Contact Privacy Policy

Overview 

This Contact Privacy Notice (“Privacy Notice”) explains what types of personal information, also referred to as personal data, we collect about visitors that contact us using the website, email or phone. 

In this Notice the terms “Pen Test Partners LLP,” “we”,” us”, and “our” refers to Pen Test Partners LLP. and its affiliates and subsidiaries. 

Purpose 

The purpose of this notice is to provide visitors to our website or make phone calls or email enquires with information regarding the personal data we collect, the purposes and other information related to processing the data. When processing data of a personal and sensitive nature, there is an obligation, set out in law, to inform the data subject of the processing. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of that website and you should check their policy before continuing to access the site. 

Data Protection Framework. 

Pen Test Partners LLP is the data controller for the personal data we process and is responsible for the personal data of website visitors (the “Data Subject”) processed in connection with your employment. We have aligned this Notice with the Data Protection Act 2018 and for so long as it applies, the General Data Protection Regulations (GDPR), under the supervision of the ICO within the UK. 

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, please contact the DPO using the details set out below. 

Contact Details: 

Pen Test Partners LLP, Unit 2, Verney Junction Business Park, Buckingham, MK18 2LB, UK. 

Tel: +44 203 095 0500. 

Our Data Protection Officer email address: [email protected]  

Third Party Services 

We use third-party services, such as Google Analytics and Cloudflare, to analyse website traffic and protect against security threats. These providers process data on our behalf and are contractually obligated to comply with UK GDPR requirements. 

For details on how these services use cookies and tracking technologies, please refer to our Cookie Policy, published on our website.  

Data Collection and Lawful Basis 

We collect and process the following categories of personal data from visitors who contact us via our website, email, or phone: 

• Contact details: such as name, email address, phone number, and company name (where applicable). 

• Technical data: including IP addresses, device information, and browser type. 

• Communication data: such as the content of emails, phone call recordings (where lawful), and enquiry details. 

• Cookies and tracking data: as outlined in our Cookie Policy, published on our website. 

The lawful bases for processing this data are as follows: 

• Contractual necessity (Article 6(1)(b) of UK GDPR): to respond to and manage your enquiries or requests. 

• Legitimate interest (Article 6(1)(f) of UK GDPR): to improve our services, analyse website usage, and ensure network and information security. We only process data under this basis where our interests do not override your rights and freedoms. 

• Consent (Article 6(1)(a) of UK GDPR): where explicitly provided for specific purposes, such as marketing communications or non-essential cookies. 

We collect information not to identify individual users but to gain useful knowledge about how our site is used in order that we can keep improving it for our users. We may use your personal information to send you updates about our services, including promotions or new services. We have a legitimate interest in processing your personal information for promotional purposes. You have the right to opt out of receiving promotional communications at any time by contacting us at [email protected]. 

What is Personal Information? 

Personal information, also known as personally identifiable information or personal data, for purposes of this Privacy Notice means any information that (i) directly and clearly identifies an individual, or (ii) can be used in combination with other information to identify an individual. 

What are Special Categories of Personal Information? 

Sensitive personal information is a subset of personal information that may be more sensitive in nature for the individual concerned: 

• Race and ethnic information. 

• Sexual orientation. 

• Political/religious beliefs. 

• Taxpayer/government issued identification numbers i.e. national insurance or social security numbers.   

• Financial information. 

• Health or medical information. 

• Criminal records. 

We do not collect any special categories of data via the website. 

What Personal Information Do We Collect? 

Personal information not provided by you and collected via the website include information processed by the cookie providers listen on the cookie policy. Personal information provided by you and collected via the website, phone calls and email, including: 

• Name 

• Employer 

• Email address 

• Employers address 

• Personal address  

• Phone number 

How We Use the Personal Information We Collect 

We process the data collected via cookies to allow us to analyse the use of our website and the locations of visitors to improve the website and understand the demographic of visitors.  

