Our Data Protection Privacy Notice


This webpage provides you with information about how we are handling, or are intending to handle, your personal information.


About us

Knox Cyber Security Ltd provides Information security assurance services, penetration testing services and consultancy. We are based in the UK (South Wales). Knox Cyber Security Ltd is committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. The data controller of the personal data referred to in this policy is Knox Cyber Security.  Registered office:  8 Caroline Point, 62 Caroline Street, Jewellery Quarter, Birmingham, B3 1UF


Collection of personal data

Knox Cyber Security Ltd may collect and/or create or otherwise obtain and process the following data about you:

  • Information about you that you provide by filling in forms while registering for downloads, service or product sales applications or requests for information through our website https://information-assurance.co.uk
  • We may also ask you for information when you contact us or make a complaint and, if you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete optional surveys that will be used to provide you with a more relevant customer experience, service reviews/feedback, or in some cases, to answer research questions. The type, purpose and use of this data will be clearly laid out at the time of request.
  • Details of when you digitally interact with Knox Cyber Security Ltd via our website and other digital channels and the resources that you access which may include the use of cookies (subject to our Cookie policy).
  • Information about emails and other communications we have sent to you and your interaction with them.


Uses made of your information and the basis of processing

Knox Cyber Security Ltd will use your personal information to;

  • Ensure that content from our websites is presented in the most effective manner.
  • Carry out our obligations arising from any contracts entered into between you and Knox Cyber Security Ltd.
  • Provide you with information, products or services that you request from Knox Cyber Security Ltd or which we feel may interest you, where we are legally entitled to do so.
  • Notify you about changes to our service;Knox Cyber Security Ltd will not use any of the personal information we collect from you to make automated business decisions.

The legal basis on which we collect and process the personal data described above depends on the personal information concerned and the specific context in which we collect it. However, we will only use your personal information where we;

  • Have your consent to do so.
  • Need the personal data to perform and deliver a contract in place with you.
  • Need to process your personal information for our legitimate interests and only where our legitimate interests are not overridden by your data protection interests or fundamental rights and freedoms.
  • Have a legal obligation to collect personal information from you. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time, and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information).


Information security

Knox Cyber Security Ltd will take all steps reasonably necessary including policies, procedures, and security controls to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this notice. We maintain Cyber Essentials as part of our process of continual improvement.


Recipients of personal data

We will share information about you with some of our suppliers who process data on our behalf to help us to provide services to you. We undertake this data sharing on the basis of our legitimate interests.
Categories of organisation and purpose

Knox Cyber Security Ltd registered event organisers – to enable event organisers to manage Knox Cyber Security Ltd registered activities and communicate with participants


International transfer of personal data

We do not envisage transferring any information about or relating to individuals to anyone outside of Knox Cyber Security Ltd who is located outside of the European Economic Area.


Data retention period

We will hold information about you in our data systems only for as long as we need it for the purpose for which we collected it, which is as follows;

  • As long as you continue to be an active customer in use of our services (including purchasing services/products, engaging with emails and downloading content) we will retain and process information about you. In such cases, you will be considered to be an ‘active’ customer. If you have not been ‘active’ as a customer for a period of three years, Knox Cyber Security Ltd will annually delete/anonymise any personal data held relating to you.
  • Personal data gathered as part of the delivery of professional or managed services about you, or employees or customers will be maintained for the minimum document period as defined by regulation and/or legislation. If this is not defined then it will be held for a maximum of 3 years.
  • Personal data linked to the processing of insurance claims, subject access requests, disputes, disciplinary or police matters will only be kept for as long as it necessary for those purposes, as each is applicable.


Your rights as a data subject

Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below;

  • Right to be informed – You have the right to know what data we collect and why and how we process it.
  • Right of access – You have the right to obtain a copy of the information we hold about you.
  • Right of rectification – If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it.
  • Right of erasure – You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data.
  • Right to restriction of processing – You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
  • Right to Portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
  • Right to Object – You have a right to object to our processing your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
  • Right to Withdraw Consent – You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent. You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below.


To Lodge a Complaint with the Supervisory Authority

You have a right to lodge a complaint about our handling of your personal data with the ICO, who are the UK’s supervisory authority for GDPR.  You may do so here: www.ico.org.uk/concerns


Changes to our privacy policy

Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by date-stamped communication.


Marketing Communications

If you would like to opt-out of our marketing communications, please email us at privacy@information-assurance.co.uk  from the email you wish to unsubscribe.


How to contact us

If you wish to contact us about your personal data or exercise any of the rights described above please contact: privacy@information-assurance.co.uk

Data Protection, Knox Cyber Security Ltd.  8 Caroline Point, 62 Caroline Street, Jewellery Quarter, Birmingham, B3 1UF.