CYFOR DATA PRIVACY NOTICE
CY4OR Legal Limited, operating as CYFOR, are a digital forensics, eDiscovery, cyber security and corporate investigations service provider with company number 06295131 and registered office at 7 St Petersgate, Stockport, Cheshire, SK1 1EB.
CYFOR are a data controller registered with the Information Commissioner’s Office with registration number Z7719845. This means that we collect, hold and are responsible for certain personal data. We are committed to protecting and respecting your privacy and personal data; this is our Privacy Notice which explains how we obtain, use and keep your personal data safe.
Your personal data is data which by itself or with other data available to us can be used to identify you. We are committed to keeping your personal information safe in accordance with applicable data protection laws.
What information we collect about you
Information from elsewhere – CYFOR may obtain information about you from information freely available on legal and law firm websites, third parties, such as public databases, social media platforms and third-party data providers. Examples of the information we may receive from other sources include email addresses, telephone numbers, postal addresses, location, and demographic information. We may use this information, alone or in combination with other information described above, to develop or provide more relevant services or provide more relevant marketing and content to you.
Public information & third-party sites – CYFOR websites include social media features (either hosted by a third party or hosted directly on our website), which may collect information about your IP address and which page you are visiting. The feature may set a cookie to make sure the feature functions properly. We also maintain presences on social media platforms including Facebook, Twitter, and LinkedIn. Your interactions with these platforms are governed by the privacy policies of the companies that provide them. Anything you submit to CYFOR via a social media platform is done so at your own risk without any expectation of privacy.
Further, any comments or information you supply on any CYFOR blog can be read, used or collected by anyone. If your information appears in our blog pages and you want it removed, contact our Marketing department: email@example.com
How your information will be used
We process information collected via these web sites for the purposes of:
We do not sell information collected through these sites or use your information for any other purposes than those stated above.
Your information will be added to our systems and applied to cases that we are handling, and to engage in communications and correspond with you over the status and progress of a case we are handling. Your information may also be used to keep in touch for marketing purposes, such as informative newsletters and potential business opportunities.
We will always respect your privacy and will only use your information for specified and lawful purposes as provided for under the General Data Protection Regulation (GDPR). We will use and handle your information responsibly and will take all appropriate organisational and technical measures to safeguard your information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
Data relating to others
In the course of providing our professional services to you, we may process data, on your behalf, or for your client, which may contain personal data. This will be afforded the necessary safeguards to prevent it from accidental or unlawful loss, disclosure, access, alteration or destruction.
When we are provided with data relating to others, you must ensure that you are legally permitted to share this with us and you should ensure that those individuals understand how their data will be processed by us.
Who we might share your information with
Your information may be shared with relevant personnel within CYFOR whom require access for legitimate business purposes, and, with CYFOR clients for business referral purposes.
We may, depending on the nature of the matter and the work involved, have to share your, or your clients, personal data with other third parties and they may also share the personal data they hold about you, or your client, with us; this may include:
If we have to pass your sensitive personal data onto a third party we will only do so once we have obtained your, or your clients, consent. Where we are legally obliged to provide data without consent you will be informed.
We require all third parties with whom your data is shared to respect the security and integrity of your personal data and to treat it in accordance with the law. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you. When they no longer need your data to fulfil this service, they will dispose of the details in line with CYFOR’s procedures.
Lawful basis for processing
We will only process your, or your client’s, personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
What measures do we have in place to keep your data secure?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those members of staff and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will hold your personal data on secure servers within the EEA with all reasonable technological and operational measures to safeguard unauthorised access.
If we provide you with a username and password which enables you to access certain parts of our systems, you are responsible for keeping such log-in details confidential.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long we will keep your information
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including:
CYFOR does not routinely transfer personal information outside of the European Economic Area (EEA), however, should the need to do so arise we will contact you in advance to seek your consent for a transfer to take place. We will also ensure that where such transfers are carried out they are done so using secure methods that offer sufficient assurances and guarantees that your data is afforded the necessary safeguards to prevent it from accidental or unlawful loss, disclosure, access, alteration or destruction.
You may request access to the personal information which we hold about you under Article 15 of the GDPR, to do so requests must be made in writing (to the addresses specified below) and we may require you to provide valid forms of identification in order to process your request.
Additionally, if you wish to exercise any of your rights under GDPR, such as where you believe any information we hold about you is incorrect, inaccurate or incomplete, where you wish to restrict or object to processing, or, if you are dissatisfied with the way in which CYFOR has used your information in any way you can report the matter to our Data Protection Officer (DPO) at PO BOX 439, Bury, BL8 9AG, or email: firstname.lastname@example.org
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the ICO, the UK supervisory authority for data protection issues. Further details can be found at www.ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.