www.redseclabs.com (our website) is provided by RedSecLabs Limited ("we", "our" or "us"). We are the controller of personal data obtained via our website. (For controller/processor concepts, see ICO guidance.)
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR).
Important: Given the nature of our website, we do not expect to collect the personal data of anyone under 13 years old. If you are aware that any personal data of anyone under 13 years old has been shared with our website, please let us know so that we can delete that data.
This privacy policy relates to your use of our public website only. Our client engagements are covered by the service agreement and any client privacy notices. Our site contains links to third-party websites (eg, external resources, Calendly booking pages). Those are governed by their own privacy policies.
The personal data we collect about you depends on the particular activities carried out through our website. We will collect and use the following personal data about you:
We do not intentionally collect special category data via the website. Sometimes you can choose if you want to give us your personal data and let us use it. Where that is the case, we will tell you and give you the choice before you give the personal data to us.
We collect personal data from you:
Under data protection law, we can only use your personal data if we have a proper reason, such as:
| What we use your personal data for | Our reasons |
|---|---|
| Creating and managing your account with us | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price |
| Providing services to you | To perform our contract with you or to take steps at your request before entering into a contract |
| Conducting checks to identify you and verify your identity or to help prevent and detect fraud | For our legitimate interests, i.e. to minimise fraud that could be damaging for you and/or us |
| Customising our website and its content to your preferences | Your consent as gathered by the separate cookies tool on our website OR for our legitimate interests where consent is not required |
| Analytics and performance measurement | Your consent for analytics cookies OR legitimate interests where DUAA low-risk analytics exemption applies |
| Marketing our services to existing and former customers | For our legitimate interests, i.e. to promote our business to existing and former customers |
We will use your personal data to send you updates (by email, text message or telephone) about our products and/or services, including exclusive offers, promotions or new products and/or services.
We may send B2B marketing to corporate subscribers (e.g., your work email) under PECR on a legitimate-interests basis; we include unsubscribe in each message and honour opt-outs. For individuals (e.g., sole traders), we will only send electronic marketing in line with PECR (consent/soft opt-in as applicable)
We routinely share personal data with:
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We will not keep your personal data for longer than we need it for the purpose for which it is used. For example:
| Record Type | Typical Retention | Rationale |
|---|---|---|
| Website enquiries / quotes | Up to 24 months from last interaction | Manage repeat queries; understand pipeline |
| Booking metadata (Calendly) | Up to 24 months from appointment date | Scheduling history and follow ups |
| Client and contract records | Up to 7 years after end of engagement | Accounting, tax, legal limitation |
| Suppression lists (Opt-out) | Indefinitely (minimum necessary) | Ensure no further marketing is sent |
Countries outside the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
It is sometimes necessary for us to transfer your personal data to countries outside the UK. In those cases we will comply with applicable UK laws designed to ensure the privacy of your personal data.
Under data protection laws, we can only transfer your personal data to a country outside the UK where:
We use essential cookies to make the site work. We may also use functionality and analytics cookies to improve the site and understand usage:
You generally have the following rights, which you can usually exercise free of charge:
The right to be provided with a copy of your personal data
The right to require us to correct any mistakes in your personal data
The right to require us to delete your personal data - in certain situations
The right to require us to restrict use of your personal data in certain circumstances
The right to receive your personal data in a structured, machine-readable format
Object to processing based on legitimate interests or to direct marketing at any time
To exercise your rights: Please email us at [email protected]. When contacting us please provide enough information to identify yourself and let us know which right(s) you want to exercise.
We implement appropriate administrative, technical and organisational measures (e.g., access controls, encryption in transit, environment hardening, vulnerability management, audit logging) proportionate to risk. While no system is 100% secure, we continually improve controls. We will notify you and the ICO of a personal data breach where legally required.
Please contact us if you have any queries or concerns about our use of your personal data (see below 'How to contact us'). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with the Information Commissioner. They may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
We may update this policy from time to time. If changes are material, we will highlight them on this page and, where appropriate, notify you by email.