The Chain Limited - Privacy Notice
Introduction
This notice sets out how The Chain Limited ("TCL") process
data on individuals, clients and service providers that TCL interacts with.
About us
TCL is a provider of information security services based in
Guernsey.
Data we hold
We process data in order to provide information security
assurance and advisory services. The types of data we collect and process
includes:
- Contact details (names, addresses, phone numbers, email address)
- Information provided in the course of provision of information security services (for example: technical details of IT systems, relationships with service providers, risks and controls, vulnerabilities, details of security incidents, user credentials and access codes)
- Information provided in the course of digital forensics investigations (for example: details of alleged incidents, forensic images of hard drives and other digital media, credentials and access codes)
- Information that we gather from public and open-sources including name, employer, date of birth, special interests, and contact details
- Meetings attended and calls made
- CCTV footage of our premises
- Any other information you provide to us
Purposes of processing
Purpose
|
Lawful basis
|
To enter into client relationships and provide information security
services
|
- The legitimate interest of The Chain Limited as a provider of information security services to process personal data for the purpose of providing those services
- In order to support legal proceedings
- To fulfil a contract we have entered into to provide information security services
|
To ensure the security of TCL premises, systems and staff
|
The legitimate interests of TCL in preventing and detecting
unauthorised access to its premises, systems and data
|
To provide evidence in support of audits and other reviews
|
The legitimate interests of TCL in providing information security
assurance and advisory services, to ensure it meets legal, regulatory and ethical
obligations
|
Sources and recipients of data
Sources include clients, service providers, or open-source
material. Potential recipients include:
- providers of legal services, courts, tribunals where disclosure is necessary to fulfil the purposes set out above
- law enforcement agencies where disclosure is necessary to meet legal obligations
All data is held within the EU, UK or Channel Islands.
Rights of data subjects
Data subjects for whom TCL holds data may have rights in
respect of their personal data. To exercise those rights, including withdrawal
of consent, right of access, or to update, correct or erase data, data subjects
should send requests to tcldataprotection@chainci.com.
Retention and destruction of data
TCL only retains data for as long as necessary to fulfil the purpose for which it was collected. Primary retention controls include:
- redaction of unnecessary sensitive data from larger data sets at the point of capture
- archival of completed engagements
- secure destruction all data relating to a client engagement seven years from the completion of the engagement
Destruction is subject to the exception where data cannot be removed for legal, regulatory
or technical reasons.
Changes to this privacy notice
This notice will be updated from time to time and published
on our website at https://chainci.com/privacy. This notice was last updated on 26th September 2019.