ASSURENSIX
Privacy Policy
Introduction
Assurensix Consulting (“we”, “us”, or “our”) is dedicated to protecting the personal data of our Small and Medium Enterprise (SME) clients across the UK and the European Union. This policy outlines how we collect, use, and process your personal information when you engage with our consulting services, access our security check tools, or interact with our website. As a provider of cyber security audits and compliance advice, we understand that maintaining the confidentiality and integrity of your data is paramount.
Assurensix Consulting acts as the “data controller” for the personal information covered by this policy. We process your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). This document describes our practices and your rights regarding the data we hold.
What Data We Collect
Assurensix Consulting collects and processes personal data to provide you a service. We only collect the information necessary to fulfill our professional duties and legal obligations. We do not sell any personal information.
Identity and Contact Information: This includes your full name, job title, business email address, and telephone number.
Professional and Business Details: Information regarding your organization, its architecture, size, industry sector, and specific security goals.
Enquiry Documentation: Any details you provide when contacting us about our consulting services or certifications.
Technical Data: While you browse our site, we may collect technical information such as your IP address, browser type and version, time zone setting, and device information.
Client Representative Materials: We process any documentation you choose to share with us for review, such as existing security policies, internal reports, or compliance evidence.
How We Use Your Data
Enquiries & Service
We use your contact details and business information to respond to your specific enquiries and provide our core cyber safety consulting services. This processing is essential for us to fulfil our contract with you or to take steps at your request before entering into a contract, as well as our legitimate interest in delivering expert security advice.
Security & Compliance
We process technical data, such as your IP address, and documents you upload to maintain the security of our services and yours. This includes detecting potential cyber threats and ensuring our consulting meets regulatory compliance standards. This is justified by our legal obligations and our legitimate interest in maintaining a secure infrastructure.
Bookings & Billing
Personal data is processed to manage your session bookings and handle all financial transactions, including deposits and final invoicing. We do this to perform our contract with you and to ensure we meet our legal obligations regarding financial record-keeping and tax reporting.
Marketing (Consent-based)
If you have explicitly opted in, we may use your contact information to send you updates on emerging security risks or professional services relevant to your business. This processing is strictly based on your consent, which you can withdraw at any time using the unsubscribe link provided in our emails.
Data Sharing and Disclosure
We do not sell your personal data. We only share information with trusted third parties who help us provide our cyber security services and manage our business operations effectively and securely.
Sharing typically involves IT and hosting providers, professional advisers like accountants or legal counsel, and certification bodies when you engage us for specific audits. We only share the minimum data needed for these tasks and ensure all partners follow strict data protection rules.
For international transfers outside the UK or EU, we ensure appropriate safeguards are in place by using approved legal mechanisms, such as UK or EU-approved Standard Contractual Clauses. This ensures your information receives the same high level of protection as it does within the UK and EU.
Data Protection Rights
Under the UK and EU GDPR, you have several rights regarding your personal information. We are committed to helping you exercise these rights in a clear and timely manner.
Right to Access
You have the right to request copies of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR).
Right to Restriction
You can request that we limit how we process your data, for instance, while we check the accuracy of the data or our legal grounds for its use.
Right to Rectification
If your personal information is inaccurate or incomplete, you can ask us to update it to ensure our records are correct and up to date.
Right to Portability
You have the right to receive your data in a structured, machine-readable format to transfer it to yourself or another service provider.
Right to Erasure
Under certain conditions, you have the 'right to be forgotten' and can request that we delete your personal data from our systems.
Right to Object
You can object to our processing of your data based on legitimate interests or for direct marketing. We will stop unless we demonstrate compelling legal grounds.
If you have concerns about our use of your personal information, you can make a complaint to us directly. You also have the right to complain to the Information Commissioner's Office (ICO) or your local authority.
Data Security & Retention
We take the security of your personal and business information extremely seriously. As a specialist consulting firm, we understand the sensitivity of the data SMEs share with us, including technical business audits and uploaded documentation.
Assurensix Consulting employs robust technical and organisational measures to prevent unauthorised access, accidental loss, or disclosure. We use encrypted cloud storage environments (AES-256) and ensure all data in transit is protected via SSL/TLS protocols. Access to your information is strictly limited to authorised personnel who require it to perform their roles, and all our systems are protected by multi-factor authentication.
We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including any legal or accounting requirements. For most consulting engagements and enquiries, we maintain records for the duration of our relationship plus six years to comply with UK and EU regulatory reporting standards. When data is no longer required, it is securely destroyed or irreversibly anonymised.
Contact Information
How to Contact Us
If you have any questions about this Privacy Policy, how we handle your personal data, or to exercise your rights, please reach out to us at Assurensix Consulting:
E: hello@assurensix.com | T:+4403302232660
We take privacy feedback seriously. However, should you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK (at ico.org.uk) or your local EU data protection authority.