For the purpose of the Data Protection Bill 2018 the data controller is MWRInfoSecurity Limited of Matrix House, Basing View, Basingstoke, RG21 4DZ.
Countercept operates as a division of MWR and adheres to the same data management policy.
phishd operates as a division of MWR and adheres to the same data management policy.
We may collect and process personal information about you from the following data categories:
You may give us information about you by filling in forms on our websites or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, subscribe to our services, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site. The information you give us may include your name, address, email address and phone number, financial and credit card information, personal description and photograph.
With regard to each of your visits to our site we may automatically collect the following information:
We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data, and that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
We use information held about you in the following ways:
We will use this information:
We will use this information:
We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
The collection, retention, management and processing of your information, based on the uses above is carried out under either 1) fulfilment of a contract or 2) a legitimate interest of MWR. For more information on our legitimate interest assessments please contact firstname.lastname@example.org. The use of legitimate interest as a lawful basis for processing does not affect your rights as an individual and you are able to opt out if you so wish.
Where processing is required for an activity (e.g. responding to a website enquiry or a contractual agreement), we may not be able to complete the activity without the specific processing.
Where legitimate interest is not a suitable or applicable to a type of data processing we will seek your consent. You may withdraw consent at any time.
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also share your information with selected third parties (data processors) including:
We may disclose your personal information to third parties:
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Your right to be informed requires us to pro-actively inform you when we intend to or have processed your information. This primarily takes the form of this privacy notice, point of contact notices, and outbound communications (where email is the most practical and least intrusive method).
You have the right to know what personal data we process and to access/receive copies of your personal data. You may also access other supplementary information about the processing.
To request access to your data and supplemental information about the processing, please contact email@example.com.
We will provide the information free of charge unless your request is manifestly unfounded, excessive or repetitive, in which case we are entitled to charge a reasonable fee. We will provide the information you request as soon as possible and in any event within one month of receiving your request. If your request is complex, we may notify you that we require an extension of up to two months.
If you believe that we are processing inaccurate information, you may ask us to correct that information. We will correct any errors within one month, unless we require an extension. We will notify you if an extension is required.
There are situations that require us to refuse to comply with a request. We will notify you if any of these apply.
In some circumstances, you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data, but we don’t have to delete it. This right is available to you:
You have a right to access and or receive your data across different services, transfer your data securely between IT environments, and maintain its usability. MWR will endeavour to meet your request for a specific format; however, as standard your data will be supplied in a format best suited to meeting the right to portability.
You have the right to object to us processing your information:
To object, you must outline your grounds for doing so. We will comply with your objection unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights, and freedoms or the processing is for the establishment, exercise or defence of legal claims.
Some activities make use of your information and the use of automated decision making – for example, being selectively included in marketing activities. While automation is used, it is not used in isolation without human input.
To exercise any of your rights or for more information on this topic area, please email firstname.lastname@example.org