Privacy Notice for Reinforce Services
Reinforce Services Limited is Security Consultancy and Services Business.
This notice explains to Reinforce Services Clients and other Data Subjects (“you/your”) how Reinforce Services (“we/us”) use your personal information.
This privacy notice covers:
- Why we use your personal information
- The legal basis for processing
- What personal information we use
- How we use your personal information
- Your rights under data protection legislation
- Sharing personal information with third parties
- How long we may keep your information
- Changes to our privacy notice
- Contact details for our Data Protection Officer
Why we use your personal information
Reinforce Services use the contact details of our Clients, so that we can communicate the scope, expectations and outcomes of our engements.
Reinforce Services offer a range of security consultancy services, including various penetration testing excercises, which involve testing our Clients infrastructure and security controls.
As part of these engagements, we may obtain various forms of personal infromation, which, if approved by our Clients, may then be used as part of our penetration testing methods.
We may also process your personal data for the following purposes:
- the verification of your identity where required
- for the prevention and detection of crime, fraud and anti-money laundering
- to allow us to improve the products and services we offer to our customers
- to ask for your opinion about our products
- to enable us to comply with our legal and regulatory obligations
- to offer new products and services to our Client contacts, which are relevant and appropriate, and only to the extent that would be reasonably expected.
If we plan to introduce further processes for the use of your information, we will provide information about that purpose prior to such processing.
The legal basis for processing
Under Data Protection Law, there are various grounds which are considered to be a ‘legal basis for processing’.
The legal basis for processing should be determined by the Data Controller.
Where we are the Data Processor, the legal basis is determined by our Client. Typically, the legal basis in this scenario is:
‘processing is necessary for the purposes of legitimate interests pursued by the controller’
Where we are the Data Controller, the legal basis for processing is based on:
‘processing is necessary for the purposes of legitimate interests pursued by the controller’
In both cases, the Legitimate Interest is that of ensuring the continued security and compliance of the systems and data within scope of the engagement in question.
It should be noted that in some circumstances this legal basis may vary, however, we always operate in full compliance with Data Protection Law and will only process data with a fair and reasonable legal basis for doing so.
What personal information we process
In order to carry out our services, we may obtain (either from the Customer or from you directly) and process the following information:
Names and Aliases
Job Titles
Email Addresses
Telephone Numbers
Usernames
Passwords
Email Correspondance
Documents and Files
Images and Video Footage
Call Recordings
Geo-Location Data
Vehicle Registration
How we process your personal information
We use personal information only to the extent required to carry out the services for our Clients.
Information may be used, if appropriate, to conduct technical penetration testing of our Customers infrastructure or workplace (at their request).
In the event that we collect personal information about client employees as part of any engagement, such information is not used for any other purpose outside of that engagement.
We have introduced appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information during storage, processing and transit.
Some of our supporting services might use cloud platforms that operate from Third Countries outside of the EEA. Where this is the case, we ensure that adequate safeguards are established to protect your data.
Your rights under Data Protection Law
Right to Access
You have the right of access to your personal information that we process and details about that processing.
Right to Rectification
You have the right to request that information is corrected if it’s inaccurate.
Right to Erasure (Right to be Forgotten)
You have the right to request that your information is removed; depending on the circumstances, we may or may not be obliged to action this request.
Right to Object
You have the right to object to the processing of your information; depending on the circumstances, we may or may not be obliged to action this request.
Right to Restriction of Processing
You have the right to request that we restrict the extent of our processing activities; depending on the circumstances, we may or may not be obliged to action this request.
Right to Data Portability
You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine readable format suitable for transferring to another controller.
Right to lodge a complaint with a supervisory authority
If you think we have infringed your privacy rights, you can lodge a complaint with the relevant supervisory authority. You can lodge your complaint in particular in the country where your live, your place of work or place where you believe we infringed your right(s).
You can exercise your rights be sending an e-mail to dpo@reinforce.services. Please state clearly in the subject that your request concerns a privacy matter, and provide a clear description of your requirements.
Note: We may need to request additional information to verify your identity before we action your request.
Sharing personal information with third parties
We use a range of trusted service providers to help deliver our services. All of our suppliers are subject to appropriate safeguards, operating in accordance with our specific instructions and limitations, and in full compliance with Data Protection Law.
These service providers include:
- Email Providers – To host and maintain our email communications
- Hosting Providers – to manage our secure enterprise datacentres
- Security Providers – to protect our systems from attack
- Telephony Providers – we might record calls for training, quality and security purposes
- Cloud Storage Facilities – to securley store our data and backups
If we need to change or add additional third parties, we will always update our Privacy Notice accordingly.
We will only disclose your information to other parties in the following limited circumstances
- where we are legally obliged to do so, e.g. to law enforcement and regulatory authorities
- where there is a duty to disclose in the public interest
- where disclosure is necessary to protect our interest e.g. to prevent or detect crime and fraud
- where you give us permission to do so e.g. by providing consent within the PPL Products and Services or via an online application or consent form
How long we may keep your personal information
We will only retain information for as long as is necessary to deliver the service safely and securely. We may need to retain some records to maintain compliance with other applicable legislation – for example finance, taxation, fraud and money laundering law requires certain records to be retained for an extended duration, in some cases for up to seven years.
Changes to our Privacy Notice
This policy will be reviewed regularly and updated versions will be posted on our websites.
Contact details for our Data Protection Officer
We have appointed a Data Protection Officer (DPO); their contact details are as follows: