Effective date: 01/08/2018
Who are we (Who is the Data Controller)?
L2 Cyber Security Solutions.
We are a Cyber Security and Data Protection training and consulting company based in Ireland.
Where are we (Where is the location of Processing)?
In the beautifully scenic Slieve Felim Mountain’s at the following address:
Shanballyedmond, Rearcross, Newport, Co. Tipperary
You can contact us by e-mail on privacy@L2CyberSecurity.com
Personal Data is processed:
- at our office
- at other locations where staff are located on occasion
What personal data do we process?
We process the following data:
- Names, addresses and telephone numbers
- E-mail addresses
- Text submitted via the contact form on our website (which may or may not include names, e-mail addresses and telephone numbers)
- IP addresses
On occasion, we also process personal data on behalf of our clients. There is a formal written contract put in place between us and our client, which sets out our Data Protection Policy.
Why do we process it?
We process data for a variety of reasons:
- Customer administration (invoicing, etc.) and Customer Relationship Management
- To disseminate our monthly newsletter
- To send out an out-of-band notification to our monthly newsletter mailing list, in the event of a cyber security incident which we feel is of such a serious nature, that our subscribers would benefit from a timely notice on how to mitigate the risk of the cyber incident to their business. This has only happened once
- To process registrations for training courses
If we are in receipt of a valid request from Irish and European law enforcement authorities, we would make data available to them.
Who do we share it with, and why?
We have no intent or interest in sharing your Personal Data with other services, other than the above. If we were thinking of doing so, we would ask you first. We're polite like that. 😉
To exercise the following rights, please send an e-mail to privacy@L2CyberSecurity.com. You may be asked for additional data to verify your identity as part of processing the requests to exercise your rights. We will endeavour to respond to all requests within 30 days of receiving the initial request. If we are unable to complete the request within the 30 day limit, we will notify you within the required time limit.
You have the following rights:
1. Right to be Informed:
You will be provided with “fair processing information”, which will be completely transparent about how we gathered and will use your data. We will also notify you about any third party processors with whom we share your Personal Data, along with the reason for doing so. But you’re pretty much already reading it all in this policy anyway. 😉
You can access this information on our Right-to-be-Informed post at the following link https://www.L2CyberSecurity.com/right-to-be-informed/
2. Right of Access:
You have the right to confirmation that your personal data are being processed and get access to a copy of your personal data and any other supplementary information.
3. Right of Rectification:
You have the right to have your personal data corrected if it is inaccurate or incomplete.
4. Right to Erasure:
You have the right to have your personal data deleted from our systems in the following situations:
- When you withdraw consent
- Data deletion is to comply with a legal obligation
- Where the data was unlawfully processed
- Where it is no longer necessary
- Where you object to the processing
- Where the personal data is processed to offer “information society services” to a child
We may have grounds to refuse such deletion requests for the following reasons:
- Exercise the right of freedom of expression
- For public health purposes in the public interest
- To comply with legal obligations
- The exercise or defence of legal claims
- Archiving purposes in the public interest
5. Right to Restrict Processing:
You can request that we no longer process your data, but that we can still store it.
6. Right to Data Portability:
You can obtain and reuse your personal data for your own purposes, without hindrance. We will provide the data to you in a structured and widely used machine readable form. We will also, at your request, pass your information directly to a competitor of ours, but we cannot be expected to provide it as a specific direct input to their electronic processing systems.
7. Right to Object:
You have the right to object to any direct marketing from us. We will immediately cease any such marketing upon request (via an unsubscribe link at the bottom of the direct marketing e-mail).
8. Rights in relation to Automated Decision Making and Profiling:
We do not carry out any automated decision making or profiling activities, we’re not scary like that 😉, so this right would not apply.
Cookies are delicious snacks enjoyed by many people, but in this context a cookie is a small text file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
We don’t do cookies on our site, so don’t concern yourself about such matters.
You can find information on how to use browser settings to stop unwanted cookies in Chrome, Firefox, Opera, Safari and Internet Explorer. For other spurious browsers, please consult the help menu for that product.
We have ceased using Google Analytics on this site.
We take appropriate measures to ensure the security of personal data under our control and to prevent unauthorised access, disclosure, modification, or destruction of data. We have defined procedures and protocols for processing personal data including:
- Information Security policy
- Data Retention policy
We retain data only for the length of time necessary to provide services to customers, engage in marketing activities, and other legitimate purposes of the business.
Detailed Data Retention policies are available on request.
All data stored on all mobile devices belonging to L2 Cyber Security Solutions is encrypted with AES encryption.
Other purposes for which L2 Cyber Security Solutions might process personal data can include:
Where necessary we will process personal data provided to us for the purposes of seeking legal advice or other legal purposes. Examples of such processing would include providing information to debt collection agencies in the event of persistent non-payment for products or services by an individual or Sole Trader.
Also, where we receive a formal request under Section 8 of the Data Protection Acts 1988 and 2003 or Article 23 of the General Data Protection Regulation (GDPR) we may be required to disclose personal data of website users, newsletter subscribers and/or clients to An Garda Síochána, the Revenue Commissioners, or other relevant organisation.
System Logs, Maintenance, and Investigation of Data Security Breaches:
We process certain data, including IP addresses, as part of our internal system logging on this website to support the diagnosis of issues and maintenance of the website.
In addition, we will make use of detailed system logs on our webhosting platform and within our Content Management System to support investigations of Data Security breaches.
Cross-border Data Transfer
Our use of Mailchimp means that the names and e-mail addresses of our monthly newsletter subscribers are stored on servers hosted in US based data centres. The transfer is governed under the Privacy Shield agreement, which is in place between the EU and US. Full details of Mailchimp's security set-up is available on their website here https://mailchimp.com/about/security/
Our unstructured data (documents, spreadsheets, etc.), which may occasionally contain personal data, is stored on a server at our premises. We use G Suite from Google for our e-mail provision and also cloud storage. The data on our internal server is regularly backed up our Google Drive. Any personal data stored in our Google Drive or e-mail accounts are covered by our contract with Google. Details of Google's G Suite security set-up is available here https://gsuite.google.com/intl/en_ie/faq/security/
Our website is hosted in Ireland and we do not use any other service that is outside of the EU for processing of Personal Data.
Updates or Questions
- On our website's front page
- By an item in our next monthly newsletter to subscribers of our mailing list
It would also be reviewed each time we add functionality to our website.
Please direct any questions you may have directly to privacy@L2CyberSecurity.com.