Privacy Policy

PRIVACY POLICY

Sodium Cyber Ltd is a UK-based cyber security consultancy.  Sodium Cyber is committed to protecting personal data and respecting the privacy of individuals. The following policy describes how we collect and handle personal data throughout the course of our interaction with clients and how we respect those rights and comply with applicable legislation.

Should you have any queries about this policy or wish to make a subject access request or exercise any other rights under the terms of the UK Data Protection Act 2018 and the European Union General Data Protection Regulation please use our Contact Us page.

You have the right to make a complaint about our handling of your personal data to the UK Information Commissioners Office (ICO). For further details see: https://www.ico.org.uk/concerns.

DEFINITION OF PERSONAL DATA

Personal data is defined as information which can be used to identify an individual, either directly (name, date of birth, address) or indirectly (IP addresses, cookies et al).  Further details of the definition of personal data can be found on the Information Commissioner’s Officer’s web page (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/).

COLLECTION OF PERSONAL DATA

Sodium Cyber collects personal data as defined above during our day-to-day operations. We do not collect special categories of personal data (such as race/beliefs/sexual orientation etc).

We collect much of the information based upon: –

  • legitimate interests (for example, to send you direct marketing about services similar to those you have purchased from us or negotiated or enquired about);
  • Fulfilment of a contractual obligation with you (for example, to provide you with services you have purchased from us).

Without your consent to provide personal data as part of delivery of a contract with you (for example, to provide one of our services or to receive payment) then we may not be able to successfully fulfil the contract.

Our collection of personal data is for the following purposes.

Business Contacts, Operations and Marketing

If you contact Sodium Cyber via telephone, email, this website or any social media channel then we will collect the contacting party’s name, job title, company name, address, email address and telephone numbers. Through the course of ongoing interactions with you we may similarly collect the personal details of other people within the business based upon a requirement for interaction with them in the delivery of our services or for marketing purposes. Where there is no case of legitimate interest you must opt-in to receive marketing communications from us and you can withdraw this consent at any time using the “unsubscribe” feature of our communications.

The collection of this information is for the purpose of potentially providing proposals, entering into negotiations and for the possible delivery of business services to you based upon your contact.

We may share this information with our staff, associates and suppliers (e.g. solicitors and accountants), only where necessary in the delivery of a service to you under the terms of any commercial relationship we have in place. In the event that you do not enter into any commercial agreement with us for the delivery of our services we will not share your information to any third party, unless as required by law.

We will only retain this information within our Customer Relationship Management systems, email messages and other systems and applications for as long as necessary, including for the purposes of satisfying any legal / regulatory, accounting, or reporting requirements.

All marketing emails will include the ability to opt-out (via an unsubscribe link) from receiving future communications from us. Additionally, you may request us to ensure that you do not receive marketing communications from us via any source via our Contact Us page.

Use of this Website

Furthermore, if you contact Sodium Cyber via the contact us page then we will collect the contacting party’s name, job title, company name, address, email address and telephone numbers.

We use cookies on this website for analytical purposes and to improve the experience of using our web site. Our cookie policy page has further details on this.

We may also collect information when you visit the website, including but not limited to your IP address, location, time of access, the browser you use, your operating system and the pages you visit. We use Google Analytics to analyse the use of our website and to identify organisations that we may wish to contact to discuss our services further. This involves the use of some JavaScript embedded in our page that will analyse the source IP address of your use of our site.

Information submitted via forms on the Sodium Cyber website is forwarded to staff members only and we will only retain this for as long as necessary, including for the purposes of satisfying any legal / regulatory, accounting, or reporting requirements.

SHARING OF PERSONAL DATA

We do not share client personal data with third parties unless there is a legal requirement to do so or to ensure the successful delivery of services to you. Examples of legitimate business purposes for the sharing of your personal data include: –

Engagement of subcontractors to deliver a service to you as agreed under our terms and conditions;

The use of professional services such as accountants or solicitors associated with the ongoing operation of our company;

External third parties who, acting as data processors, provide IT, application and telephony services.

We do not sell your personal data to any other organisation.

STORAGE OF PERSONAL DATA

We may store your personal data on: –

  • Cloud-based email services
  • Cloud-based Customer Relationship Management (CRM) services
  • Cloud-based accountancy services

In using these services, the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) and transferred from such destination to another destination outside the EEA.  Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring our suppliers are compliant with the GDPR legislation.

RETENTION OF PERSONAL DATA

Personal data is only retained for as long as we need it to deliver our services to you or to meet our legal obligations as outlined above.  Once personal data collected is no longer required it will be deleted from our storage facilities.

YOUR RIGHTS

Under the terms of the UK Data Protection Act 2018 you have a number of rights with regard to our handling of your personal data: –

  • The right to be informed: you have the right to be advised how your data is being handled and processed.
  • The right to access: you have the right to ask us (via a subject access request) to provide a copy of any personal data we hold about you.
  • The right to rectification: You have the right to request inaccurate or incomplete data that we hold to be updated.
  • The right to erasure (also known as ‘the right to be forgotten’): You can request that we erase your data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where you withdraw consent for us to hold your data.
  • The right to restrict processing: you can request that we limit the way an organisation uses personal data.
  • The right to data portability: You have the right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller,, where applicable i.e. where our processing is based on consent or is necessary for the performance of our contract with you or where we process your data by automated means).
  • The right to object: You have the right to object to the processing of personal data that has been collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority.
  • Rights related to automated decision making including profiling: You have the right to challenge and request a review of the processing / profiling for decisions made with no human involvement.

These are defined by the ICO at the following URL: –

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Further details can also be found at the following URL: –

https://gdpr-info.eu/chapter-3/

SUBJECT ACCESS REQUESTS

You have the right to obtain a copy of all personal data we hold on you (subject access request). We do not charge to provide this access to personal data held). However, unfounded or excessive requests may lead to the leverage of an administrative fee at our standard admin hourly rate.  Alternatively, we may refuse to comply with the request in such circumstances, for example if requests are unfounded or excessive.

To ensure security we may need to confirm your identity using a passport or other Government-approved identification method.

To request a copy of the personal data we may hold on you, use our Contact Us page.