Review Date: 16/Mar/2023
Classification: Confidential / Business Purposes Only / Public
Our Contact Details
Organisation Name: TechSecScot
Address: Provided on request
Telephone: Provided on request
What type of personal information do we collect?
We currently collect and process the following PII (Personal Identifiable Information):
The following Information is collected by our Payment Services Provider (Zettle by PayPal):
The following is collected by our web hosting provider (Google)
The Site uses Google Analytics by Google. Like many services, Google Analytics uses first-party cookies to report on visitor interactions. These cookies are used to store non-personally identifiable information, such as browser type, operating system, the date and time of a visit, where visitors came from, visited pages, the time spent viewing site, return visits to the site, and other anonymous metrics. This data is transmitted to Google and then used to compile statistical reports on User activity for the Site. We collect this non-personally identifiable information to better understand how Visitors use the Site, and to help manage and maintain the Site.
If You wish to opt-out of Analytics, please visit the Google Analytics opt-out page and follow the on-page instructions.
For a detailed guide on how to stop websites tracking you, please read the Personal Data Security Essentials document on our Blog page here - https://www.techsecscot.com/blog
You can generally opt-out of cookies from third-party advertisers and ad networks by visiting their Sites (if the advertiser or ad network offers this capability). It is also possible to opt out of some, but not all, of these cookies in one location at the Network Advertising Initiative (NAI), or Digital Advertising Alliance (DAA) opt-out web pages.
If You wish to disable cookies, you may do so through individual Internet browser options. More detailed information about cookie management with specific web browsers can be found at www.aboutcookies.org, or at the browsers' respective websites.
TechSecScot uses affiliate links to help with the running cost of the website. By clicking on these links, cookies may be stored in your browser cache. Our affiliates use these cookies to track where you came from and to log this information if you purchase a product or service. If you make a purchase. TechSecScot may receive a payment for signposting our affiliate. This costs you nothing and is paid from our affiliate directly to us.
Our affiliates include:
Amazon - The online shopping platform
Awin - Affiliate Marketing Platform
BSI - The Training and Standards provider
IT Governance - The Training provider
UDEMY - The online learning platform
TCM - The Cyber Mentor
No other links are affilliate
How do we collect this data?
Newsletter – Data is provided by you with your double consent. Consent can be withdrawn at any time by clicking the Unsubscribe button on any of the Newsletters. Our Mail List is operated by MailChimp who are the Controller of the PII. TechSecScot are the Processor.
Client Details – Provided by you with your consent or sourced from Companies House if required. TechSecScot are the Controller.
Payment Services – Provided by you to our provider with your consent as part of a contract of sale between you and TechSecScot. No Payment details are ever seen or processed by TechSecScot and any Requests for Information or Subject Access Requests in relation to Payment Services are fully the responsibility of the Payment Provider used for the transaction who will act as the controller. Service provided by Zettle at the time of writing.
Web Services – Data is not collected or processed by TechSecScot. The Controller and Processor of PII in relation to Cookies or Analytical data are the responsibility of the Hosting Provider. In the case of www.techsecscot.com at the time of writing, that controller/processor is Google.
How do we use this data?
Newsletter – We may use this data to better understand our followers. Enabling us to provide more efficient and relevant information or services. We will also send you updates on information available to the Cyber Security community and services we provide.
Client Details – As part of a contract with you to provide a service as per our terms of sale. Details will be used by TechSecScot to complete the required contract and complete the invoice for payment.
Payment Services – TechSecScot do not have access to or knowledge of the details you provide to the Payment Services Provider.
Web Services – TechSecScot do not have access to or knowledge of the information collected on Website visitors by the hosting provider Google.
Do we share your data?
TechSecScot do not share data with any organisation, company or individual outside of TechSecScot. Any data given by you to one of our service providers is the responsibility of that Service Provider or Data Controller/Processor.
Under EU General Data Protection Regulations (GDPR) TechSecScot collect and process PII under the following principles:
a. Your Consent. Consent may be withdrawn at anytime by unsubscribing or contacting the controler via email: firstname.lastname@example.org
b. We have a contractual obligation to hold the data.
How do we store your data?
Newsletter Subscriber Data – This data is held by the service provider on secure remote servers. Strict access requirements are in force for the security of subscribers. Data will be held for as long as consent is given or the service is withdrawn.
Client data is stored by TechSecScot. It is held in a secure premises, restricted access and encrypted for your security. Data is held for a period of 5 years after completion of the contract as per the requirements of UK legislation.
Payment Services – TechSecScot do not store this data
Website data – TechSecScot do not store this data
How is your data destroyed?
If TechSecScot no longer requires your PII or a Lawful Reason is no longer applicable, TechSecScot will remove all traces of your data from it’s systems. This is done by digital file shredding. The data is not recoverable in any form after this is completed. When no longer in use, the hard drives used in the processing of PII will be wiped completely ensuring total destruction.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk