Privacy Policy

OpSec Security Group Ltd (“OpSec”) respects the privacy of individuals, and we recognise the need and our responsibilities to ensure appropriate protection and management of the personal information you share with us. We are an International organisation, however, we operate in compliance with the European General Data Protection Regulation (GDPR) and Data Protection Act UK and apply such principles and controls worldwide.

Summary

  • We keep to a minimum the information we hold about you.
  • We use your data to provide our services to you, meet our legal obligations, and improve our website.
  • We delete your data when it is no longer needed for these things.
  • Generally, we do not give your information to third parties, but there are some exceptions – details of which are outlined below under the ‘third parties’ section
  • You have lots of privacy rights.
  • We take security seriously.
  • We do not record telephone calls.
  • We will not share your information with any other company or organisation unless required to by law and we will not sell your information.
  • By visiting www.opsecsecurity.com, you are accepting and consenting the website’s Terms of Use.
  • Your data may be held or processed outside the EEA (See Appendix for Definition of EEA)
  • We use website cookies.
  • We are happy to answer your questions about any of this.

Want more detail?

To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:

As a convenience to our visitors, this website currently contains links to a number of sites that we believe may offer useful information. The policies and procedures we described here do not apply to those sites. We suggest contacting those sites directly for information on their privacy, security, data collection, and distribution policies.

ICO registration

OpSec Security Ltd is registered with the Information Commissioner's Office (ZA346412).

Your rights

You have the following rights regarding your privacy and your personal data:

  • To be informed and understand how your data will be used, secured and managed and for what purpose.
  • To access the personal data we hold about you and understand how we process it.
  • To have your data kept accurately and up to date and to be disposed of securely when no longer required.
  • In some circumstances, restrict our processing of your data, and or to request we erase your personal data where this is appropriate.
  • To object to our processing or withdraw previously given consent.

Not all rights will apply to all processing, however, if you want to exercise any of these rights, please contact us. If you have concerns or a complaint about how we handle your data please contact us and we will try to resolve the issue. If you remain unhappy how we have resolved your concern or complaint you have the right to contact the Information Commissioner's Office for an independent review.

 

Get in touch

If you have any questions or concerns about this Privacy Statement or how we handle your personal data please contact us

  • European Finance Director at 40 Phoenix Road, Washington, Tyne & Wear NE38 0AD, UK
  • +44 0191 417 5434 (we do not record our calls)
  • data.protection@opsecsecurity.com 

   

Security

We have updated our supplier maintenance procedures and will be going through a process of due diligence with new suppliers to ensure they have appropriate adequate security and privacy controls and or privacy shield as well as appropriate contracts. For existing suppliers, we will be updating our records and confirming with them that they have adequate security and privacy controls and or privacy shield in place as well as appropriate contracts.

  We use data encryption extensively on our computers, mobile phones, and tablets, and utilize encrypted data communications based on  recognized security standards whenever possible” Our preference is to use Transport Layer Security (TLS) to secure email communications using encryption; however, we recognise some of you may not.  We, therefore, run opportunistic TLS meaning if you also use it our communications will be encrypted and secure by default. But if you don’t communications will continue but they will not be encrypted and may not be entirely secure when passing over the internet. If you want to protect all emails and attached documents you send to us, we encourage you to set up opportunistic TLS also. Our online systems require unique logins and complex passwords and use SSL site encryption to secure web pages. Phone calls are not encrypted or recorded. If you have particular security requirements, please contact us to discuss how we can support you.  

Retention

Data about customers or their clients: Duration of your relationship with us, then six years Financial data:  Kept for a minimum 6 years but may be retained for the length of the client relationship, then 6 years if appropriate. Client ID verification: Duration of our relationship with us, then six years Data about specific matters: Duration of the matter, then six years Supplier contact details: As long as we have a relationship with you or think we might want to buy products or services from you, or for the duration of a dispute with you. Further detail on specific retention periods can be provided on request.

 

Your data and the EEA

We do hold and process customer data in USA, Caribbean, and Hong Kong which are outside the EEA. Our main data centre resides in the USA in a hosted data centre with the Markley Group with all devices managed directly by OpSec staff or our IT support partners Waterstons in the UK. We ensure data is secure and our suppliers adhere to strict information security and privacy requirements in line with GDPR and UK Data Protection legislation. As a company, we apply GDPR and UK Data Protection legislation principles to our whole organisation.

Third parties

We will not transfer your personal data to third parties for their use or purpose without your permission, except in the following circumstances:

  • If required to by law or court order
  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us.

We do have a small number of companies providing services to us and they process your data on our behalf:

  • Microsoft Azure in the USA – Hosted IT services for our Insight platform.
  • Markley Group in the USA – Hosted Boston data centre.
  • Intermedia Group in the USA – Hosted email services.
  • Salesforce in the USA - Hosted Customer Relationship Management System.
  • Waterstons in the UK – IT support services and hosting services.
  • Various Accountants & Lawyers in each geographic area.

We will be carrying out due diligence with new suppliers to ensure they have appropriate adequate security and privacy controls and or privacy shield as well as appropriate contracts. We will also be updating our records for existing suppliers to ensure that they have appropriate and adequate security and privacy controls and or privacy shield as well as appropriate contracts.

 

 

Clients Privacy Information

 

What data we hold

As our client, we will hold the following information about you:

  • Your name, job role and contact information
  • Information about your business activities and, in some cases your customers
  • Information and documents about your matters or enquiries, including communications with you
  • Billing and payment information
  • In some cases, personal identification, vetting information.

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Using your information

  Providing you security product or services We use the information we hold about you and your business both personal and otherwise to provide the best service we can, to communicate with you regarding the service or products we are providing or to inform you of other related products or services you may be interested in. We also use your information to bill you and keep track of payments. GDPR Legal Basis for processing:

  • Art. 6(a) Consent if you have asked us to provide you with information on a product and service and provided us with your details.
  • Art. 6(b) Contractual requirement to fulfill our contracts with you and communicate with you regarding that contract.
  • Art 6(f) Legitimate interests of OpSec to generate business by maintaining contacts, generating proposals and communicating with clients regarding their requirements and making you aware of other related products and services you may be interested in (Marketing); however you can object to this at any time and we will add you to our suppression list and cease sending you such Marketing Communications, you may still receive service communications. If the need arises we may also rely on legitimate interests for the recovery of unpaid debts.

  ID checks  We may need to carry out identity checks on senior persons in your organisation as part of setup and maintenance of our working arrangements with you. We retain identity verification information for as long as you are our client, and then seven years. GDPR Legal Basis for processing:

  • Art. 6(c): Legal obligation where we have to do this processing to comply with legal and regulatory obligations.
  • Art 6(f): Legitimate interests where it is in OpSec’s interests to ensure legitimate business practices and to validate the identity of our customers.

  Technical data  We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our customer’s needs. GDPR Legal Basis for processing:

  • Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.

   

Prospective Clients

 

What data we hold

If you contact us, we will hold the following information about you:

  • Your name, identity and contact information
  • Information about your business activities
  • Information and documents about your inquiries, including communications with you

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

 

Using your information

  Providing advice and information regarding our products and services If you get in touch looking for information about our products and services we may do some research to understand more about you and what you do. Usually, this means reading up on your products or services, how you position yourself in the market, what you display on your public-facing websites and social media presence, and so on. This helps us work out how best we can help you.

GDPR Legal Basis for processing

  • Art. 6(a) Consent if you have asked us to provide you with information on a product and service and provided us with your details.
  • Art 6(f) Legitimate interests of OpSec to generate business by maintaining contacts, generating proposals and communicating with prospective clients regarding their requirements. If you have previously requested information we may send you information about related products and services we offer, however you can opt out at any time.

ID checks  We may need to carry out identity checks on senior persons in your organisation as part of setup and maintenance of our working arrangements with you. We retain identity verification information for as long as you are our client, and then seven years. GDPR Legal Basis for processing:

  • Art. 6(c): Legal obligation where we have to do this processing to comply with legal and regulatory obligations.
  • Art 6(f): Legitimate interests where it is in OpSec’s interests to ensure legitimate business practices and to validate the identity of our customers.

  Dealing with inquiries  If you give us a ring or make contact by email, we will follow up on your inquiry and see if there is a way in which we can help you. We keep a record of enquiries received, to help us plan our business strategy and check that we are offering what potential clients want.

GDPR Legal Basis for processing

  • Art. 6(a) Consent if you have asked us to provide you with information on a product and service and provided us with your details.
  • Art 6(f) Legitimate interests of OpSec to generate business by maintaining contacts, generating proposals and communicating with prospective clients regarding their requirements. If you have previously requested information we may send you information about related products and services we offer, however you can object to this at any time and we will add you to our suppression list and cease sending you such Marketing Communications.

  Technical data  We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our prospective customer’s needs. GDPR Legal Basis for processing:

  • Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.

   

Prospective Employees

What data we hold

If you contact us to apply for employment, we will hold the following information about you:

  • Your name and contact information
  • Resume including qualifications, education and previous experience and employers and your referees contact details, as well as anything else you choose to tell us.

If you submit electronically we may also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

 

Using your information

  Considering your application for Employment We will use your resume or any information you or a recruitment agency provide to us to consider you for employment.  If you are unsuccessful we will retain this information for 6 months after the recruitment exercise has ended and then they will be securely destroyed.  If you are employed these will become part of your personnel file. GDPR Legal Basis for processing

  • Art. 6(a) Consent if you have applied for employment, we will use these to consider your application.
  • Art 6(f) Legitimate interests of OpSec to securely and fairly manage recruitment to ensure we employ the right people for our company and we will use your details to make the appropriate checks.

ID Vetting checks  If you are offered a job we will need to carry out verification check on you. We retain identity verification information for as long as you are an employee, and then seven years. GDPR Legal Basis for processing:

  • Art. 6(a) Consent for external vetting checks.
  • Art. 6(c): Legal obligation where we have to do this processing to comply with legal and regulatory obligations.
  • Art 6(f): Legitimate interests where it is in OpSec’s interests to ensure prospective employees are appropriately vetted.

    Technical data  We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our prospective customer’s needs. GDPR Legal Basis for processing:

  • Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.

 

Website Visitors

Summary

 

What data we hold

We generate log files from various servers: This will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

We gather cookie information to monitor the use of our site and to improve our services to you If you choose to use our contact us page we will also gather your name and contact details so we can respond to you.

Using your information

  Dealing with inquiries  If you have requested information via our website e.g. Our ‘Contact Us Page’, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of inquiries received, to help us plan our business strategy and check that we are offering what potential clients want.  We may also use your contact details to inform you of related products or services you may be interested in, however, you can opt-out at any time.

GDPR Legal Basis for processing:

  • Art. 6(a) Consent if you have asked us to provide you with information on a product and service and provided us with your details.
  • Art 6(f) Legitimate interests of OpSec to generate business by maintaining contacts, generating proposals and communicating with prospective clients regarding their requirements. If you have previously requested information we may send you information about related products and services we offer (Marketing); however, you can object to this at any time and we will add you to our suppression list and cease sending you such Marketing Communications.

Use of cookies on the website

When someone visits our website we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We also use this information for advertising & marketing purposes.

You can read more about how we use cookies on our Cookies page.

GDPR Legal Basis for processing:

  • Art. 6(f): Legitimate interests where it is in the business interests of OpSec to secure our IT infrastructure, monitor use of our website, improve the services we offer and gather data to aid business strategy planning and for advertising & marketing.

Technical data  We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our prospective customer’s needs. GDPR Legal Basis for processing: Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.  

