- IP address that you are connecting to this site with (this is show at the bottom of each page for your benefit)
- Time of access
- Details of which version of browser used e.g. “Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2”
- Pages your IP address accessed e.g. “GET /index.php/admin HTTP/1.1”
- Referrer IP (the site that brought you to this one, if available)
This information is collected/held by every website on the World Wide Web that you connect to, most of it is required for the WWW to operate the way it does.
2018-05-25 Update: we used to use google fonts, this meant that every time you came to our site a service provided by google would make the fonts that this site uses available to your device, we decided that your privacy was unnecessary being breached by this, so now all fonts are provided directly from this site using a secure connection. The cost of doing this is that the site now takes slightly longer to load. (Most sites still provide Google/Adobe/Apple et al. with your IP address using this mechanism)
2018-06-01 Update: The Referrer IP that is passed to the next site after you visit from this one was, we felt providing too much information to the next site, so now, we don’t provide this.
You can email us via our website forms or directly.
What we use this information for
This information is used to help us:
- Determine which pages get the most views
- Which pages fail to load
- Determine if unauthorized access is being attempted
- Which referrer is referring to us [Twitter, Facebook…]
Aggress Ltd is unable to identify you personally using just this information.
Where your data is stored
- Our host (UK Web Solutions) stores this site and its access logs (as described above) in an ISO 27001 accredited data centre in the UK and is subject to UK and EU data protection law and other relevant law.
- Log files which hold the information described above are held for up to 6 months in the secure data centre after which we have no access.
- Our host is required by law to hold logs which we have no access to for up to 1 year.
- IP addresses of those systems that have attempted to gain unauthorized entry to this site are retained for blocking and analysis purposes, and may be passed on to law enforcement as this is breach of the Computer Misuse Act 1991 in the UK.
Keeping your data secure
- Transmitting information over the internet is inherently not secure.
- We use https (TLS) to encrypt the data sent between your browser and this website, this ensures up to a point that it can’t be interfered with, this is however not 100% secure.
- Any data you transmit is at your own risk, it is in public domain as soon as it leaves your network.
- Information gained from your use of this website will not be shared with any other organizations by ourselves.
Disclosing your information
- We will only release the base information that is held as described above if we are legally forced to do so but not otherwise.
- Our host is required to retain information for longer under the Regulation of Investigatory Powers Act (RIPA) which we have no control or influence over.
We do not place cookies on your system.
If you find any being set, please report it to us.
Aggress Ltd does not hold any personal information outside that which it absolutely needs to provide your business with services. We operate B2B and do not work with consumers.
What data we hold
When you email/work with us we will store information about you and your business, these detail include – for basic interaction:
- your name
- email address(s)
- telephone number(s)
- billing/payment information (when you become a client)
- engagement source (website, email, telephone, referral…)
If you purchase a service from us we will ask you for further information in order to provide that service. Once a contract is in place we may contact you in future about the service you used, or about services directly related, we do not need your consent to do this, but we will respect your right opt out of further contact.
What we use this information for
We use this information to provide you with our service offering and thus:
- allow us to reply to your email
- inform you of our services within the context of the services used and provided by us
If you do not want to be contacted about our services after your initial enquiry please let us know by call, email, face to face or letter. If you do not want us to contact you or reply to your initial contact please don’t contact us!
Before you become a paying client paying we will retain your correspondence for a maximum of 1 year. When you become a customer we will hold data that we must retain to meet our statutory responsibilities (such as details of invoices sent to you, VAT related details) up to 6 + 1 years. For the Cyber Essentials Scheme we are required under contract to retain a copy of your report and any log files for a period of 6 years after the date of certification. For other services we will retain details other than those that are statutory requirements for a period of typically 1 year, some may be held longer where we believe it is in ‘our’ legitimate interests or ‘your’ best interests to do so.
Where your data is stored
We currently use Google G Suite for business to handle our email, contacts and calendar, and in some situation for file sharing with clients that also use this service. Please see the following link for Google’ Compliance Google Compliance Statements. We keep a close watch on our compliance requirements and will move or remove your information where a supplier that processes it for us does not meet the compliance requirements of the UK/EU (if you are a UK or EU citizen). Where we use a service based out of the UK/EU we ensure that they are registered with Privacy-Seal or/and Binding corporate rules or Model contract clauses are in place. When you become a customer your business information is stored in our ‘paid for’ accounts package, this a UK company and stored on UK servers, in an ISO 27001 accredited data centre, they are compliant with UK Data Protection Law.
Service Related information
Each customer record held by us for Cyber Essentials Basic/Plus that is commercially confidential or sensitive in electronic form is encrypted with AES 256, and the long key held in an encrypted password manager. The encrypted files are backed up to multiple separate encrypted storage mediums. Paper copies are held only where necessary in a locked metal filing cabinet, within code locked alarmed internal room within our alarmed access controlled office. Where possible paper copies are scanned and stored as above, the paper copy is then cross-cut shredded using a level 3 device.
Disclosing your information
We only allow access to your data when required by law, we do not and will never sell your details. We do not allow services such as Facebook, Twitter, LinkedIn, Snapchat and other social media platforms access to our contacts database and suggest you do likewise. We may contact you using LinkedIn, Twitter or Facebook (if you are already a member), no personal or commercial damaging information will be passed via these channels by ourselves, if you choose to pass or request information via one of those channels we will suggest a different medium.
