DATA PROTECTION NOTICE

Effective date: 01/12/2020

Who are we (Who is the Data Controller)?

L2 Cyber Security Solutions.

We are a Cyber Security and Data Protection training and consulting company based in Ireland.

Where are we (Where is the location of Processing)?

In the beautifully scenic Slieve Felim Mountain’s at the following address:

Shanballyedmond, Rearcross, Newport, Co. Tipperary

You can contact us by e-mail on privacy@L2CyberSecurity.com

Personal Data is processed:

  • at our office

-OR-

  • at other locations where staff are located on occasion

What personal data do we process?

We process the following data:

  • Names, addresses and telephone numbers
  • E-mail addresses
  • IP addresses

On occasion, we also process personal data on behalf of our clients. There is a formal written contract put in place between us and our client, which sets out our Data Protection Policy.

Why do we process it?

We process data for a variety of reasons:

  • Customer administration (invoicing, etc.) and Customer Relationship Management
  • To process registrations for training courses

If we are in receipt of a valid request from Irish and European law enforcement authorities, we would make data available to them.

Who do we share it with, and why?

We have no intent or interest in sharing your Personal Data with other services. If we were thinking of doing so, we would ask you first. We're polite like that. 😉

Your Rights

To exercise the following rights, please send an e-mail to privacy@L2CyberSecurity.com. You may be asked for additional data to verify your identity as part of processing the requests to exercise your rights. We will endeavour to respond to all requests within 30 days of receiving the initial request. If we are unable to complete the request within the 30 day limit, we will notify you within the required time limit.

You have the following rights:

1.      Right to be Informed:

You will be provided with “fair processing information”, which will be completely transparent about how we gathered and will use your data. We will also notify you about any third party processors with whom we share your Personal Data, along with the reason for doing so. But you’re pretty much already reading it all in this policy anyway. J

You can access this information on our Right-to-be-Informed post at the following link https://www.L2CyberSecurity.com/right-to-be-informed/

2.      Right of Access:

You have the right to confirmation that your personal data are being processed and get access to a copy of your personal data and any other supplementary information.

3.      Right of Rectification:

You have the right to have your personal data corrected if it is inaccurate or incomplete.

4.      Right to Erasure:

You have the right to have your personal data deleted from our systems in the following situations:

  • When you withdraw consent
  • Data deletion is to comply with a legal obligation
  • Where the data was unlawfully processed
  • Where it is no longer necessary
  • Where you object to the processing
  • Where the personal data is processed to offer “information society services” to a child

We may have grounds to refuse such deletion requests for the following reasons:

  • Exercise the right of freedom of expression
  • For public health purposes in the public interest
  • To comply with legal obligations
  • The exercise or defence of legal claims
  • Archiving purposes in the public interest

5.      Right to Restrict Processing:

You can request that we no longer process your data, but that we can still store it.

6.      Right to Data Portability:

You can obtain and reuse your personal data for your own purposes, without hindrance. We will provide the data to you in a structured and widely used machine readable form. We will also, at your request, pass your information directly to a competitor of ours, but we cannot be expected to provide it as a specific direct input to their electronic processing systems.

7.      Right to Object:

You have the right to object to any direct marketing from us. We will immediately cease any such marketing upon request (via an unsubscribe link at the bottom of the direct marketing e-mail).

8.      Rights in relation to Automated Decision Making and Profiling:

We do not carry out any automated decision making or profiling activities, we’re not scary like that 😉, so this right would not apply.

Cookies

Cookies are delicious snacks enjoyed by many people, but in this context a cookie is a small text file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

We don’t do cookies on our website, so that is why you don’t see one of those annoying cookie notices that are sometimes done poorly.

Analytics

We do not use any Analytics on this site.

Security

We take appropriate measures to ensure the security of personal data under our control and to prevent unauthorised access, disclosure, modification, or destruction of data. We have defined procedures and protocols for processing personal data including:

  • Information Security policy
  • Data Retention policy

We retain data only for the length of time necessary to provide services to customers, engage in marketing activities, and other legitimate purposes of the business.

Detailed Data Retention policies are available on request.

All data stored on all mobile devices belonging to L2 Cyber Security Solutions is encrypted with 256 bit AES encryption.

Other Purposes

Other purposes for which L2 Cyber Security Solutions might process personal data can include:

Legal Action:

Where necessary we will process personal data provided to us for the purposes of seeking legal advice or other legal purposes. Examples of such processing would include providing information to debt collection agencies in the event of persistent non-payment for products or services by an individual or Sole Trader.

Also, where we receive a formal request under Article 23 of the General Data Protection Regulation (GDPR) we may be required to disclose personal data of website users and/or clients to An Garda Síochána, the Revenue Commissioners, or other relevant organisation.

System Logs, Maintenance, and Investigation of Data Security Breaches:

We process certain data, including IP addresses, as part of our internal system logging on this website to support the diagnosis of issues and maintenance of the website.

In addition, we will make use of detailed system logs on our webhosting platform and within our Content Management System to support investigations of Data Security breaches.

Cross-border Data Transfer

Our unstructured data (documents, spreadsheets, etc.), which may occasionally contain personal data, is stored on a server at our premises. We use G Suite from Google for our e-mail provision and also cloud storage. The data on our internal server is regularly backed up to our Google Drive. Any personal data stored in our Google Drive or e-mail accounts are covered by our contract with Google. Details of Google's G Suite security set-up is available here https://storage.googleapis.com/gfw-touched-accounts-pdfs/google-cloud-security-and-compliance-whitepaper.pdf

Our website is hosted in Ireland and we do not use any other service that is outside of the EU for processing of Personal Data.

Updates or Questions

This Privacy Policy is reviewed annually to determine if it needs to be updated. If any update occurs, this will be communicated:

  • On our website's blog

It would also be reviewed each time we add functionality to our website.

Please direct any questions you may have directly to privacy@L2CyberSecurity.com.