i3Secure Privacy Notice

 

Last updated: July 2022

Version  3.0

 

Our contact details

Name:  i3Secure Ltd

Registration No. SC655454

Registered Office 33 Kittoch Street, East Kilbride, Glasgow, G74 4JW

Phone Number:  0330 133 2617

E-mail:  info@i3Secure.co.uk

 

Introduction and General Terms

We are committed to protecting your personal information and you can be assured that it will only be used in accordance with this Privacy Notice. This Privacy Notice relates to our use of your personal information when we contact you or you make contact with us, in relation to our services.  We may contact you

In order to provide you with the full range of services, we sometimes need to collect information about you. This Privacy Notice explains the following:

  • What information we may collect about you and the legal basis for doing so.
  • The source of where we receive personal information.
  • How we will use information we collect about you and why.
  • How long we will retain your personal information
  • Whether we will disclose your details to anyone else.

We are committed to safeguarding your personal information. We are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, these laws are referred to collectively in this Privacy Notice as “data protection laws”.

 

Who are we?

i3Secure is a UK-based Cyber Security, Information Security and Data Protection consultancy, focused on providing best-in-class, trusted services to a wide range of public sector and private sector customers. When we refer to ‘’we’’ or ‘’our”, we are referring to i3Secure Limited.  Registered with the UK Information Commissioner’s Officer Registration Reference: ZB13145.

 

What information we collect

In order to provide you with services and communications suited to your needs, we require information about you. Typically, we collect this information directly from you as you use our website or other communication platforms. For the purposes mentioned in our Privacy Notice, we collect the following groups of information of you:

  • Your basic identification and contact details

This may include your name, company, address, telephone number, email  address, IP Address, location, Microsoft teams meetings & chat and other information that you provide to us.  i.e., Applying for a role within i3Secure, CV, photographs, job history and qualifications, charitable involvement, live chat bot and HubSpot.

  • Information about your customer relationship with us

This may include information about your previous purchases of our services, your billing information, information about i3Secure events you have participated in, and feedback you have given us. Case References, studies, testimonials, newsletters, and videos.

Occasionally we may process personal information that has not been collected directly from you. All personal information is obtained from verified sources and will only be processed if a suitable legal basis has been established i.e., Quality Control. We use the following sources:

  • Affiliate/Partner Programs
  • Associations
  • Open sources such as your company website or a publicly available website

e.g., LinkedIn, Twitter etc.

  • Third party data suppliers

 

How we use your personal information

We use your information in a manner which is consistent with the original purpose of collection. For instance, we may send information about our services to existing customers whose contact information we have obtained over the course of our customer relationship with them. We may also send marketing campaign emails to persons who have expressed an interest in our services, or whom we believe to otherwise be directly interested in our products or services in line with the Privacy and Electronic Communications Regulations 2003.

We collect and use your personal information for our legitimate business purposes of communicating with you, to help with your enquiries, fulfilling your requests for services and/or for fulfilling contract purposes. We have completed a comprehensive assessment and implemented measures to ensure our interests do not affect your right to privacy.

Applying for a job you may provide us with information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) of the UK GDPR to comply with our legal obligations under the Act.  Any business opportunity, documentation or agreeing to consent to participate in literature relating to or the Company’s actual or anticipated business opportunities belongs to the Company.

 

How long we keep your information for

We will hold your personal information on our systems for as long as is necessary to maintain our relationship. Unless you choose to withdraw your personal details before this time, your personal data will be held in accordance with our data retention policy, unless required to be retained by law. A periodic review will be carried out to ensure all information held remains relevant, accurate and up to date.

 

Who might your information be shared with?

We will keep your information within i3Secure and will only share it where you have requested it, required by law, or given your consent. We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.  We may also share your information across the i3 Group and its commercial subsidiaries, where this is necessary to provide you with a service you have requested:

  • i3 Group (i3Secure & i3Works)
  • Prospect Global Ltd (trading as Sopro)

 

What information might be shared within the i3 Group

Information relating to your basic identification, contact details and information about your customer relationship with us may be shared for the purposes of Sales and Marketing.

