Aggress Ltd
Suite 1008
Aviation House
Glasgow Prestwick Airport
Prestwick
South Ayrshire
KA9 2PL

CyberAggress

Second Floor, above the check in desks

CyberAggress

Website Privacy

This includes:

  • IP address
  • details of which version of browser used
  • which pages your IP address accessed

This information is collected/held by every website on the internet that you connect to.

This helps us to:

  • determine which pages get the most views
  • which pages fail to load
  • determine if malicious/hacking is being attempted

We can’t personally identify you using this information.

Where attempts are made to gain entry to our host we will log that IP address, this will be stored for the purpose of blocking any further attempts, it also may be passed on to law enforcement as this is breach of the Computer Misuse Act 1991 in the UK.

Where your data is stored

  • Our host stores this site and its access logs (as described above) in an ISO 27001 accredited data center in the UK.

Keeping your data secure

  • transmitting information over the internet is generally not completely secure, and we can’t guarantee the security of your data
  • we use https / TLS to encrypt the data sent between your browser and the hosts web server (the software that delivered the data you are reading)
  • any data you transmit is at your own risk, it is public as soon as it leaves your network
  • we have procedures and security features in place to keep your data secure as feasibly possible once we receive it
  • we will not share your information with any other organisations for marketing, market research or commercial purposes
  • we do pass on your details to other websites

Disclosing your information

We will only release your personal information (if we have it), if we have a legal obligation to do but not otherwise.

Privacy

Aggress Ltd does not hold any personal information outside of that which it explicitly needs to provide you services. We are a B2B and do not work with public consumers.

What data we hold

When you email/work with us we will store information about you and your business

These detail include – for basic interaction:

  • your name
  • email address(‘s)
  • telephone number(s)
  • billing/payment information
  • engagement source (website, email, telephone,networking…)

If you purchase a service from us we will ask you for further information in order to provide that service.

We hold this information to:

  • allow us to reply to your email
  • allow us to contact you in future unless you state otherwise
  • inform you of our services within the context of the services used and provided by us
  • provide service

If you do not want to contacted about our services please let us know, either by call, reply email or direct email

If you do not want us to contact you or reply to your email please don’t email us!

Data retention

When you become a customer we hold data that we must retain to meet our statutory responsibilities (such as details of invoices sent to you, VAT related details).

For Cyber Essentials Basic, we do not keep a copy of the report on our systems, a copy may be available from IASME (the accreditation body) who will of sent you the certificate, we do retain details (date of certification) such that we can offer re-certification one year on.

For Cyber Essentials Plus (CES+) we hold the report and test findings for three months, we can send the test logs within this time, but only where there is authorisation provided to release them, we will contact you 11 months after certification to offer our services for renewal. This information is encrypted and backed up, if you do not want this retained let us know.

Where is your data held

Email

We use Google GSuite to handle our email and contacts: Google Compliance Statements

We keep a close watch on our compliance requirements and will move or remove your information where a supplier does not meet the compliance requirements of the UK/EU if you are a UK or EU citizen. Where we use serveis based in the US we ensure that they are registered with Privacy-Seal.

When you become a customer your business information is stored in our accounts package, this a UK company and stored on UK servers, in ISO27001 accredited data centres.

Service Related information

Each customer record held by us for Cyber Essentials Basic/Plus is encrypted with AES, and the key held in a encrypted password manager. The files are backed up to multiple separate storage mediums.

Third Party Access

We only allow access to your contact details when required by law, we do not and will never sell your details.

We do not allow services such as Facebook, Twitter, LinkedIn, Snapchat and other social media platforms access to our contacts database and suggest you do likewise.

We may contact you using LinkedIn, Twitter or Facebook (if you are  already a member), no personal or technically damaging information will be passed via these channels.

Our email host (Google) has access to your details in order to provide its email and contacts service to us, we do not use third party add on’s that may use or have access to your data others that we may us that do not have access as required for the provision of our service comply with UK EU data privacy law.

We are evaluating CRM systems that comply with GDPR and the DPA and will add details when we have found a compliant one!

Keeping your data secure

We use TLS connections and 2FA (two factor authentication) to access our email accounts on secured devices. All backups are secured using AES 256.

Information we hold is access controlled, backed up, encrypted and stored in the UK.

Transparency

If our systems are ever compromised, we promise to inform users immediately after an incident, and will self-report to the Information Commissioner. An incident would include any breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, your personal or corporate data.

We’ll notify affected users first, and then publish details of the breach on this site.

Cookie Policy

We do not place cookies on your system.

If you find any being set, please report it to us, we regularly review this sites security.

Email from aggress.co.uk

If you receive email from us that is inappropriate or not what you would expect, please email us via phishingspam@aggress.co.uk and we will look in to it, we are using technology to avoid our email address being used for these activities. (See below)

We have implemented DMARC, SPF and DKIM

DKIM

(DomainKeys Identified Mail), this an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific mail server is indeed authorised by the us. It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam.

SPF

(Sender Policy Framework), is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from us comes from a host authorized by that us. The list of authorised sending hosts for us is published in the Domain Name System (DNS) records for our domain in the form of a specially formatted TXT record. Email spam and phishing often use forged “from” addresses, so publishing and checking SPF records can be considered anti-spam technique.

DMARC

(Domain-based Message Authentication, Reporting & Conformance) , is an email-validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organisations. DMARC counters the illegitimate usage of the exact domain name in the From: field of email message headers.

DMARC is built on top of two existing mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It allows us to publish a policy on which mechanism (DKIM, SPF or both) is employed when sending email for aggress.co.uk and how the receiver should deal with failures. Additionally, it provides a reporting mechanism of actions performed under those policies. It thus coordinates the results of DKIM and SPF and specifies under which circumstances the From:header field, which is often visible to end users, should be considered legitimate.

PGP GPG/GnuPG

Our public key is: available on request

Other email from us

You may get email from us from other domains as part of vulnerability testing, this will be made know at the time of testing.

Compliance

Aggress Ltd, as a Cyber Security take security seriously, to that end we have been externally audited to Cyber Essentials Plus and IASME Governance Gold standard. We are currently working towards ISO 27001:2013 and ISO 9001:2015.

IASME Governance Gold Standard

The IASME Standard
This information assurance audit is repeated annually, and covers many aspects of ISO 27001.

Cyber Essentials Plus

The same service we offer to our clients was done to us by an external auditor Terabyte IT this is repeated annually.

Insurance

We are insured by Hiscox for the following business activities:

  • Public and Products Liability; £2,000,000 (European Union)
  • Professional Indemnity; £5,000,000 (excluding USA and Canada)