Data Privacy Policy Notice
Applicability
This notice sets out how Black Arrow Cyber Consulting will process your personal information (as a Data Controller).
Black Arrow Cyber Consulting is registered under the Data Protection (Bailiwick of Guernsey) Law, 2017 and may retain your Personal Data collected from you in electronic, paper or by other information processing systems.
Introduction
In providing our Services to you, Black Arrow Cyber Consulting is obligated and/or permitted by law to retain copies of certain Personal Data in respect of its relationship with you and/or in order to provide our Services.
Your personal information may be disclosed to other companies within the Black Arrow Cyber Consulting Group in order to facilitate the provision of our Services. When processing your Personal Data there will be times where Black Arrow Cyber Consulting acts in the capacity of a Data Controller (as defined under applicable Data Protection Law).
Please note that the following terms set out below will apply to the way in which Black Arrow Cyber Consulting processes your Personal Data when acting as a Data Controller.
Purposes of processing and legal basis for processing
Black Arrow Cyber Consulting may process your Personal Data for the following purposes:
Black Arrow Cyber Consulting will process certain information about you or your directors, officers and employees and your beneficial owners (if applicable) in order to provide our Services to you and/or for Black Arrow Cyber Consulting's internal administration;
to monitor and record calls and electronic communications, as well as the use of CCTV (closed-circuit television) in limited areas of our office, for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution, and to enforce or defend Black Arrow Cyber Consulting and its affiliates' rights, itself or through third parties to whom it delegates such responsibilities or rights in order to comply with a legal obligation imposed on Black Arrow Cyber Consulting. The retention policy for this information is available upon request;
to monitor and record calls for quality, business analysis, training and related purposes in order to pursue the legitimate interests of Black Arrow Cyber Consulting to improve its service delivery,
and which are necessary to comply with a legal obligation and/or which are necessary for Black Arrow Cyber Consulting's legitimate interests indicated above.
Information that we collect through our website
You are not required to provide any personal information on the public areas of our website; however, you may choose to send us your personal information by completing any of the forms on which are included in the following pages:
In addition to the information you knowingly provide, Black Arrow Cyber Consulting collects the IP addresses of its visitors, along with usage statistics, and analytics. You may also provide us with personal information if you contact us by email, telephone or letter.
We partner with Microsoft and Google for analytics to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimisation, fraud/security purposes, and advertising. For more information about how Microsoft and Google collects and uses your data, visit the Microsoft Privacy Statement, and the Google Safeguarding Statement and Google Privacy and Terms.
Recipients of data and international transfer of data
Black Arrow Cyber Consulting may disclose your personal information as follows:
to third-party vendors in order to process the data for the above-mentioned purposes, such as IT providers, technical service providers or strategic partners where it is in your best interests as part of the contractually agreed services being provided
to competent authorities, courts and bodies as required by law or requested or to affiliates for internal investigations and reporting
The disclosure of personal information to the third parties set out above may involve the transfer of data to the United States of America and other jurisdictions outside of the European Economic Area (EEA). Such countries may not have the same data protection laws as your jurisdiction.
Black Arrow Cyber Consulting will not transfer Personal Data to persons located outside the EEA until, if required by applicable Data Protection Law, that person has entered into an agreement with Black Arrow Cyber Consulting that includes the standard contractual clauses (known as model contract clauses) that are recognised by the European Commission as offering adequate safeguards in relation to data protection.
Your Personal Data is only processed in accordance with applicable Data Protection Laws and in order to maintain an appropriate level of protection over that Personal Data. Please contact Black Arrow Cyber Consulting’s Data Protection Officer for further details, including copies of the standard contractual clauses referred to above (see further contact details below).
Retention of personal information and security
Your personal information will be retained for as long as required:
for the purposes for which the personal information was collected;
in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
as required by data protection laws and any other applicable laws or regulatory requirements.
We ensure that the personal information that we hold is subject to appropriate security measures.
Data Subject Rights
You have the following rights, in certain circumstances, in relation to your Personal Data:
· right to access your Personal Data;
· right to rectify your Personal Data;
· right to restrict the use of your Personal Data;
· right to data portability of your Personal Data;
· right to request that your Personal Data is erased; and
· right to object to processing of your Personal Data.
Where you have provided your consent to processing, you may withdraw your consent at any time by contacting Black Arrow Cyber Consulting by writing to our Data Protection Officer via dpo@blackarrowcyber.com stating that you withdraw your consent.
Where Black Arrow Cyber Consulting requires your Personal Data to comply with our legal requirements, failure to provide this information means Black Arrow Cyber Consulting may not be able to provide our Services.
You have the right to lodge a complaint with the Office of the Data Protection Commissioner in Guernsey where Black Arrow Cyber Consulting Limited is Registered, or your local Supervisory Authority.
If you wish to exercise any of the rights set out above, please contact our Group Data Protection Officer at dpo@blackarrowcyber.com.
Direct Marketing
We may ask whether you wish to receive marketing materials from us, and this will be presented to you as an option when engaging with Black Arrow Cyber. We may also contact you by email or other means to inform you about other services or events which may be of interest to you. You have the right at any time to stop us from contacting you for marketing purposes. If you wish to do so, please either unsubscribe or contact: dpo@blackarrowcyber.com
Data Protection Officer – Contact Details
If you have any questions about our use of your Personal Data, please contact the Data Protection Officer via one of the following methods:
Black Arrow Cyber Consulting Limited
31-33 Le Pollet
St Peter Port
Guernsey
GY1 1WQ
+44 1481 711 988
Changes to this policy
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure you are happy with any changes. We last updated this policy on 26 September 2023.