 

Storing Data

Our data is processed using Microsoft Office and SharePoint Online, SharePoint onPrem, TEAMS, Outlook, and OneDrive. i3Secure stores data in the cloud, within UK based Data Centres.

 

Sending data outside the UK

The UK now controls our own data protection legislation and regulations (since Brexit).  We ensure our data protection regime is as good as it can be in line with the governments Ten Tech Priorities.  We fully support a world-leading digital economy and society whilst underpinning the trustworthy use of data.

We may transfer personal information to countries outside of the United Kingdom (“UK”), which may not have the same data protection laws as those of the UK. Where we transfer personal information to countries outside of the UK, we will take appropriate steps to ensure the personal information is afforded the same level of protection as described in our Privacy Notice(s). We rely on adequacy decisions or any adequate data transfer mechanisms adopted by the European Commission or a supervisory authority for transfers outside of the UK in line with Section 109 of the Data Protection Act 2018.

 

Legal basis for processing

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing this information are:

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting DPOaaS@i3Secure.co.uk

(b) We have a contractual obligation.

(c) We have a legal obligation.

(d) We have a vital interest.

(e) We need it to perform a public task.

(f) We have a legitimate interest.

 

Cookies

When you interact with our website, we try to make that experience straightforward and meaningful. Cookies are small pieces of information that are issued to your computer or mobile device when you visit a website and that store and sometimes track information about your use of the website.

Some Cookies are strictly necessary to make our website available to you (“Essential Cookies”). For example, to remember your consent and privacy choices. We cannot provide our Services without these Essential Cookies.

We also use Cookies for functional purposes in order to maintain and improve our Services or improve your experience, and for marketing purposes (collectively “Nonessential Cookies”). Some of the Non-Essential Cookies used are set by us, to collect and process certain data on our behalf, and some are set by third parties and our Social Networking Services.

A banner is displayed giving a) clear information about the purpose, storage & access to the cookie and b) has given consent in line with Article 4(11) of the UK GDPR, before it captures data.

Further information can be in our cookies policy here.

 

Analytics

We use third-party web analytics services on our website, such as those of Google Analytics, to help us analyse how users use our website, including by noting the third-party website from which you arrive, and provide certain features to you. The information (including your IP address) collected by the technology will be disclosed to or collected directly by these service providers who use the information to evaluate your use of the Services. To prevent Google Analytics from using your information for analytics, you can install the Google Analytics opt-out browser add-on by clicking here. Google’s ability to use and share information collected by Google Analytics about your visits to the Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.

We keep analytics data for 14 months from a visitor’s last visit.

 

Your rights

The General Data Protection Regulations (UK GDPR) provides the following rights to individuals:

  1. The Right to request to be informed about the personal information we process
  2. The Right to request access to your personal information
  3. The Right to request rectification of your personal information
  4. The Right to request erasure of your personal information that we hold
  5. The Right to request that we restrict the processing of your personal information
  6. The Right to request we port your personal data
  7. The Right to object to your personal information which we process
  8. The Right to request we do not solely automate, our decision making, and automated profiling

The right of obtaining information about your personal data is a fundamental right under data protection law, unless prohibited by law.

If you wish to exercise your rights please contact our DP mailbox DPOaaS@i3Secure.co.uk.

In relation to certain rights, we may ask you for information to confirm your identity, in line with the Information Commissioners Guidelines and, where applicable, to help us to search for your personal information.

The UK GDPR states that we must respond to your request within one month of receiving your verified request unless our assessment of your request concludes to be complex.  If that is the case, we will notify you without undue delay.  The following section explains how you can access your rights

 

Accessing your personal information

You have the right to request a copy of the personal information that we hold about you, unless prohibited from release by law. This is known as a Data Subject Access Request (DSAR). If you wish to request a copy of your personal information please address requests to the email address below.

