OpSec Security Group Ltd (“OpSec”) respects the privacy of individuals, and we recognise the need and our responsibilities to ensure appropriate protection and management of the personal information you share with us. We are an International organisation, however, we operate in compliance with the European General Data Protection Regulation (GDPR) and Data Protection Act UK and apply such principles and controls worldwide.

Summary

  • We keep to a minimum the information we hold about you.
  • We use your data to provide our services to you, meet our legal obligations, and improve our website.
  • We delete your data when it is no longer needed for these things.
  • Generally, we do not give your information to third parties, but there are some exceptions – details of which are outlined below under the ‘third parties’ section
  • You have lots of privacy rights.
  • We take security seriously.
  • We do not record telephone calls.
  • We will not share your information with any other company or organisation unless required to by law and we will not sell your information.
  • By visiting www.opsecsecurity.com, you are accepting and consenting the website’s Terms of Use.
  • Your data may be held or processed outside the EEA (See Appendix for Definition of EEA)
  • We use website cookies.
  • We are happy to answer your questions about any of this.

Want more detail?

To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:

As a convenience to our visitors, this website currently contains links to a number of sites that we believe may offer useful information. The policies and procedures we described here do not apply to those sites. We suggest contacting those sites directly for information on their privacy, security, data collection, and distribution policies.

ICO registration

OpSec Security Ltd is registered with the Information Commissioner's Office (ZA346412).

Your rights

You have the following rights regarding your privacy and your personal data:

  • To be informed and understand how your data will be used, secured and managed and for what purpose.
  • To access the personal data we hold about you and understand how we process it.
  • To have your data kept accurately and up to date and to be disposed of securely when no longer required.
  • In some circumstances, restrict our processing of your data, and or to request we erase your personal data where this is appropriate.
  • To object to our processing or withdraw previously given consent.

Not all rights will apply to all processing, however, if you want to exercise any of these rights, please contact us.
If you have concerns or a complaint about how we handle your data please contact us and we will try to resolve the issue. If you remain unhappy how we have resolved your concern or complaint you have the right to contact the Information Commissioner's Office for an independent review.

 

Get in touch

If you have any questions or concerns about this Privacy Statement or how we handle your personal data please contact us

  • European Finance Director at 40 Phoenix Road, Washington, Tyne & Wear
    NE38 0AD, UK
  • +44 0191 417 5434 (we do not record our calls)
  • data.protection@opsecsecurity.com 

 

 

Security

We have updated our supplier maintenance procedures and will be going through a process of due diligence with new suppliers to ensure they have appropriate adequate security and privacy controls and or privacy shield as well as appropriate contracts. For existing suppliers, we will be updating our records and confirming with them that they have adequate security and privacy controls and or privacy shield in place as well as appropriate contracts.

 
We use data encryption extensively on our computers, mobile phones, and tablets, and utilize encrypted data communications based on  recognized security standards whenever possible”
Our preference is to use Transport Layer Security (TLS) to secure email communications using encryption; however, we recognise some of you may not.  We, therefore, run opportunistic TLS meaning if you also use it our communications will be encrypted and secure by default. But if you don’t communications will continue but they will not be encrypted and may not be entirely secure when passing over the internet. If you want to protect all emails and attached documents you send to us, we encourage you to set up opportunistic TLS also.
Our online systems require unique logins and complex passwords and use SSL site encryption to secure web pages.
Phone calls are not encrypted or recorded.
If you have particular security requirements, please contact us to discuss how we can support you.
 

Retention

Data about customers or their clients: Duration of your relationship with us, then six years
Financial data:  Kept for a minimum 6 years but may be retained for the length of the client relationship, then 6 years if appropriate.
Client ID verification: Duration of our relationship with us, then six years
Data about specific matters: Duration of the matter, then six years
Supplier contact details: As long as we have a relationship with you or think we might want to buy products or services from you, or for the duration of a dispute with you.
Further detail on specific retention periods can be provided on request.

 

Your data and the EEA

We do hold and process customer data in USA, Caribbean, and Hong Kong which are outside the EEA. Our main data centre resides in the USA in a hosted data centre with the Markley Group with all devices managed directly by OpSec staff or our IT support partners Waterstons in the UK.
We ensure data is secure and our suppliers adhere to strict information security and privacy requirements in line with GDPR and UK Data Protection legislation.
As a company, we apply GDPR and UK Data Protection legislation principles to our whole organisation.

Third parties

We will not transfer your personal data to third parties for their use or purpose without your permission, except in the following circumstances:

  • If required to by law or court order
  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us.

We do have a small number of companies providing services to us and they process your data on our behalf:

  • Microsoft Azure in the USA – Hosted IT services for our Insight platform.
  • Markley Group in the USA – Hosted Boston data centre.
  • Intermedia Group in the USA – Hosted email services.
  • Salesforce in the USA - Hosted Customer Relationship Management System.
  • Waterstons in the UK – IT support services and hosting services.
  • Various Accountants & Lawyers in each geographic area.

We will be carrying out due diligence with new suppliers to ensure they have appropriate adequate security and privacy controls and or privacy shield as well as appropriate contracts. We will also be updating our records for existing suppliers to ensure that they have appropriate and adequate security and privacy controls and or privacy shield as well as appropriate contracts.


 

 

Clients Privacy Information

 

What data we hold

As our client, we will hold the following information about you:

  • Your name, job role and contact information
  • Information about your business activities and, in some cases your customers
  • Information and documents about your matters or enquiries, including communications with you
  • Billing and payment information
  • In some cases, personal identification, vetting information.

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Using your information

 
Providing you security product or services
We use the information we hold about you and your business both personal and otherwise to provide the best service we can, to communicate with you regarding the service or products we are providing or to inform you of other related products or services you may be interested in.
We also use your information to bill you and keep track of payments.
GDPR Legal Basis for processing:

  • Art. 6(a) Consent if you have asked us to provide you with information on a product and service and provided us with your details.
  • Art. 6(b) Contractual requirement to fulfill our contracts with you and communicate with you regarding that contract.
  • Art 6(f) Legitimate interests of OpSec to generate business by maintaining contacts, generating proposals and communicating with clients regarding their requirements and making you aware of other related products and services you may be interested in (Marketing); however you can object to this at any time and we will add you to our suppression list and cease sending you such Marketing Communications, you may still receive service communications. If the need arises we may also rely on legitimate interests for the recovery of unpaid debts.

 
ID checks
We may need to carry out identity checks on senior persons in your organisation as part of setup and maintenance of our working arrangements with you.
We retain identity verification information for as long as you are our client, and then seven years.
GDPR Legal Basis for processing:

  • Art. 6(c): Legal obligation where we have to do this processing to comply with legal and regulatory obligations.
  • Art 6(f): Legitimate interests where it is in OpSec’s interests to ensure legitimate business practices and to validate the identity of our customers.

 
Technical data
We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our customer’s needs.
GDPR Legal Basis for processing:

  • Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.

 

 

Prospective Clients

 

What data we hold

If you contact us, we will hold the following information about you:

  • Your name, identity and contact information
  • Information about your business activities
  • Information and documents about your enquiries, including communications with you

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

 

Using your information

 
Providing advice and information regarding our products and services
If you get in touch looking for information about our products and services we may do some research to understand more about you and what you do. Usually, this means reading up on your products or services, how you position yourself in the market, what you display on your public-facing websites and social media presence, and so on. This helps us work out how best we can help you.
GDPR Legal Basis for processing

  • Art. 6(a) Consent if you have asked us to provide you with information on a product and service and provided us with your details.
  • Art 6(f) Legitimate interests of OpSec to generate business by maintaining contacts, generating proposals and communicating with prospective clients regarding their requirements. If you have previously requested information we may send you information about related products and services we offer, however you can opt out at any time.

 
ID checks
We may need to carry out identity checks on senior persons in your organisation as part of setup and maintenance of our working arrangements with you.
We retain identity verification information for as long as you are our client, and then seven years.
GDPR Legal Basis for processing:

  • Art. 6(c): Legal obligation where we have to do this processing to comply with legal and regulatory obligations.
  • Art 6(f): Legitimate interests where it is in OpSec’s interests to ensure legitimate business practices and to validate the identity of our customers.

 
Dealing with enquiries
If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, to help us plan our business strategy and check that we are offering what potential clients want.
GDPR Legal Basis for processing

  • Art. 6(a) Consent if you have asked us to provide you with information on a product and service and provided us with your details.
  • Art 6(f) Legitimate interests of OpSec to generate business by maintaining contacts, generating proposals and communicating with prospective clients regarding their requirements. If you have previously requested information we may send you information about related products and services we offer, however you can object to this at any time and we will add you to our suppression list and cease sending you such Marketing Communications.

 
Technical data
We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our prospective customer’s needs.
GDPR Legal Basis for processing:

  • Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.

 

 

Prospective Employees

What data we hold

If you contact us to apply for employment, we will hold the following information about you:

  • Your name and contact information
  • Resume including qualifications, education and previous experience and employers and your referees contact details, as well as anything else you choose to tell us.

If you submit electronically we may also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

 

Using your information

 
Considering your application for Employment
We will use your resume or any information you or a recruitment agency provide to us to consider you for employment.  If you are unsuccessful we will retain this information for 6 months after the recruitment exercise has ended and then they will be securely destroyed.  If you are employed these will become part of your personnel file.
GDPR Legal Basis for processing

  • Art. 6(a) Consent if you have applied for employment, we will use these to consider your application.
  • Art 6(f) Legitimate interests of OpSec to securely and fairly manage recruitment to ensure we employ the right people for our company and we will use your details to make the appropriate checks.

ID Vetting checks
If you are offered a job we will need to carry out verification check on you.
We retain identity verification information for as long as you are an employee, and then seven years.
GDPR Legal Basis for processing:

  • Art. 6(a) Consent for external vetting checks.
  • Art. 6(c): Legal obligation where we have to do this processing to comply with legal and regulatory obligations.
  • Art 6(f): Legitimate interests where it is in OpSec’s interests to ensure prospective employees are appropriately vetted.

