PRIVACY NOTICE
Redscan Cyber Security Limited (“Redscan”) collects and processes personal data via the www.redscan.com website (“Website”). This privacy notice is designed to inform you about the data we collect, what we use it for and your rights regarding the use of this data.
Who is Redscan?
Redscan provides cyber security services to a wide range of organisations. We are committed to protecting the personal data we hold.
Personal data
Under the EU’s General Data Protection Regulation (“GDPR”) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
From time to time, Redscan may update this privacy notice to reflect changes to the personal data we process or for other operational, legal or regulatory reasons.
The date at the bottom of this notice indicates when the notice was last updated.
Why does Redscan collect and process personal data?
We collect personal data to offer and administer our services and products.
The data you provide to us will be processed in accordance with the purposes specified in this notice, namely:
- To provide the products or perform the services requested by clients and individuals (where the processing is necessary for our legitimate business interests in conducting and managing our business)
- To provide the products or perform the services requested by clients and individuals using our website or web applications (where the processing is necessary for our legitimate business interests in conducting and managing our business)
- For complying with obligations provided by laws, current regulations and UK or European legislation (e.g. tax regulations) (where processing is based on a legal obligation)
- For legitimate business purposes to advise you through e-mail, phone call, or post, in the framework of our ordinary commercial relationship, about other products or services similar to the products or services we have provided to you and that we think will be of interest to you (where the processing is necessary for our legitimate business interests)
- For marketing purposes. For example, we may use your information to further discuss your interest in the Services and to send you information regarding Redscan such as information about promotions, events, products or services.
- If you are located in the UK or EU, we will only send you marketing communications and updates about our products, services and events with your prior consent, or based on our and your legitimate interests. In either case, you can withdraw your consent or opt-out or receiving such communications at any time.
- If you are not located in the UK or EU, you may opt-out of receiving marketing communications and updates at any time.
- You can manage your receipt of marketing and non-transactional communications by clicking on the «unsubscribe» link located on the bottom of Redscan’s marketing emails or you may send a request to dataprotection@redscan.com.
- For improving Redscan’s communications with you. Emails sent to you by Redscan may include standard tracking, including open and click activities. Redscan may collect information about your activity as you interact with our email messages and related content.
- For security purposes. For example, we may use your data to protect Redscan and its third parties against security breaches and to prevent fraud and violation of Redscan’s applicable agreements (where the processing is necessary for our legitimate business interests).
- To assist in the monitoring of the website, enrich your user experience, and display relevant digital advertising, this data also includes online identifiers including IP addresses and web cookies.
Redscan is committed to ensuring that the information we collect and use is appropriate for these purposes and does not constitute an invasion of your privacy.
Whenever Redscan processes your personal data for its legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish.
What personal data do we process?
The personal data we may collect and process relating to you through your use of this website includes:
- Name and job title
- Company name
- Email address
- Telephone number
- Postal address
- IP address
- Browser ID
- Marketing communication preferences
Any additional personal data that you chose to share with us will also be processed.
Clients and other Third parties who provide personal information to Redscan must do so in compliance with applicable data privacy regulations.
How data is processed
Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations. We permit only authorized Redscan employees and Third-Party processors to have access to your information. Such employees and Third-Party processors are appropriately designated and trained to process data only according to the instructions we provide them.
Storage of Personal Data and Retention Period
Redscan will process and store your personal data only as long as necessary to fulfil the purpose that the data was collected for, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with Redscan’s Document Retention Schedule.
Cookies
Like most business websites, Redscan’s uses web cookies to improve user experience. Cookies are small files that are placed on your system and assist Redscan in understanding how visitors use and browse our website.
You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of it may be restricted. As the means by which you can refuse cookies through your web browser controls varies from browser to browser, you should visit your browser’s help menu for more information.
Click here for more information about the cookies we use.
Disclosure/Sharing of Personal Data with Third parties
To help process your personal data for the purposes described in this policy, Redscan may entrust third party processers (“Third Parties”) or share data among Redscan affiliates who act for Redscan for the purposes set out in this notice.
Redscan has contractual agreements in place with all the contracted Third Parties it works with in order to ensure your personal data is used only for the provision of the contracted services and in a manner that is consistent with this policy. Examples of Third Parties include CRM and marketing automation providers.
In instances where personal data is processed by Third Parties or affiliates outside of the EEA, we ensure that appropriate safeguards are in place to protect your information to the same or an equivalent level as would be found in UK and EU data protection legislation. The safeguards we use include:
- Ensuring the country is the subject of an EU adequacy decision
- Ensuring transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission or by another adequate transfer mechanism.
Where we receive requests to disclose personal data from law enforcement or regulators, we carefully validate these requests, including reviewing the legality of any order and challenging the order if there are grounds under the law to do so, before any personal data is disclosed.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to access the personal information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that Redscan refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain (as outlined in the Complaints section below).
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
Please contact dataprotection@redscan.com to request the exercise of your rights.
Subject to legal considerations or certain exemptions, we may not always be able to address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Requests received via post may be delayed due to limited office access during the COVID-19 pandemic. Please contact us by email to ensure your request is received in a timely manner.
Automated Decision Making
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
Redscan does not make automated decisions using personal data. If automated decisions are to be made, affected persons will be given an opportunity to express their views on the automated decision in question and object to it.
Providing Information to Redscan
If you choose not to provide certain personal information, it may be an impediment to the exchange of information necessary for the execution of the contract or provision of services. We may not be able to provide you with some services and you may not be able to participate in some of the activities on our website(s).
Third Party Websites or Other Services
We are not responsible for the privacy practices of any non-Redscan operated websites, mobile apps or other digital services, including those that may be linked through Redscan websites or services, and we encourage you to review the privacy policies or notices published thereon.
Contact Us
Please contact us at Redscan with questions, concerns, or complaints:
Requests received via post may be delayed due to limited office access during the Covid-19 pandemic. Please contact us by email to ensure your request is received in a timely manner.
Redscan Cyber Security Limited
2 Throgmorton Avenue
London EC2N 2DL
dataprotection@redscan.com
Policy updates
From time to time, Redscan may update this privacy notice to reflect changes to the personal data we process or for other operational, legal or regulatory reasons.
The date at the bottom of this notice indicates when the notice was last updated.
Complaints
In the event that you wish to make a complaint about how your personal data is processed by Redscan, email us at dataprotection@redscan.com
If you unhappy about how a complaint has been handled by Redscan, you have a right to lodge a complaint directly with the Information Commissioner’s office in the UK (www.ico.org.uk) or your local supervisory authority.
Last updated: 14th April 2021