Other

What data we hold

We may hold the following information about you:

  • Your name, job role, company you work for and contact information

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Using your information

  Dealing with your inquiry  If you call OpSec or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom. GDPR Legal Basis for processing

  • Art. 6(b): Contractual Requirement where we need to process your data to fulfill your contract with us or you and communicate with you regarding that contract.
  • Art. 6(f): Legitimate Interests where we need to maintain records of our business relationship in order to provide you with appropriate services and identify future areas we may be able to assist you with. Or if you are a supplier to ensure we can pay you.

  Managing our relationship with you  We will use your data to manage our relationship with you, and to enquire about (and perhaps even buy) products and services from you.

GDPR Legal Basis processing

  • Art. 6(b): Contractual Requirement where we are obligated by our contract with you to manage our business relationship in order to fulfill the contracts.
  • Art. 6(f): Legitimate Interests of OpSec to manage an ongoing relationship with our suppliers, partners, generate future business or recover a debt.

  Keeping you informed of related products or services (Marketing) From time to time we may contact you to make you aware or keep you up to date regarding our products or services. You can object to this at any time and we will add you to our suppression list and cease sending you such Marketing Communications, you may still receive service communications GDPR Legal Basis for processing:

  • Art 6(a): Consent: where you have requested information or consented to us sending you such communications.
  • Art. 6(b): Contractual requirement where we need to keep you informed about the products and services you receive.
  • Art 6(f): Legitimate interests where it is in OpSec’s or the clients benefit to be kept informed of related products or services where there is an established business relationship existing; without compromising the individual's privacy.

  Technical Data We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our prospective customer’s needs. GDPR Legal Basis for processing:

  • Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.

 

How we use cookies

Cookies are small files that the site places on your hard drive for identification purposes, cookies cannot read data off of your hard drive We use cookies to elevate your user experience and the quality of our site and service. These files are used for site registration and customization the next time you visit us. Your web browser may allow you to be notified when you are receiving a cookie, giving you the choice to accept it or not. By not accepting cookies, some pages may not fully function and you may not be able to access certain information on this site. You can also refuse all cookies by turning them off in your browser. You do not need to have cookies turned on to use any area of our website. This website may be configured to collect domain information as part of our analysis of the use of this site. This data enables us to become more familiar with which users visit our site, how often they visit and what parts of the site they visit most often. OpSec uses this information to improve our website. This information is collected automatically and requires no action on your part. We use the following cookies on our website:

Cookie Name, Data Collected, Purpose

_hssc

This cookie is for keeping track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains: the domain, viewCount (increments each pageView in a session), session start timestamp.

Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.

_hssrc

Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the visitor has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session.

Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.

_hstc

It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.

_ga

The _ga cookie is used to uniquely identify users, specifically with the third and fourth set of numbers explained above. Because of this random set of numbers, users can be identified when they come back to the site.

Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.

_gid

This cookie is used to store Session ID and to group the entire session’s activity together for each user. Structure of its value is very similar to the _ga cookie. You can examine it by using document.cookie command

Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.

Cookie-agreedRecords whether or not the cookies notification pop-up has been acknowledged by the user 

Has_js

Allows the website to determine whether your browser is javascript compatible 

hubspotuk

This cookie is used for to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.test

Test 

This cookie used to test whether the visitor has support for cookies enabled. 

 

This website may also use services of third parties that, on their own, collect information for statistical purposes, use of the website by the user and for the provision of other services related to the activity of the web and other Internet services.

For instance, we use Google Analytics, a service provided by Google that allows us to obtain information about users’ access to our website. This includes Advertising Features which include:

 

  • Remarketing with Google Analytics
  • Google Display Network Impression Reporting
  • Google Analytics Demographics and Interest Reporting
  • Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers

An example of the data stored for further analysis is the number of times the user visited the website, dates of the user’s first and last visit, duration of visits, the page from which the user accessed the website, place of the world from which the user accesses, etc. You can obtain more information here about the cookies you use and how to disable them (understanding that we are not responsible for the content or veracity of third party websites).

  Definitions

EEA

  The EU countries are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK. The European Economic Area (EEA) The EEA includes EU countries and also Iceland, Liechtenstein, and Norway. It allows them to be part of the EU’s single market.