 

Correcting and updating your personal information

The accuracy of your information is important to us. If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please contact us using the email address below.

 

Erasing your personal information or restricting its processing

You may ask for your personal information to be removed from our systems. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request. You may also ask us to restrict processing your personal information in the following situations:

  • Where you believe we have unlawfully used your personal information and you choose not to elect for your information to be erased.
  • Whilst we are verifying the accuracy of the information following a contest of accuracy.
  • You objected to us processing your personal information and we are considering whether our legitimate grounds override your decision.
  • You have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.

In these situations, we may only store your personal information and not further process whilst the restriction is in place. Unless we have your consent or are legally permitted to do so, for example to protect the rights of another individual or company or in connection with legal proceedings.

 

The right to data portability

This right allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. The right only applies to information an individual has provided to i3Secure, have the consent of the individual or we have refused under the grounds that we are required to retain the personal data for the performance of a contract. We can transmit personal data in structured, commonly used, and machine-readable formats using secure methods to transmit personal data from one Data Controller to another Data Controller. Portability does not apply where the personal data is required to be retained for a legal obligation or in our public task

If you wish to exercise any of these rights please address your request to  i3Secure DPOaaS@i3Secure.co.uk We will endeavour to complete your request as swiftly and diligently as possible and in line with regulatory timescales.

 

Right to lodge a complaint

If you are unhappy with the handling of your Data Subject Rights Request you can request a review within 40 working days of receiving your initial response.  If you wish to do this, you must do so in writing, identifying the decision that you wish to be reviewed or the aspect of the handling of your request that you are unhappy with.  Please address your request for review to:

 

The Data Protection Officer

I3Secure Ltd

Via email:  DPOaaS@i3Secure.co.uk

 

If you are dissatisfied with the outcome of any review carried out by i3Secure in relation to information that we hold about you, you may wish to appeal to the UK Information Commissioner (ICO) who oversees the UK General Data Protection Regulations. If you wish to do this, please write to the Information Commissioner’s Office as soon as possible after receiving the outcome of your review.

The Information Commissioner’s Office can also give you general information and advice about your rights to access information that is about you, and they can be contacted at:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone Number:  0303 123 1113

 

Charitable involvement

We have also recently linked up with TechVets and Turn to Starboard. TechVets is a bridge for service leavers, reservists, and their families into Information Technology careers.  “Turn To Starboard” is a registered charity that uses sail training to support Armed Forces personnel affected by military operations, but also NHS workers and other Emergency Services too. For more information check out their website: https://www.turntostarboard.co.uk/.

 

Further use

If we wish to use your personal data for a new purpose, not covered by our Privacy Notice(s), we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where necessary, we will seek your prior consent to the new processing.

 

Logos & Copyright

The use of any of i3Secure Ltd logos on any document or in association with any information signifies that the document or information has been prepared or approved by i3Secure Ltd.  Use of any of i3Secure Ltd logos without i3Secure Ltd consent infringes the copyright held in respect of the logos. No permission will be granted for the use of the logos nor will reproduction of the logos in any form be allowed unless i3Secure determines that:

  • the material on which the logos is to be used and
  • the use of the logos on such material have been expressly approved by i3Secure.

Unless otherwise stated i3Secure owns the copyright in all material on this site.

 

Changes to our Privacy Notice

This Privacy Notice may be updated from time to time so you may wish to check it each time you submit personal information to us. The date of the most recent revisions will appear on this page. If material changes are made to our Privacy Notice(s), for instance affecting how we would like to use your personal information, we will provide a more prominent notice.

 

Contacting us

If you have any questions or comments regarding the content of this Privacy Notice, please contact DPOaaS@i3Secure.co.uk.

 

Or alternatively

The Data Protection Officer i3Secure Limited

33 Kittoch Street

East Kilbride

Glasgow

LS1 2QH

Email :  DPOaaS@i3Secure.co.uk