phone icon 0161 410 1337
Contact Us

Exosec Limited

Privacy Policy

1. Introduction

Exosec takes our obligations under data protection legislation seriously and we are committed to protecting the privacy of our clients and employees.

Our privacy policy is designed to specify what personal data is, how Exosec collect, process, and protect any personal information that is relevant to our clients or employees in accordance with UK-GDPR and Data Protection Act 2018.


2. Data Controller

Exosec's commitment extends to simplifying the complexities of cyber security. Recognising what can at times seem like an overwhelming nature of cyber security intricacies, especially for those unacquainted with technical terms, the company takes pride in its clear, concise and accessible communication.

This dedication to clarity ensures that insights into our client’s cyber security risks can result in well-informed decisions. The culmination of these efforts has solidified Exosec's role as a trusted security partner.


3. Personal Data We Collect

Personal data, or personal information, is information that relates to an identified or identifiable individual. Personal data that Exosec may collect, and process might differ depending on who is the information relates to. We collect and process different data from our employees and from the clients.


Exosec collects, store and processes following personal data from employees:

  • Name, home address, email address, and phone number,
  • Date of birth, National Insurance number, nationality, gender, marital status, next of kin, dependants, emergency contacts,
  • Payment information (bank account number),
  • Right to work in UK, criminal records,
  • information about previous employment, skills, references,
  • and others mentioned in our internal document Employee Privacy Notice (GDPR).

Exosec collects, stores and processes the following personal information from our clients:

  • Name, email address, telephone number
  • job title, company name, company address
  • payment information (bank details),
  • information about services clients use or may be interested in,
  • Technical data including IP addresses, login credentials, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

4. How We Collect Personal Data

Exosec may use various methods to collect personal data. We use either direct interactions with individuals, or we can use automated technologies.

Direct interactions enable us to collect personal information directly from the individual. These interactions can include:

  • job applications,
  • contacting us via telephone number or our email address provided on the Internet,
  • third party/suppliers.

Automated technologies are mostly connected to our website. They are presented by cookies, server logs and other similar technologies that automatically collect personal technical data.


5. How We Use Personal Data

Exosec will only use your personal data for the purposes for which it was collected.

Personal data collected from our clients will be used for following purposes:

  • Communication with clients and relevant third parties,
  • Providing products and services to our clients,
  • Maintaining and improving quality of our products and services,
  • Processing payments (receiving money for invoices, or sending credit notes),
  • Complying with legal obligations.

Employees personal information will be processed as per our Employee Privacy Notice (GDPR)


6. Legal Basis for Processing Personal Data

Exosec will only process personal data if we have a legal basis for doing so, including:

  • Consent of the individual,
  • Performance of a contract,
  • Compliance with a legal obligation,
  • Legitimate interests of our company.

7. Data Security

We take the security of your personal data seriously. Exosec has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by employees in the performance of their duties. We review and update our security measures on regular basis to ensure they are effective and up to date with current cyber best practices.


8. Data Retention

Exosec will retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. We will securely dispose of personal data when it is no longer needed.

Employees personal information will be stored as per our Employee Privacy Notice (GDPR).


9. Sharing Personal Data

Exosec may share personal data with trusted third-party service providers who assist us in providing products and services. Where Exosec engages third parties to process your personal data on our behalf, they do so based on written instructions, they are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.


10. International Data Transfers

We do not transfer your personal data to a country outside of the European Economic Area (EEA). If we need to do so, Exosec will ensure that appropriate safeguards are in place to protect personal data in accordance with data protection legislation.


11. Individual Rights

Data subjects have the multiple rights in relation to their personal data. They have right to:

  • access personal data,
  • correction of personal data,
  • rectify personal data,
  • erasure of personal data,
  • data portability,
  • restrict processing of personal data,
  • object to processing of personal data,
  • withdraw consent.

12. Complaints

Individuals have the right to lodge a complaint with the Information Commissioner's Office (ICO) if they believe their personal data has been mishandled.


13. Review and Update

This privacy policy will be reviewed and updated periodically to ensure that it remains compliant with data protection legislation and our company's practices.