Effective date: 01/08/2017
Who are we (Who is the Data Controller)?
L2 Cyber Security Solutions.
We are a Cyber Security and Data Protection training and consulting company based in Ireland.
Where are we (Where is the location of Processing)?
In the beautifully scenic Slieve Felim Mountain’s at the following address:
Shanballyedmond, Rearcross, Newport, Co. Tipperary
- you can contact us by phone on 087-436-2675
- you can contact us by e-mail on info@L2CyberSecurity.com
We would prefer if you contacted us by e-mail, as that way there will be a paper-trail, which will protect us both. This would be a good thing, but if you want we can record your telephone calls too, but we would only do so with your blessing (unless we felt there might be a legal requirement to do so).
Personal Data is processed:
- at our office
- at other locations where staff are located on occasion
What personal data do we process?
We process the following data:
- Names, addresses and telephone numbers
- E-mail addresses
- Text submitted via forms on our website (which may or may not include names, e-mail addresses and telephone numbers)
- IP addresses
On occasion, we also process personal data on behalf of our clients. There is a formal written contract put in place between us and our client, which sets out our Data Protection Policy.
Why do we process it?
We process data for a variety of reasons:
- Customer administration (invoicing, etc.) and Customer Relationship Management
- To disseminate our monthly newsletter
- To send out an out-of-band notification to our monthly newsletter mailing list, in the event of a cyber security incident which we feel is of such a serious nature, that our subscribers would benefit from a timely notice on how to mitigate the risk of the cyber incident to their business
- To process registrations for training courses
- Other day-to-day administration purposes that would be in our legitimate interests
If we are in receipt of a valid request from Irish and European law enforcement authorities, we would make data available to them.
Who do we share it with, and why?
We have no intent or interest in sharing your Personal Data with other services, other than the above. If we were thinking of doing so, we would ask you first. We're polite like that. 😃
To exercise the following rights, please send an e-mail to info@L2CyberSecurity.com. You may be asked for additional data to verify your identity as part of processing the requests to exercise your rights. We will endeavour to respond to all requests within 30 days of receiving the initial request. If we are unable to complete the request within the 30 day limit, we will notify you within the required time limit.
You have the following rights:
1. Right to be Informed:
You will be provided with “fair processing information”, which will be completely transparent about how we gathered and will use your data. We will also notify you about any third party processors with whom we share your Personal Data, along with the reason for doing so. But you’re pretty much already reading it all in this policy anyway. 😃
2. Right of Access:
You have the right to confirmation that your personal data are being processed and get access to a copy of your personal data and any other supplementary information.
3. Right of Rectification:
You have the right to have your personal data corrected if it is inaccurate or incomplete.
4. Right to Erasure:
You have the right to have your personal data deleted from our systems in the following situations:
- When you withdraw consent
- Data deletion is to comply with a legal obligation
- Where the data was unlawfully processed
- Where it is no longer necessary
- Where you object to the processing
- Where the personal data is processed to offer “information society services” to a child
We may have grounds to refuse such deletion requests for the following reasons:
- Exercise the right of freedom of expression
- For public health purposes in the public interest
- To comply with legal obligations
- The exercise or defence of legal claims
- Archiving purposes in the public interest
5. Right to Restrict Processing:
You can request that we no longer process your data, but that we can still store it.
6. Right to Data Portability:
You can obtain and reuse your personal data for your own purposes, without hindrance. We will provide the data to you in a structured and widely used machine readable form. We will also, at your request, pass your information directly to a competitor of ours, but we cannot be expected to provide it as a specific direct input to their electronic processing systems.
7. Right to Object:
You have the right to object to any direct marketing from us. We will immediately cease any such marketing upon request (via an unsubscribe link at the bottom of the direct marketing e-mail).
8. Rights in relation to Automated Decision Making and Profiling:
We do not carry out any automated decision making or profiling activities, we’re not scary like that 😃, so this right would not apply.
Cookies are delicious snacks enjoyed by many people, but in this context a cookie is a small text file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
The cookies used by this site are listed below.
|_ga||Is used to identify unique users to the website and it expires after 2 years. It's a first-party cookie from Google Analytics, used to track performance on this website.|
|_gid||Is used to identify unique users to the website and it expires after 24 hours. It's a first-party cookie from Google Analytics, used to track performance on this website.|
|_gat||Is used to throttle the request rate, limiting the collection of data on high traffic sites and it expires after 10 minutes. It's a first-party cookie from Google Analytics, used to track performance on this website.|
|Cookie_notice_accepted||Determines whether to show you the cookie notice or not.|
|wfvt_XXXXXXXXXXXXX||(where the XXXXXXXXXXXXX is an apparently random string of letters and numbers) We use Wordfence security suite on our website and this cookie is used to identify unique users to the website.|
|wordfence_verifiedHuman||We use Wordfence security suite on our website and this is a test it runs to verify that you belong in the land of the living and are not some undead bot trying to have its wicked way with our website.|
You can find information on how to use browser settings to stop unwanted cookies in Chrome, Firefox, Opera, Safari and Internet Explorer. For other spurious browsers, please consult the help menu for that product.
We use Google Analytics on this site. Google Analytics writes cookies to your device (detailed above).
We take appropriate measures to ensure the security of personal data under our control and to prevent unauthorised access, disclosure, modification, or destruction of data. We have defined procedures and protocols for processing personal data including:
- Information Security policy
- Data Retention policy
We retain data only for the length of time necessary to provide services to customers, engage in marketing activities, and other legitimate purposes of the business.
Detailed Data Retention policies are available on request.
All data stored on all mobile devices belonging to L2 Cyber Security Solutions is encrypted with AES encryption.
Other purposes for which L2 Cyber Security Solutions might process personal data can include:
Where necessary we will process personal data provided to us for the purposes of seeking legal advice or other legal purposes. Examples of such processing would include providing information to debt collection agencies in the event of persistent non-payment for products or services by an individual or Sole Trader.
Also, where we receive a formal request under Section 8 of the Data Protection Acts 1988 and 2003 or Article 23 of the General Data Protection Regulation (GDPR) we may be required to disclose personal data of website users, newsletter subscribers and/or clients to An Garda Síochána, the Revenue Commissioners, or other relevant organisation.
System Logs, Maintenance, and Investigation of Data Security Breaches:
We process certain data, including IP addresses, as part of our internal system logging on this website to support the diagnosis of issues and maintenance of the website.
In addition, we will make use of detailed system logs on our webhosting platform and within our Content Management System to support investigations of Data Security breaches.
Cross-border Data Transfer
Our use of Mailchimp means that the names and e-mail addresses of our monthly newsletter subscribers are stored on servers hosted in US based data centres. Full details of Mailchimp's security set-up is available on their website here https://mailchimp.com/about/security/
Our unstructured data (documents, spreadsheets, etc.), which may occasionally contain personal data, is stored on a server at our premises. We use G Suite from Google for our e-mail provision and also cloud storage. The data on our internal server is regularly backed up our Google Drive. Any personal data stored in our Google Drive or e-mail accounts are covered by our contract with Google. Details of Google's G Suite security set-up is available here https://gsuite.google.com/intl/en_ie/faq/security/
Our website is hosted in Ireland and we do not use any other service that is outside of the EU for processing of Personal Data.
Updates or Questions
- On our website's front page
- By an item in our next monthly newsletter to subscribers of our mailing list
It would also be reviewed each time we add functionality to our website.
Please direct any questions you may have directly to info@L2CyberSecurity.com.