 
 
Technical data
We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our prospective customer’s needs.
GDPR Legal Basis for processing:

  • Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.


 

Website Visitors

Summary

 

What data we hold

We generate log files from various servers: This will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
If you choose to use our contact us page we will also gather your name and contact details so we can respond to you.

Using your information

 
Dealing with enquiries
If you have requested information via our website e.g. Our ‘Contact Us Page’, we will follow up on your enquiry and see if there is a way in which we can help you.
We keep a record of enquiries received, to help us plan our business strategy and check that we are offering what potential clients want.  We may also use your contact details to inform you of related products or services you may be interested in, however you can opt out at any time.
GDPR Legal Basis for processing:

  • Art. 6(a) Consent if you have asked us to provide you with information on a product and service and provided us with your details.
  • Art 6(f) Legitimate interests of OpSec to generate business by maintaining contacts, generating proposals and communicating with prospective clients regarding their requirements. If you have previously requested information we may send you information about related products and services we offer (Marketing); however, you can object to this at any time and we will add you to our suppression list and cease sending you such Marketing Communications.

Technical data
We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our prospective customer’s needs.
GDPR Legal Basis for processing:
Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.
 

Other

What data we hold

We may hold the following information about you:

  • Your name, job role, company you work for and contact information

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Using your information

 
Dealing with your enquiry
If you call OpSec or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom.
GDPR Legal Basis for processing

  • Art. 6(b): Contractual Requirement where we need to process your data to fulfill your contract with us or you and communicate with you regarding that contract.
  • Art. 6(f): Legitimate Interests where we need to maintain records of our business relationship in order to provide you with appropriate services and identify future areas we may be able to assist you with. Or if you are a supplier to ensure we can pay you.

 
Managing our relationship with you
We will use your data to manage our relationship with you, and to enquire about (and perhaps even buy) products and services from you.
GDPR Legal Basis processing

  • Art. 6(b): Contractual Requirement where we are obligated by our contract with you to manage our business relationship in order to fulfill the contracts.
  • Art. 6(f): Legitimate Interests of OpSec to manage an ongoing relationship with our suppliers, partners, generate future business or recover a debt.

 
Keeping you informed of related products or services (Marketing)
From time to time we may contact you to make you aware or keep you up to date regarding our products or services.
You can object to this at any time and we will add you to our suppression list and cease sending you such Marketing Communications, you may still receive service communications
GDPR Legal Basis for processing:

  • Art 6(a): Consent: where you have requested information or consented to us sending you such communications.
  • Art. 6(b): Contractual requirement where we need keep you informed about the products and services you receive.
  • Art 6(f): Legitimate interests where it is in OpSec’s or the clients benefit to be kept informed of related products or services where there is an established business relationship existing; without compromising the individual's privacy.

 
Technical Data
We may use the logs from our servers to assist in our firm's security, as well as to determine website visitor behavior and help us plan our business strategy, this helps us tailor our services and ensure they are relevant to our prospective customer’s needs.
GDPR Legal Basis for processing:

  • Art. 6(f): Legitimate interests where it is in the business interests of OpSec to gather data to aid business strategy planning.


 

How we use cookies

Cookies are small files that the site places on your hard drive for identification purposes, cookies cannot read data off of your hard drive
We use cookies to elevate your user experience and the quality of our site and service.   These files are used for site registration and customization the next time you visit us.
Your web browser may allow you to be notified when you are receiving a cookie, giving you the choice to accept it or not. By not accepting cookies, some pages may not fully function and you may not be able to access certain information on this site. You can also refuse all cookies by turning them off in your browser. You do not need to have cookies turned on to use any area of our website.
This website may be configured to collect domain information as part of our analysis of the use of this site. This data enables us to become more familiar with which users visit our site, how often they visit and what parts of the site they visit most often. OpSec uses this information to improve our website. This information is collected automatically and requires no action on your part.
We use the following cookies on our website:

Cookie Name Data Collected Purpose
_hssc This cookie is for keeping track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains: the domain, viewCount (increments each pageView in a session), session start timestamp. Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.
_hssrc Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the visitor has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session. Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.
_hstc It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.
_ga The _ga cookie is used to uniquely identify users, specifically with the third and fourth set of numbers explained above. Because of this random set of numbers, users can be identified when they come back to the site Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.
_gid This cookie is used to store Session ID and to group the entire session’s activity together for each user. Structure of its value is very similar to the _ga cookie. You can examine it by using document.cookie command Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.
Cookie-agreed Records whether or not the cookies notification pop-up has been acknowledged by the user  
Has_js Allows the website to determine whether your browser is javascript compatible  
hubspotuk This cookie is used for to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. Hubspot's tracking codes are used to track visitors through the site covering things such as time, session number, domain, view count etc.test
Test  This cookie used to test whether the visitor has support for cookies enabled.  

 
 
Definitions

EEA

 
The EU countries are:
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
The European Economic Area (EEA)
The EEA includes EU countries and also Iceland, Liechtenstein, and Norway. It allows them to be part of the EU’s single market.