Privacy Policy

At Ginger Cat Cyber Security Limited, we are committed to protecting and respecting your privacy. This policy explains when and why we collect personal information, how we use it, and how we keep it secure. We aim to ensure that we comply with the General Data Protection Regulation (GDPR).

1. Who We Are

Ginger Cat Cyber Security Limited (“we”, “our”, “us”) is a UK-based cyber security company. Our registered office is at Belmont Suite, Paragon Business Park, Chorley New Road, Bolton. BL6 6HG. For the purposes of data protection laws, we are the data controller.

2. What Information Do We Collect?

We collect and process personal information that you provide to us voluntarily, including:

  • Name
  • Contact details (email address, phone number)
  • Job title
  • Company name
  • Any other information you provide via our website, email, or other communication channels.

We may also collect data automatically via cookies and similar technologies when you use our website, such as:

  • IP address
  • Browser type
  • Device information
  • Pages visited on our website

3. How We Use Your Information

We may use the information we collect in the following ways:

  • To provide you with information or services that you request from us.
  • To manage your enquiries and customer service.
  • To improve and personalise your experience on our website.
  • To comply with legal obligations, including responding to law enforcement requests.
  • To notify you about changes to our services or policies.

4. Legal Basis for Processing

We rely on the following lawful grounds under GDPR to process your personal data:

  • Consent: If you have provided your consent for us to process your data.
  • Contract: Processing is necessary for the performance of a contract with you.
  • Legal Obligation: We may need to process your data to comply with legal obligations.
  • Legitimate Interest: For business-related purposes, such as to improve our services or protect our business.

5. Who We Share Your Information With

We do not sell, trade, or rent your personal information to others. However, we may share your data with trusted third parties to perform specific business-related functions, such as:

  • IT and system administration providers
  • Legal, accounting, and auditing services
  • Marketing and communications partners (if you have opted in)

We ensure that any third parties with whom we share data adhere to GDPR regulations and protect your information.

6. International Transfers

If we transfer your personal data outside of the European Economic Area (EEA), we will ensure it is protected by using appropriate safeguards, such as binding corporate rules or standard contractual clauses approved by the European Commission.

7. How Long We Keep Your Information

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, or as required by law. Once the data is no longer needed, we will securely delete or anonymise it.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate data we hold.
  • Right to Erasure: You can request that we delete your personal data, subject to certain exceptions.
  • Right to Restriction of Processing: You can request that we limit how we process your data.
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to Object: You can object to us processing your personal data for direct marketing or legitimate interest purposes.

To exercise any of these rights, please contact us at:
Email: Hello@gingercat-cyber.com
Postal Address: Ginger Cat Cyber Security Limited, Belmont Suite, Paragon Business Park, Chorley New Road, Bolton. BL6 6HG

9. Security of Your Data

We use appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, or destruction.

10. Cookies

Our website uses cookies to improve user experience and analyse site traffic. You can manage your cookie preferences via your browser settings. For more details, please refer to our Cookie Policy.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in the law or our practices. We will notify you of any significant changes by posting the new policy on our website.

12. Contact Us

If you have any questions or concerns about this privacy policy, or if you want to exercise your data rights, please contact us at:

Ginger Cat Cyber Security Limited
Belmont Suite, Paragon Business Park, Chorley New Road, Bolton. BL6 6HG
Email: hello@gingercat-cyber.com
Phone: 01463 490660

 

Data Protection and Information Governance Process

Version: 1.0
Effective Date: 1 October 2024
Author: Colin Topping
Next Review Date: [1 October 2026]

1. Purpose

The purpose of this process is to ensure that Ginger Cat Cyber Security Limited (“we”, “our”, “us”) handles personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA 2018). This process outlines how we collect, use, store, and dispose of personal data, as well as how we safeguard data privacy rights and respond to data breaches.

2. Scope

This process applies to all employees, contractors, partners, and third parties working with Ginger Cat Cyber Security Limited. It covers all personal data collected, processed, stored, or transferred by the company, regardless of the format (electronic, paper, or other).

3. Data Protection Principles

We are committed to upholding the following data protection principles as defined by GDPR and the DPA 2018:

  1. Lawfulness, fairness, and transparency: Personal data must be processed lawfully, fairly, and in a transparent manner.
  2. Purpose limitation: Data must be collected for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes.
  3. Data minimisation: Data collected must be adequate, relevant, and limited to what is necessary for the purpose.
  4. Accuracy: Personal data must be accurate and, where necessary, kept up to date.
  5. Storage limitation: Data must be retained only for as long as necessary.
  6. Integrity and confidentiality: Personal data must be processed in a secure manner, protecting against unauthorised or unlawful processing, accidental loss, destruction, or damage.
  7. Accountability: We are responsible for demonstrating compliance with these principles.

