Privacy Policy
Breach Navigator takes your privacy very seriously. We ask that you read this Privacy Policy carefully as it contains important information about what to expect when we collect personal information about you and how we will use your personal data.
Breach Navigator Ltd., trading as Breach Navigator, has its registered office at 38 Bankfield Drive, Nottingham, England, NG9 3EG. By the use of “We” in this Privacy Policy we are referring to Breach Navigator.
This policy applies to information we collect about:
· visitors to our website;
· people who contact us through our website; and
· people whose personal data is sent to us in any other way.
We do not knowingly collect or process data from anyone under the age of sixteen (16) years old.
What do we collect?
· When you contact us through our website we collect the following personal information from you:
1. name
2. email address and
3. telephone number
You can also send other personal information by email.
· Occasionally we may receive information about you from other sources (such as credit reference agencies) which we will add to the information which we already hold about you in order to help us provide our services.
· We may also collect and process information about you from other sources (such as credit reference agencies) which we will add to the information which we already hold about you in order to help us provide our services. We’re likely to do this in particular when we’re going through a client on-boarding.
· In addition, we may process the following:
1. Location information (including GPS signals sent by a mobile device, location information gathered from social media networks or sensor or IP address data from your device);
2. Information from cookies, web beacons or from the internet, including your IP address, browser type, operating system, domain name, access times, which pages you visit within our website and referring website addresses;
3. If you ask us to connect with other sites (for example if you ask us to connect with your Facebook or LinkedIn account) we may get information that way too;
4. CCTV – if you visit our offices or training venues we may use CCTV. We may also have access to CCTV, visitor logging systems and other systems operated by our venues; and
5. We may record any telephone calls or online meetings (for example via Zoom or Teams) for quality assurance, compliance and training purposes; and
6. In common with other training providers we may also process data sent to us by our clients or by third parties (such as personal details relating to a client’s existing board). We ask our clients to only send us data which is appropriate and to make sure that they have a lawful means of sending that data to us which allows us to lawfully process that data.
How we will use the information about you?
General
We process your personal data either where we have your consent to do so, which you may withdraw at any time, or otherwise where this is necessary for:
· The performance of our contract with you for the provision of our services or to take preliminary steps at your request;
· Us to fulfil our legal obligations; or,
· The purposes of the legitimate interests pursued by us or a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. Our legitimate interests are those indicated with a “*” below, and we consider that we have implemented sufficient checks and protections to ensure that your rights and interests are not unreasonably intruded on. You can however object to processing with regard to legitimate interests at any time and, if you do so, we will stop processing the personal data unless we can show compelling legitimate grounds which override your rights and interests, or we need the data to establish, exercise or defend legal claims – see also “Your rights” below.
Specific
We gather information from our website to allow us to answer any enquiries you raise with us through our website. The relevant information is then used by us to communicate with you. If you agree, we may also contact you about other products and services we think may be of interest to you.
1. We may also use aggregate information and statistics for the purposes of monitoring website use in order to help us develop our website and our services. We may also provide this aggregate information to third parties *.
2. Similarly, when we send emails to you we may use statistics on the emails we have sent, whether you had read them and other information which we find relevant *.
3. If we sell our business, or part of it, we may share your information with a buyer. They may not be in the same line of business as we are. We will ask any buyer to respect this privacy policy. Likewise your personal information may be passed on to a successor in interests in the unlikely event of a liquidation, bankruptcy or administration.
4. We may need to share data for legal or compliance purposes. This may include sharing your information with the ICO. We may also process your data to protect our business or in the interests of security, public interest or law enforcement. We may also need to disclose your data in connection with actual or proposed litigation, or to protect our property, security or people or to enforce our legal rights and interests.
Marketing
If you have given us permission, we may contact you by mail, telephone, SMS, text/picture/video message, social media or email to provide you with information about special features of our website or any other service we think may be of interest to you. If you would rather not receive this information, please simply email info@breach-navigator.com. If you agree to us providing you with marketing information, you can always opt out at a later date.
Other information-gathering technologies
1. We use a third party, Squarespace, for website hosting services. Their privacy policy can be found here - https://www.squarespace.com/privacy.
2. We also use various Google services including Google Maps to give directions to our venues and YouTube to show videos. Google’s privacy policy is here – http://www.google.com/policies/privacy/. We also use analytics tools from Google to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.
3. We sometimes shorten the internet urls we use using a url shortening service like bit.ly. Url shortening services may give us access to information on people who click through the link including the data and time that they access the link and their location. You can find out more about bit.ly and the way in which these services work here https://en.wikipedia.org/wiki/Bitly.
Telephones
In common with many other businesses we use VOIP technology when you call us or when we call you. You can find out more about VOIP here https://en.wikipedia.org/wiki/Voice_over_IP. Since your call will be relayed via the internet, we can’t control where your data is processed. Our VOIP services are managed on our behalf by Microsoft Teams. If you would prefer not to use VOIP you can call any of our team on their mobile phones.
We may also agree to hold calls with you by some other medium, particularly in times of crisis. That could include WhatsApp (https://www.whatsapp.com/) or Microsoft Teams (https://products.office.com/en-gb/microsoft-teams/group-chat-software or Zoom (https://zoom.us/). We can’t guarantee the security of these products and you should visit their websites to see their privacy and security policies.
How we protect your information
We have put in place security procedures and technical and organisational measures designed to help safeguard your personal information. We will use what we consider to be reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet (and VOIP) is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you.
Despite the measures taken by us and any third parties we engage the internet is not secure and as a result others may nevertheless intercept or access private transmissions or data. If you ask us to share data with third party sites their servers may also not be secure.
How long we keep your information
We will retain your personal data only as long as is necessary for the purposes set out in this Privacy Policy, or as is required by applicable law, and then we will delete it.
Access to your information and updating and correcting your information
1. You have the right to request a copy of the information that we hold about you; this right is subject to certain conditions and exceptions. If you would like a copy of some or all of your personal information, please send an email to info@breach-navigator.com.
2. We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided to Breach Navigator changes, for example if you change your email address or name, please let us know the correct details by sending an email to info@breach-navigator.com. You may ask us, or we may ask you, to correct information you or we think is inaccurate or not up to date, and you may also ask us to remove information which is inaccurate.
Your rights
1. To the extent permitted by law you have the right to access, update, correct, restrict, delete, be forgotten or object to the processing of, or request the data portability of the personal data collected about you subject to some conditions and exceptions. You can find out more about these rights in the UK by reading the UK General Data Protection Regulation (UK GDPR) here https://www.legislation.gov.uk/eur/2016/679/contents and please also see the UK Information Commissioner Office’s guidance here https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. By way of further information you may also wish to consult the UK Data Protection Act 2018, which can be found here https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted. Our glossary at http://www.Breach Navigatorcompliance.com/eu-data-protection-glossary/ also has information on some of these rights. If you wish to inquire about those rights or would like to submit a request then please send an email to info@Breach Navigator.com or send a letter to Breach Navigator Ltd., 32 Bankfield Drive, Nottingham, England, NG9 3EG.
2. As mentioned earlier, you have the right to opt-out of receiving communications from us at any time even if you have chosen to opt-in on an earlier occasion.
3. You also have the right to lodge a complaint with the ICO. You can contact the ICO at www.ico.org.uk.
4. Breach Navigator is committed to respecting all of the above rights in compliance with applicable laws and regulations. If you wish to inquire about any of those rights or have any concern, please contact us immediately using the contact details below. We will respond to any of your inquiries or concerns as soon as possible and in any case within 1 month of receipt of the request as per Art 12(3) GDPR.
Changes to Privacy Policy
We keep our Privacy Policy under regular review. If we change our Privacy Policy we will post the changes on this page, and place notices on other pages of the website, so that you may be aware of the information we collect and how we use it at all times. This Privacy Policy was last updated on 4 June 2024.
How to contact Breach Navigator
We welcome your views about our website and our Privacy Policy. If you would like to contact us with any queries or comments please send an email to info@breach-navigator.com or send a letter to Breach Navigator Ltd., 32 Bankfield Drive, Nottingham, England, NG9 3EG.
Links to other websites
Our website may contain links to other websites. This Privacy Policy applies only to this website so when you access links to other websites you should read their own privacy policies.