1.0 INTRODUCTION

CHMS Cyber Security Limited takes the protection of your personal data seriously and strictly follows the rules outlined by data protection laws, including the General Data Protection Regulation (GDPR-EU and GDPR-UK).

This privacy notice provides information on how we collect and handle your personal data when you use this site or contact us about our products and services.

If you have any questions about this privacy notice or want to exercise your legal rights, please contact us using the information in section 14 of this privacy policy.

Personal Information includes identifiable details like your email address, name, home or work address, phone number, bank details, or online identifier. These details can directly or indirectly identify you, and we refer to them as "Personal Information" here.

2.0 WHY WE COLLECT PERSONAL INFORMATION

We gather your personal data for various reasons, including:

  1. Managing communication between you and us

  2. Fulfilling the contract we've made with you

  3. Processing payments

  4. Offering information you've asked for or that we think might interest you

  5. Ensuring the secure functioning of our website and monitoring its performance

  6. Marketing and advertising purposes

  7. Providing access to trials

  8. Conducting surveys and seeking customer feedback

    3.0 LAWFUL BASIS OF PROCESSING INFORMATION

We only collect and use your personal information when allowed by the law. This typically occurs in the following situations:

  1. You (the data subject) have given consent for the processing activity.

  2. Processing is necessary to fulfill a contract with you.

  3. Processing is required to comply with a legal obligation that we, as the controller, are subject to.

  4. Processing is necessary for the legitimate interests pursued by us or our partners.

If legitimate interest serves as the lawful basis, we conduct a three-part test known as a legitimate interest assessment:

  • Purpose Test: Identifying the legitimate interest.

  • Necessity Test: Evaluating if the processing is necessary for the identified purpose.

  • Balancing Test: Weighing the individual's interests, rights, or freedoms against the identified legitimate interests.

4.0 WHAT INFORMATION WE COLLECT AND WHERE IT COMES FROM

We gather personal information from various sources, including when you register on our website, use the site, provide information, request product details, call us (please note that your call may be recorded), email us, engage with us on social media, or use any of our services. The personal information we may collect, store, and use about you includes:

  • Name

  • Address

  • Billing address

  • Telephone number

  • Job title

  • Email address

  • Voice calls

  • IP addresses

  • Transactional information related to the services you use, and how you interact with us (e.g., services viewed, page response times, download errors, length of visit, scrolling, clicks, and mouse overs)

  • Browser type

  • Browser language

  • Operating system

  • Device type

  • Time zone

  • Communication preferences

We may employ technologies like tracking pixels to gather some of the above information from the emails we send you. This helps tailor our marketing to your needs and deliver more relevant emails. It also assists us in identifying if you are not engaging with our marketing emails.

Additionally, we may obtain business contact information from third-party sources such as Apollo.io and LinkedIn.

5.0 HOW LONG WE KEEP YOUR INFORMATION

We will keep your personal data only for as long as it is reasonably necessary to fulfill the purposes we collected it for, including meeting any legal, regulatory, tax, accounting, or reporting requirements. In certain cases, such as a complaint or if we anticipate potential litigation regarding our relationship with you, we may retain your personal data for a longer duration.

To determine the appropriate retention period for personal data, we take into account factors such as the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for processing, whether those purposes can be achieved through other means, and the relevant legal, regulatory, tax, accounting, or other requirements.

6.0 SECURITY OF PERSONAL INFORMATION

We take the responsibility of safeguarding your privacy seriously and are committed to securing your data in compliance with Data Protection laws. Our technical and organizational measures are in place to ensure the security of personal information, preventing unauthorized access, alterations, or disclosures. A robust access control policy limits access to your personal data to employees, contractors, and third parties with a legitimate business need, and the processing of your data only occurs based on our instructions.

We have established policies and procedures to address potential data security breaches, with notifications to data subjects, third parties, and relevant regulators as legally required.

While we implement strict procedures and security features, it's important to note that internet transmissions are not entirely secure. Therefore, the transmission of information to our website or from third-party websites is at your own risk.

The site may include links to partner networks, advertisers, and affiliates. If you follow a link to these websites, you must agree to their privacy notice, as we cannot accept responsibility or liability. Please review and agree to their policies before providing personal data.

We understand the confidentiality of the information you provide. We do not commercially sell, rent, distribute, or make Personal Information available to third parties. However, we may share information with service providers for the purposes outlined in this Privacy Notice. Your information will be kept confidential and protected in accordance with our Privacy Notice and applicable laws.

7.0 CHILDREN’S INFORMATION

We do not intentionally gather information on children. If, by chance, we have obtained personal information about a child, please reach out to us promptly using the details in section 14. We will take immediate action to remove this information without any unnecessary delay.

8.0 YOUR INDIVIDUAL RIGHTS

In this section, we've outlined your rights under the General Data Protection Regulation. Some rights are intricate, and our summaries may not encompass all details, so it's advisable to refer to the relevant laws and guidance from regulatory authorities for a comprehensive understanding.

  1. Your primary rights under the General Data Protection Regulation include:

    1. Right to Object:

      • You can exercise this right if processing relies on legitimate interest, is for scientific or historical research, involves automated decision making and profiling, or is for direct marketing purposes.

    2. Right of Access:

      • You or a third party acting with your authority may request a copy of your personal data without charge. Identity verification is required before releasing any personal data.

    3. Right to be Informed:

      • We are obligated to provide clear and transparent information about how we process your personal data, as addressed in this privacy notice.

    4. Right to Rectification:

      • If you believe the personal data we hold is incorrect or incomplete, you have the right to correct it, and you can exercise this right along with the right to restrict processing until corrections are made.

    5. Right to Erasure:

      • If there is no legal basis or legitimate reason for processing your personal data, you may request its erasure.

    6. Right to Restrict Processing:

      • You may ask us to hold your personal data without processing it under certain conditions, such as when processing is unlawful, the data is no longer needed but required for a legal process, or when you've objected to processing.

    7. Right to Data Portability:

      • You can request the transfer of your personal data to another controller or processor in a machine-readable format if processing is based on consent, is automated, or is necessary for fulfilling a contractual obligation.

    If you have any questions about these rights, please refer to "additional information" in section 16 of this policy.

    9.0 FAILURE TO PROVIDE PERSONAL INFORMATION

    In situations where we are required by law or need to collect personal data to process your instructions or fulfill a contract we have with you, if you fail to provide the requested data, we may be unable to carry out your instructions or perform the contract. In such instances, we might need to cancel our engagement or the contract we have or are attempting to enter into with you. We will notify you if this becomes necessary at the time.

    10.0 CONSENT

    If you have provided consent for processing, or explicit consent for the processing of special category data, you have the right to withdraw this consent at any time. However, it's important to note that withdrawing consent will not impact the lawfulness of processing based on consent before its withdrawal.

    11.0 COOKIES

    Our website uses cookies. Please see our cookies policy for full details of the cookies used.

    12.0 AUTOMATED DECISIONS

    Your personal data is not used in any automated decision making (a decision made solely by automated means without any human involvement).

    13.0 THIRD PARTY TRANSFERS

    CHMS Cyber Security may share your personal data, as outlined in section 4, with certain third parties to assist in delivering our services/products. All third parties are bound by contractual obligations to safeguard the personal data we share with them. We may engage with one or more of the following categories of recipients:

    1. Business Partners, Suppliers, Contractors:

      • For the performance of any contract we enter into with them or you.

    2. Supporting Parties:

      • Those who aid us in providing products and services, such as IT support, hosting providers, cloud-based software services, and providers of telecommunications equipment.

    3. Marketing/PR Services Providers:

      • Engaged for marketing and public relations services.

    4. Payment Service Providers:

      • Involved in processing payments for our products and services.

    5. Professional Advisors:

      • Such as lawyers and auditors, providing professional advice.

    6. Web Analytics and Search Engine Providers:

      • Engaged to ensure the continuous improvement and optimization of our website.

    These third parties play vital roles in supporting our operations and services, and we ensure that they adhere to contractual commitments to protect the personal data shared with them.

    14.0 RIGHT TO COMPLAINT

    We treat all complaints regarding the collection and use of personal information with utmost seriousness.

    If you believe that our collection or use of personal information is unfair, misleading, inappropriate, or if you have any other concerns about our data processing, please bring this matter to our attention in the first instance. To make a complaint, please contact us via email on contact@chmscybersec.net

    Alternatively, you can make a complaint to the Information Commissioner’s Office:

    By Post:Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

    By Website: Click Here

    By Email: Click Here

    By Phone: 0303 123 1113 (local rate) or 01625 545 745 (National rate)

    15.0 TRANSFERS OUTSIDE OF THE UK/EEA

    This section outlines the circumstances in which your personal data may be transferred and stored in countries outside the UK or the European Economic Area (EEA).

    We may share personal information with third parties located outside the UK or EEA. Any transferred personal information will only be processed based on our instructions, and we assure the highest standard of information security to protect it, as mandated by Data Protection laws.

    When personal data is transferred outside the EEA to a country without an adequacy decision, we will implement suitable safeguards before the transfer. These safeguards may include:

    1. Standard Contractual Clauses

    2. Binding Corporate Rules

    3. An exception as defined in Article 49 of the EU GDPR

    For further details on transfers and safeguarding measures, please contact us using the information provided in section 16.

    16.0 ADDITIONAL INFORMATION

    Your trust is of utmost importance to us. We are committed to being available for you at any time to address any concerns or questions regarding how your data is processed. If there are questions that this privacy policy doesn't sufficiently answer or if you seek more detailed information about any aspect of it, please feel free to contact us at contact@chmscybersec.net.

    17.0 POLICY REVIEW AND AMENDMENTS

    We regularly review and update this Policy. The last update was made on 25th January 2024.

    We retain the right to modify this privacy notice at any time, and in the case of significant updates, we will furnish you with a new privacy notice. Additionally, we may notify you through other means periodically regarding the processing of your personal information.