4. Data Governance Roles and Responsibilities

  • Data Protection Officer (DPO): Responsible for overseeing data protection strategy and implementation, ensuring compliance with GDPR and DPA 2018. The DPO also acts as the primary point of contact for data subjects and regulatory authorities.
  • Information Governance Lead: Ensures that data handling procedures, information governance, and data security align with best practices and legal requirements.
  • All Employees, Contractors, Partners, and third parties working with Ginger Cat Cyber Security Limited: Every staff member must adhere to the data protection policies and report any potential risks, incidents, or breaches to the DPO.

4.1. Appointment of DPO

The DPO is appointed based on professional qualities, expert knowledge of data protection law, and the ability to perform the duties assigned under the GDPR and DPA 2018. The DPO operates independently and has sufficient resources to fulfil their responsibilities.

5. Data Collection and Processing

We collect personal data from individuals only for legitimate business purposes, ensuring transparency and the rights of data subjects. Data is collected via:

  • Consent forms
  • Client contracts and interactions
  • Website contact forms and cookies
  • Employee and contractor records

5.1. Lawful Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: Where explicit consent is provided by the individual.
  • Contract: Processing necessary to fulfil a contract with the data subject.
  • Legal obligation: Processing necessary for compliance with legal obligations.
  • Legitimate interest: Processing is in the legitimate interest of the company or third party, and the individual’s rights do not override these interests.

5.2. Special Categories of Data

If we need to process sensitive personal data (such as health data, racial or ethnic origin, political opinions, etc.), we will ensure additional safeguards are in place, including explicit consent or meeting one of the conditions specified under Article 9 of the GDPR and Section 10 of the DPA 2018.

6. Data Retention and Disposal

We retain personal data only for as long as necessary for the purpose for which it was collected. We maintain a Data Retention Policy that sets out specific retention periods for various categories of data.

  • Archiving: Data is regularly reviewed, and when it is no longer needed, it is archived securely.
  • Secure Disposal: Once data is no longer needed, it is securely deleted or destroyed. Physical records are shredded, and digital data is permanently erased.

7. Data Subject Rights

We uphold the rights of individuals to access, control, and manage their personal data. These rights include:

  • Right to be informed: Individuals have the right to know how their data is being collected, used, and stored.
  • Right of access: Individuals can request a copy of their personal data through a Subject Access Request (SAR).
  • Right to rectification: Individuals can request that inaccurate data be corrected.
  • Right to erasure: Individuals can request that their data be erased, subject to legal exemptions.
  • Right to restrict processing: Individuals can request limitations on the processing of their data.
  • Right to data portability: Individuals can request their data in a structured, machine-readable format.
  • Right to object: Individuals can object to data processing based on legitimate interest or direct marketing.
  • Rights related to automated decision-making and profiling: Individuals can request human intervention if decisions are made by automated means.

To exercise these rights, individuals can contact the DPO.

8. Security of Personal Data

We apply robust technical and organisational measures to protect personal data from unauthorised access, disclosure, or loss. These measures include:

  • Encryption: Personal data is encrypted both in transit and at rest.
  • Access Controls: Access to data is restricted to authorised personnel only, using role-based permissions.
  • Regular Audits: We conduct regular audits of our data processing activities to ensure compliance and identify areas for improvement.
  • Training: All employees receive data protection training, with regular updates as necessary.

9. Data Breach Management

In the event of a personal data breach, we follow a detailed Data Breach Response Plan. The steps include:

  1. Detection and Reporting: Any employee who identifies a breach must immediately report it to the DPO.
  2. Containment and Recovery: The DPO will assess the scope of the breach, take steps to contain it, and recover any compromised data.
  3. Notification: If the breach is likely to result in a risk to individuals’ rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours. Affected individuals will be informed without undue delay.
  4. Review and Mitigation: After managing the breach, we will conduct a thorough review of the incident and take steps to prevent future occurrences.

10. Data Sharing and International Transfers

We only share personal data with third parties where necessary and with appropriate safeguards. If personal data is transferred outside the European Economic Area (EEA), we ensure adequate protection by implementing:

  • Standard contractual clauses
  • Binding corporate rules
  • Data Protection Impact Assessments (DPIAs), where applicable

11. Data Protection Impact Assessments (DPIAs)

We conduct Data Protection Impact Assessments (DPIAs) when processing activities are likely to result in a high risk to the rights and freedoms of individuals. The DPIA identifies the potential risks and outlines measures to mitigate them.

12. Record of Processing Activities

We maintain a Record of Processing Activities (RoPA), which documents all data processing activities, including the purpose of processing, data categories, and retention periods. This record is regularly reviewed and updated.

13. Training and Awareness

We provide mandatory data protection training to all employees, contractors, and relevant third parties. Training is updated annually or as required due to changes in legislation or company processes.

14. Review of the Process

This process will be reviewed annually or more frequently if required by changes in legislation, operational processes, or data protection practices.

15. Contact Information

For any queries regarding this process or data protection practices, please contact:

Data Protection Officer
Ginger Cat Cyber Security Limited
Belmont Suite, Paragon Business Park, Chorley New Road, Bolton, England, BL6 6HG
Email: hello@gingercat-cyber.com
Phone: 01463 490660