only ever done and used where the data provided also includes assurances that your consent to this data being used in this way has been given.
6 Uses made of your information and the basis of processing
LRQA Nettitude use the information that you have given us in order to:
- Ensure that content from our websites is presented in the most effective manner;
- Carry out our obligations arising from any contracts entered into between you and LRQA Nettitude;
- Provide you with information, products or services that you request from LRQA Nettitude or which we feel may interest you, where we are legally entitled to do so;
- Notify you about changes to our service.
- We may ask you to complete optional surveys that will be used to provide you with a more relevant customer experience, service reviews/feedback, or in some cases, to answer research questions. The type, purpose and use of this data will be clearly laid out at the time of request.
- Maintain a record of emails and other communications we have sent to you and your interaction with them.
We will hold your personal data for one or more of the following legal reasons:
- Legitimate interests: Where you have contacted us or given us your information in order to receive information, feedback or perform some task for you (i.e. a sales request, made an enquiry or raised a complaint). This need to process your personal information for our legitimate interests will only be valid where our legitimate interests are not overridden by your data protection interests or fundamental rights and freedoms;
- Contractual: In doing business with us we will need to hold personal data to fulfil our contractual obligations and will keep you updated on things like our services, products and research activities;
- Opting in consent: Where you have given us consent to hold your data through signing up on our website or filling in the relevant form at an event or other activity.
LRQA Nettitude will not use any of the personal information we collect from you to make automated business decisions.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time, and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information).
LRQA Nettitude have completed a legitimate interest assessment (LIA) for your data and this is reviewed on a regular basis to ensure the reason for holding or processing any personal data are still valid.
7 Information security
LRQA Nettitude will take all steps reasonably necessary including policies, procedures and security controls to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this notice.
LRQA Nettitude maintains an ISO27001:2013 Information Management Security System (ISMS) that covers all areas of the business and is annual audited by BSI (Online Checker ) and is registered with the ICO as a Data Controller .
8 Recipients of personal data
We will share information about you with some of our suppliers who process data on our behalf to help us to provide services to you.
Categories of organisation and purpose
- Marketing agencies – to provide relevant digital content to our customers;
- LRQA Nettitude registered event organisers – to enable event organisers to manage LRQA Nettitude registered activities and communicate with participants;
9 International transfer of personal data
We do not transfer the personal data relating to individuals who are based within the European Economic Area outside of the European Economic Area without their consent.
10 Data retention period
We will hold information about you in our data systems only for as long as we need it and only for the purpose for which we collected it, which is as follows:
- If you have used our services (including purchasing services/products, engaging with emails and downloading content) LRQA Nettitude will retain and process information about you. Should you wish to stop receiving marking emails from us and/or wish for us to delete your data, you have the option to ask us to do so. We will either stop sending your emails, or delete your data as requested.
- LRQA Nettitude will hold details for a primary contact for any ongoing services or contracts for as long as there is a legitimate interest for us to do so.
- Personal data gathered as part of the delivery of professional or managed services about you, or employees or customers will be maintained for at least the minimum documented period as defined by regulation and/or legislation.
- Data gathered by consent will be held until that consent is removed or revoked.
- Personal data linked to the processing of insurance claims, subject access requests, disputes, disciplinary or police matters will only be kept for as long as it necessary for those purposes, as each is applicable.
11 Your rights as a data subject
Data protection laws grant you, as a Data Subject, certain ‘individual rights’, which are summarised below:
- Right to be informed – You have the right to know what data we collect and why and how we process it.
- Right of access – You have the right to obtain a copy of information we hold about you
- Right of rectification – If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it.
- Right of erasure – You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data.
- Right to restriction of processing – You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
- Right to Portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
- Right to Object – You have a right to object to our processing your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
- Right to Withdraw Consent – You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent. You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below.
Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by date-stamped communication.
13 Marketing Communications
If you would like to opt out of our marketing communications, please email us at firstname.lastname@example.org from the email you wish to unsubscribe.