To maintain and improve security of our website. 

Data provided by you, when completing a form, is used to fulfil any company promotional offers you decide to take us up on. 

Sharing Personal Information 

Your personal information will be shared with: 

• Our website developer, website hosting provider and our cookie providers. 

• Internal management. 

• Affiliates providing software development services on our behalf.  

• Affiliates providing marketing services on our behalf. 

• Any parties involved any acquisition of our business or theirs. 

• Social media sites (Twitter, LinkedIn, YouTube, The Fediverse). 

• Transportation and shipping where relevant. 

• We may also share Contact Details with our employees, officers, consultants, subcontractors, business partners, and other suppliers who are engaged in relation to any contract which we have entered with you or your employer. We may also share your information with our professional advisors and service providers. 

• We will share personal information with law enforcement or other authorities if required by applicable law. 

Access to Personal Information We Collect 

You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please submit a request. 

When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. 

Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions. 

Correction of Collected Personal Information 

We endeavour to ensure that personal information in our possession is accurate, current, and complete. If an individual believes that the personal information about him or her is incorrect, incomplete, or outdated, he or she may request the revision or correction of that information. We reserve the right not to change any personal information we consider is accurate. 

If it is determined that personal information is inaccurate, incomplete, or outdated, we will use reasonable efforts to revise it and, if necessary, use reasonable efforts to inform agents, service providers or other third parties, which were provided with inaccurate information, so records in their possession may be corrected or updated. 

Retention of Collected Information 

Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your personal information only for as long as we believe it is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). 

You may request that we delete the personal information about you that we hold. There are instances where applicable law or regulatory requirements allow or require us to refuse to delete this personal information. If we cannot delete your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions. 

Typical website cookie data retention periods are 1 year maximum from the time of collection. Persistent cookies remain on your device until their expiry date or until you delete them. Records retained from emails is retained for 2 years. Phone call logs are retained for 90 days. No calls are recorded. 

Requests to Access, Delete, Correct Information, or Withdrawal of Consent 

Please submit requests to access, delete, or correct your personal information in writing. Any request by you to us to delete your personal information may not result in deletion of any information submitted by you to a third-party provider. If you require the third-party to delete any of your personal information, you must contact the third party directly to request such deletion. You have a right to withdraw consent if that was the legal basis relied on at the point of processing. 

Please note theses rights are not absolute, and we may decline if there is a legal basis to do. If we decline or are unable to comply with your request, we will provide you with an explanation in writing.  

International transfers 

Where data is transferred outside the UK, we rely on UK International Data Transfer Agreements (IDTA) or Standard Contractual Clauses (SCCs) to ensure adequate protection. Data may be transferred to countries such as the US for services like Google Analytics, with safeguards in place to comply with UK GDPR. 

Resolving Concerns 

If you have questions or concerns regarding the handling of your personal information, please contact the Data Protection Officer. Alternatively, you may report concerns or complaints, including information about potential data breaches involving personal information to the Information Commissioners Office.  

Changes to Privacy Notice 

This Privacy Notice is reviewed periodically to ensure it accurately captures all types of data collected or any additional or different processing of such data. We may, therefore, change this Privacy Notice at any time. The effective date of each version of this Privacy Notice is identified below. 

Security of Collected Information 

We are committed to protecting the security of the personal information collected. We implement physical, electronic, and administrative safeguards, including: 

• Role-based access controls. 

• Strong authentication. 

• Encryption. 

• Centralised logging and alerting. 

• Data loss prevention. 

• Anti-malware protection. 

Our security measures are certified under ISO 27001:2022. 

Complaints 

If you have any concerns about this privacy notice or how we process your data, you may: 

• Decline cookies and trackers on our website. 

• Raise your concerns with the Information Commissioner’s Office (ICO) at Make a complaint | ICO. 

• Report any concerns to our DPO using the contact details in Section 3.