HomeCyber EssentialsCE PlusArticlesFAQPricingAboutContact
Free Consultation

Privacy Policy

How we collect, use, and protect your personal information

Last updated: January 2025

Introduction

Net Sec Group ("we", "our", or "us") operates the cyberessentialsplus.com website and provides Cyber Essentials certification services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Information We Collect

Personal Information

We may collect the following personal information:

  • Contact Information: Name, email address, phone number, company name, and job title
  • Assessment Information: Technical information about your IT systems and security controls for certification purposes
  • Payment Information: Billing address and payment details (processed securely through third-party providers)
  • Communication Records: Records of our communications with you, including consultation notes and support requests

Automatically Collected Information

When you visit our website, we automatically collect:

  • Usage Data: Pages viewed, time spent on pages, and navigation patterns
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Cookies and Similar Technologies: See our Cookie Policy below for details

How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide Cyber Essentials certification services and assessments
  • Communication: To respond to inquiries, provide support, and send service-related communications
  • Compliance: To meet legal and regulatory requirements, including IASME reporting obligations
  • Improvement: To analyse and improve our services, website, and customer experience
  • Marketing: To send relevant information about our services (with your consent where required)
  • Security: To protect against fraud, unauthorised access, and other security threats

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract: Processing necessary for performing our certification services
  • Legitimate Interest: For business operations, security, and service improvement
  • Consent: Where you have given clear consent for specific processing activities
  • Legal Obligation: To comply with regulatory and certification body requirements

Data Sharing and Disclosure

Third-Party Service Providers

We may share your information with trusted third parties who provide services on our behalf:

  • IASME: Required reporting for certification compliance and directory listings
  • Payment Processors: Secure processing of payments (we do not store full payment card details)
  • Technology Providers: Website hosting, email services, and customer management systems
  • Professional Advisors: Legal, accounting, and other professional services

Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal obligations, court orders, or regulatory requirements
  • Protect our rights, property, or safety, or that of others
  • Investigate potential fraud or security incidents

International Transfers

Your data may be transferred to and processed in countries outside the UK/EEA. When we do this, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the UK Information Commissioner's Office
  • Standard contractual clauses approved by UK authorities
  • Certification schemes and binding corporate rules

Data Retention

We retain your personal information for different periods depending on the purpose:

  • Certification Records: 7 years from certification expiry (regulatory requirement)
  • Contact Information: Until you opt out or request deletion
  • Website Analytics: 26 months maximum
  • Marketing Communications: Until you unsubscribe
  • Financial Records: 6 years (legal requirement)

Your Data Protection Rights

Under GDPR, you have the following rights:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, please use our contact form to get in touch with our data protection team.

Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and updates
  • Staff training on data protection
  • Incident response procedures

Cookies and Tracking

Our website uses cookies and similar technologies for:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: To understand website usage (Google Analytics)
  • Marketing Cookies: To deliver relevant advertising (with consent)

You can control cookies through your browser settings. However, disabling cookies may affect website functionality.

Third-Party Links

Our website contains links to third-party websites, including Net Sec Group's main website and payment processors. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing personal information.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information promptly.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Updating the "Last updated" date
  • Sending email notifications for material changes (where we have your email)

Contact Information

For questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer

For any questions regarding this Privacy Policy or to exercise your data protection rights, please use our contact form to get in touch with our Data Protection Officer.

Contact Data Protection Team

Net Sec Group Ltd
Data Protection Enquiries
United Kingdom

Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Terms of ServiceContact Us

Ready to get certified?

Get CECall Us