Under the General Data Protection Regulation (the “GDPR”) – Regulation (EU) 2016/679, and the UK Data Protection Act 2018 (the “DPA18”), we have a legal obligation to protect any personal data that we process. For the purpose of processing personal data on our website or that you provide us when you meet us, ITC is the Controller, as defined in the GDPR.
Controller – has the meaning set out in the GDPR but generally it means the person or body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Personal Data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
What data we collect
When you subscribe to receive further information from us, contact us via our website or meet us at events we may collect the following personal data from you:
- Your first and last name;
- Email address;
- Company name;
- Job title;
- Country of residence; and
- IP address and usage data about how you use our website on subsequent visits.
We collect anonymised usage data about general (unsubscribed) visitors to our website; which pages were visited, how many times they were visited and how long was spent on those pages.
We collect limited usage data (pages visited) relating to your viewing and accessing of our email marketing materials, and your marketing preferences.
How we collect your data
We use the following methods to collect information about you:
- Online registration forms on our website;
- Collected when you view or access our email marketing materials;
- Paper-based material (feedback forms and business cards);
- LinkedIn scraping; and
- During any customer onboarding phase.
How and why we process your data
Under the GDPR we can only use your personal information if we have a proper reason for doing so, for example:
- to comply with our legal obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. Your rights are set out later in this policy.
We set out below what we use your personal data for and our reasons for doing so.
|What we use your personal data for:
· any requests you make of us via our website, such as bookings for events or subscriptions for industry news bulletins;
· how we contact you; and
· your contact preferences.
For the performance of our contract with you or to take steps at your request before entering into a contract.
Where you have signed up for any of our Thought Leadership pieces, Threat of the Week or Threat Horizons, collectively the “Newsletters” we will process your personal data in order to send you the respective Newsletter that you have signed up to receive. We do this on the basis of your consent. For more information on consent, please see below.
Where we do not have a contract with you then we process this information for our legitimate interests of operating a cyber security business and providing up to date industry information to those who are interested and organising and running information based events.
|To administer our website, enhance website performance and ensure that the website displays in the best format on your device. We would also like to make sure that we provide you with the most recent and up-to-date content on our website, which may require us to consider some certain aspects of your personal data such as your viewing browser’s language settings, or which country you are from when you visit our website.
|For our legitimate interests of operating a website and providing services to you via the website.
|Market our services to you.
We will send you marketing information by email if you are a customer of ours or if you have consented to receiving marketing communications from us.
You always have the right to opt-out of receiving marketing communications at any time by contacting us as [email protected] or using the unsubscribe link in our emails.
Please see below for further information regarding consent.
|Preventing unauthorised access and modifications to our systems.
|For our legitimate interests of providing a website and providing services to you via the website and to prevent and detect criminal activity that could be damages to you and us.
|Statistical analysis to help us manage our business.
|For our legitimate interests of providing a website and providing services to you via the website and operating a cyber security business.
If we are processing your personal data on the basis of consent you can withdraw your consent at any time by contacting us directly at [email protected] or using the unsubscribe link provided in each email.
With whom we share your data
ITC employees who administer, maintain and continuously develop our website, products and services will receive access to any personal data provided to the website. To that end, ITC has strong technical and organisational security measures in place to protect your data. We will not share your personal data collected via our website with any third parties except for the purposes set out in this policy or to fulfil any overriding legal obligations.
We may share your personal data with:
- Companies within our group of companies and may include ITC Washington which is covered by the model clauses as set out below;
- Third parties who may be potential buyers of some or all of our business or during a re-structuring. Usually, such information will be anonymised where possible. Any such buyer will be subject to confidentiality obligations;
- If you post a comment on any of our Newsletter posts, the content of your comment and the name/user name you provided will be publicly available and may appear in search engines where the search criteria match the provided name.
Security of your data
We have the appropriate technical and organisational measures in place to help prevent any unlawful or unauthorised access to your personal data and helps to protect against the accidental loss or damage to your personal data.
Transfer and processing of your data outside the European Economic Area
Where personal data is transferred outside of the European Economic Area (“the EEA”), we will ensure that any transfer is subject to the appropriate safeguards or is otherwise permitted under applicable law. For example, the country where the personal data is being transferred has been approved by the European Commission or the recipient has agreed to model contractual clauses which have also been approved by the European Commission which obliges the receiving organisation to protect the personal data with appropriate safeguards, or the recipient may be located in the United States of America and is a certified member of the EU-US Privacy Shield scheme.
How long we will hold your personal data for
We will take into consideration the following when deciding the appropriate data retention periods for your personal data:
- The length of time that is required to fulfil our purpose for processing; and
- Any legal obligations that we may have in relation to your personal data, for example laws or regulations that require us to hold the data for a set period.
Under the GDPR you have the right to:
- Right of access – you have the right to request a copy of the data that we hold about you;
- Right of rectification – you have the right to correct the data that we hold about you that is inaccurate or incomplete;
- Right to be forgotten – you have the right, in certain circumstances, to ask for the data we hold about you to be erased from our records;
- Right to restriction of processing – you have the right, in certain circumstances, to ask for us to restrict the way we process your data;
- Right of portability – you have the right to have the data we hold about you transferred to another organisation in certain circumstances;
- Right to object – you have the right to object to our processing your data where we are relying on a legitimate interest in order to process it; and
- Right to withdraw your consent – you have the right to withdraw your consent at any time.
Information and complaints
If you wish to exercise your rights under the GDPR, please contact us at [email protected]. You can find out more information regarding your rights by visiting the UK’s Information Commissioners’ Office at www.ico.org.uk.
We hope that we at ITC can resolve any query or concern you may have about our use of your personal data, so please contact us with any queries at [email protected].
The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113