Privacy Policy

This Privacy Policy describes how your personal information is collected, used, and shared when you use our website and engage with us.

We may update this privacy policy from time to time to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons at any time.

Data Controller
As a data controller, we are mindful of the methods we can employ to collect your personal information and the processing it can be subject to.

Data Protection Principles
Concerning personal data, we will uphold the following;

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

What are your data protection rights?
If you are a resident of the European Economic Area (EEA), you have certain data protection rights, which we extend to all of our customer bases. If you wish to be informed what personal data we hold about you and want it removed from our systems, please get in touch with us via info@pentestcyber.co.uk.

In certain circumstances, you have the following data protection rights:

• The right to access, update or to delete the information we have on you
• The right of rectification
• The right to object
• The right of restriction
• The right to data portability
• The right to withdraw consent

If you make a subject access request (SAR), we will respond to this request within a 30-day period. If you would like to exercise any of these rights, don't hesitate to contact us at our email: info@pentestcyber.co.uk.

What data do we collect?
Pentest Cyber collects several different types of personal data for various purposes. Consent from the data subject is sought before processing and storing personal information. Subject Data may include, but is not limited to:

• Personal identification information (Name, email address, phone number, etc.)
• Other business-related data, we do not deal with the general public.

How do we collect your data?
You directly provide us with most of the data we collect. We collect data and process data when you:

• Voluntarily complete a customer inquiry regarding our available services, or provide feedback via email.
• Use or view our website via your browser's cookies.

Our company may also receive your data indirectly from various sources by legitimate interest.

How will we use your data?
Pentest Cyber verifies the General Data Protection Regulation (GDPR) adherence when deciding to use a data processor for personal data.

We collect your data so that we can complete the following;

• To perform the servicing contract.
• To carry out legally required duties.
• Process your order and manage your account.
• Email you with special offers on other products and services we think you might like.

We also collect data to carry out activities that are in the legitimate interests of the company.

• Reaching out to prospective customers and suppliers.
• Tracking key metrics and user behaviour while interacting with our website.
• Dealing with legal claims levied against us or bringing claims to others.

If you agree, Pentest Cyber will share your data with our partner companies so that they may offer you their products and services.

• CREST
• IASME

When Our Company processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.

How do we store your data?
Pentest Cyber securely stores your data in UK based data centres with encryption at rest and transit. It sometimes may be necessary to store paper-based records, in which case all appropriate measures are taken to ensure they are stowed securely.

How long do we keep your data?
Pentest Cyber retains your personal information only for as long as is necessary and for the purposes set out in this privacy policy or until you ask us to delete this information, depending on the context of that information. Pentest Cyber retains and uses your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

Once a retention period expires, we delete your data using industry-standard multi-pass deletion software. Any paper-based records will be shredded using a cross-cut shredder.

Marketing
We want to send you information about our products and services that we think you might like. If you have agreed to receive marketing material, you may always opt-out at a later date. If you no longer wish to be contacted for marketing purposes, please get in touch with us.

Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

How do we use cookies?
Our company uses cookies in a range of ways to improve your website experience, understand how you use our website, and the avenues of our traffic.

Pentest Cyber also uses Google Analytics to help understand how visitors reached the site. You can read more about how Google treats your data here: https://www.google.com/intl/en/policies/privacy/.

You can opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

What types of cookies do we use?
There are several different types of cookies. However, our website uses:

• Functionality – Our Company uses these cookies to recognize you on our website and remember your previously selected preferences. These could include what language you prefer and the location. A mix of first-party and third-party cookies are used.

• Advertising – Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and IP address. Our company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners.

How to manage cookies
You can set your browser not to accept cookies. However, in a few cases, some of our website features may not function as a result.

Data collected from children
Pentest Cyber services are not intended for individuals under the age of 16.

How to contact us
For more information about our privacy practices, if you have questions or want to make a complaint, please contact us by email at info@pentestcyber.co.uk.

Pentest Cyber details
Pentest Cyber Ltd, a company incorporated in England and Wales with registered number 09981652 and operates the Website pentestcyber.co.uk. The registered VAT number is 233593210 and registered office address of Pentest Cyber Ltd, Wyastone Business Park, Wyastone Leys, Monmouth, Monmouthshire, NP25 3SR.