Prime Vector Security

Privacy Policy

Last updated: [Insert Date]

  1. Introduction

This Privacy Policy explains how Prime Vector Security ("Prime Vector Security", "we", "us", or "our") collects, uses, discloses, and protects personal data when you use our services or interact with us in any way. We are a cybersecurity company based in England and are committed to safeguarding the privacy and security of your personal data.

We act as a "controller" of your personal data for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, visiting our website, or otherwise providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy.

  1. Contact Details

Prime Vector Security Region: England

If you have any questions about this Privacy Policy or how we handle your personal data, or if you wish to exercise your rights, you can contact us using the contact details provided on our website.

  1. Types of Personal Data We Collect

The types of personal data we may collect and process include:

3.1 Identification and contact details

  • Name
  • Job title and role
  • Company or organisation name
  • Business address
  • Email address
  • Telephone number and other contact details

3.2 Technical and usage data

  • IP address
  • Browser type and version
  • Device identifiers
  • Time zone setting and location (approximate)
  • Operating system and platform
  • Information about how you use our website, products, and services (including logs and diagnostic data)

3.3 Cybersecurity-related data In the course of providing cybersecurity services, we may process technical data that could include:

  • System and network logs
  • Metadata relating to communications (not normally including content)
  • Security alerts and incident data
  • Information relating to vulnerabilities, threats, and incidents within your systems or environment

Depending on the engagement, this data may occasionally contain personal data of your staff, clients, or end-users that is embedded in system or security logs.

3.4 Marketing and communications data

  • Your marketing preferences and consent records
  • Records of communications with you (such as emails, calls, and messages)
  • Responses to surveys, feedback forms, and event registrations

We do not intentionally collect special category data (such as health information, religious beliefs, or biometric data) or data relating to criminal convictions unless expressly required for a specific, lawful purpose, and only with appropriate safeguards.

  1. How We Collect Personal Data

We may collect personal data in the following ways:

  • Directly from you: when you contact us via our website, email, phone, or in person; when you request or purchase our services; when you participate in our events, training, or webinars; or when you subscribe to our communications.
  • From your organisation: when your employer or organisation engages us to provide cybersecurity services and shares staff contact details or relevant technical data.
  • Automatically: when you use our website or online services, we may collect technical and usage data through cookies, server logs, and similar technologies.
  • From third parties: such as business partners, subcontractors, analytics providers, public databases, or publicly available sources (for example, professional networking sites and corporate registries).
  1. Legal Bases for Processing

We process personal data only where we have a lawful basis under UK data protection law. These may include:

  • Contract: where processing is necessary for the performance of a contract with you or your organisation, or to take steps at your request before entering into a contract.
  • Legal obligation: where processing is necessary to comply with a legal or regulatory obligation.
  • Legitimate interests: where processing is necessary for our legitimate business interests or those of a third party, and these interests are not overridden by your data protection rights.
  • Consent: where you have given clear consent for us to process your personal data for a specific purpose (for example, for certain marketing activities). You may withdraw consent at any time.
  1. How We Use Personal Data

We may use personal data for the following purposes:

  • Providing and managing our cybersecurity services, including assessments, monitoring, incident response, consulting, and support.
  • Setting up and managing client accounts, billing, and payments.
  • Communicating with you about services, updates, incidents, and changes to our terms or policies.
  • Analysing and improving our services, website, and security measures.
  • Managing our relationship with you, including handling enquiries, feedback, and complaints.
  • Sending you marketing communications about our cybersecurity services, events, or publications, where permitted by law and your preferences.
  • Complying with legal and regulatory requirements, court orders, and requests from competent authorities.
  • Protecting our rights, security, systems, and property, and preventing, detecting, and investigating fraud, abuse, or cyber incidents.
  1. Cookies and Similar Technologies

Our website may use cookies and similar technologies to:

  • Enable website functionality and security
  • Remember your preferences
  • Understand how our website is used and improve its performance

Where required by law, we will obtain your consent before using non-essential cookies. You can manage or disable cookies through your browser settings, although this may affect the functionality of our website.

  1. Data Sharing and Disclosure

We may share personal data with:

  • Service providers and suppliers who process data on our behalf (for example, hosting providers, IT and security providers, communications and analytics services, professional advisers), subject to appropriate data processing agreements.
  • Your organisation or employer, where our services are provided to that organisation and disclosure is necessary for service delivery, reporting, or incident management.
  • Business partners or subcontractors involved in delivering our services, under strict confidentiality and data protection obligations.
  • Law enforcement agencies, regulators, courts, or other public authorities, where we are required or permitted by law to do so.
  • Third parties in connection with a business transaction, such as a merger, acquisition, or sale of assets, subject to appropriate safeguards.

We do not sell your personal data to third parties.

  1. International Transfers

While we are based in England, some of our service providers or partners may be located outside the UK. Where this results in the transfer of your personal data to a country that is not subject to an adequacy decision, we will ensure that appropriate safeguards are in place in accordance with UK data protection law, such as standard contractual clauses or other approved mechanisms.

  1. Data Security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include:

  • Access controls and authentication
  • Encryption and secure storage
  • Network and system monitoring
  • Regular security testing and assessments
  • Staff training and confidentiality obligations

However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

  1. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, contractual, or reporting requirements.

When determining appropriate retention periods, we consider:

  • The amount, nature, and sensitivity of the data
  • The potential risk of harm from unauthorised use or disclosure
  • The purposes for which we process the data and whether those purposes can be achieved by other means
  • Applicable legal requirements and industry practices

After the applicable retention period has expired, we will delete or anonymise personal data in a secure manner.

  1. Your Data Protection Rights

Under UK data protection law, you may have the following rights (subject to certain conditions and exemptions):

  • Right of access: to obtain confirmation as to whether we process your personal data and to access a copy of that data.
  • Right to rectification: to have inaccurate or incomplete personal data corrected.
  • Right to erasure: to request the deletion of your personal data in certain circumstances.
  • Right to restriction: to request the restriction of processing in certain situations.
  • Right to data portability: to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit it to another controller where technically feasible.
  • Right to object: to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
  • Rights in relation to consent: where processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the contact details on our website. We may need to verify your identity before responding to your request.

  1. Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance so that we can attempt to resolve your concerns.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO) Website: https://ico.org.uk/

  1. Children’s Privacy

Our services are generally intended for business and professional users and are not directed at children. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us, and we will take appropriate steps to delete such data.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this document, and, where appropriate, notify you through our website or by other means.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

Your Privacy and Data Protection

Prime Vector Security uses cookies and similar technologies to improve your browsing experience, analyse site traffic, and understand how our services are used. We only process personal data in accordance with UK GDPR and other applicable laws. You can choose which categories of cookies to accept and change your preferences at any time. For full details on how we collect, use, and protect your information, please review our Privacy Policy before continuing to use this website. View full Privacy Policy