Our email host (Google) has access to your contact details in order to provide its email and contacts and calendar services to us, we do not use third party add-ons that may use or have access to your data, as business user of Google G-Suite your emails to and from us are not scanned for marketing data. All future add-ons are/will be check that they comply with UK/EU privacy law.
We are evaluating CRM systems that are UK based and comply with GDPR and the DPA and will add details when we have found a compliant one!
Keeping your data secure
We use TLS connections and 2FA (two-factor authentication) to access our email accounts on secured devices. All backups are secured using AES 256, all keys are stored using AES 256. Information we hold is access controlled, backed up, encrypted and stored in the UK.
If our systems are ever compromised, we promise to inform our clients immediately where their data may have been compromised, and will self-report to the Information Commissioner’s office. An incident would include any breach of security leading to the alteration, unauthorised disclosure of, or access to, your identifiable personal or corporate data. We will notify affected users first, and then publish details of the breach on this site.
We do not use third party advertising companies to provide advertisements or allow third party advertisers to track your browsing.
Aggress Ltd, as a Cybersecurity and data protection consultancy company take security seriously as you would expect, to that end we have been externally audited to Cyber Essentials Plus, IASME Governance Gold standard and carry out frequent penetration testing. We are currently working with ISO 9001:2015 and ISO 27001:2013 systems but have not gained external accreditation due to the exorbitant ongoing cost of doing so, these costs would have to passed on to our valued clients.
IASME Governance Gold Standard
The IASME Standard This information assurance audit is repeated annually, and covers many aspects of ISO 27001, but is more suited to the smaller business.
Cyber Essentials Plus
The same service we offer to our clients was conducted by an external auditor Terabyte IT, this is repeated annually. We also carry out our own tests frequently.
We have been certified as being GDPR Ready as of November 2017, David Evans is certified to access GDPR Readiness in association with IASME. We are actively working to help businesses complying with GDPR and the Data Protection Act 2018.
The following aspects are insured
- Public and Products Liability
- Professional Indemnity
- Employee Liability
Aggress Ltd will only collect personally identifiable data, such as your name, address, telephone number, or email address, when it is voluntarily submitted to us at this website or as part of providing our services to your business. This information will may be collected through an online form or when you contact Aggress Ltd regarding any other matter. Where you have made available a business card we may use the information to contact you and that information may be added to our contacts list (but not mailing list).
If we are going to use your personally identifiable information in a manner different from that stated at the time of collection through this Website, we will notify you via email. You will have a choice whether we use your information in this different manner. In addition, if we make any material changes in our privacy practices that do not affect user information already collected through our site, we will post a prominent notice on our website notifying users of the change.
Access to Your Information
Right to be Informed
We hold only what is needed for the purpose of the service you have chosen, or where you have provided the data.
Erasure/Right to be forgotten
If you would like us to delete any information we have about you, we shall do so at your request unless its part of a condition of using one of our services, or we are legally required to retain it. We will ask you to verify your identity before we take any action. In the event you do not want to be contacted by us again, just let us know by any means (we would appreciate if you told us why), we will confirm that your request has been received and that will be the final intentional communication from us.
You can obtain the types of personal data we hold about you at any time, we will respond to your request to access within 1 Month. At any time you can ask us to make changes to ensure what we hold is accurate (subject to any legal requirements). Before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity.
We hold only what is needed for the purpose of the service you have chosen, or where you have provided the data, no non-essential processing is carried out.
Automating Processes or Profiling
We may at times do a high level background checks of potential business clients (profiling), this involves using public domain registries such as but not limited to ‘Companies House’. This a manual task, and is only done to protect our interests and reputation, it is within our legitimate interests to do so, if you object to this please take your business elsewhere.
We hold only what is needed for the purpose of the service you have chosen, or where you have provided the data, personal data is limited to what you have provided, which you are welcome to have back.
Right to object
We don’t operate a mail list directly other than for highly technical clients who choose to get very occasional technical updates from us. You can object to being on this list at any time. All other processing of personal data is required by to meet the needs of our contractual or legal obligations.
Sales, Mergers and Acquisitions
In the event of a sale, mergers or acquisition all data will be transferred to the new entity, employee information will be passed under TUPE.
Cease trading or Administration
In the event of Aggress Ltd ceasing operations entirely all personal data will be retained in accordance with the law. Logs and data records will be retained in keeping with the obligations of a running entity, i.e. 6 years for Cyber Essentials Plus.
Operational historical records will be retained as per company and taxation law.
We do not intentionally collect information from persons under the age of 16.
Third Party Links and Advertisement
As a convenience to our visitors, this site contains links to past or current clients and sources of information which we believe at the time of linking will be of benefit to our visitors. The privacy policies and procedures described here do not apply to those linked sites. We suggest contacting those sites directly for information on their own data collection and distribution policies.
Our aim to deliver good value to our clients as we really do care.
If you feel you have not got the service to the standard you expected during the delivery of our offerings and you wish to complain, feel free to:
- Raise the issue directly with agent/assessor.
- Email ‘complaints @ aggress.co.uk’ (remove the spaces)
We will endeavour to resolve any issues which we have control or influence over within no more than 30 days, where an issue is outside our control we will do our best to work with you to gain satisfaction.
If you have an issue with a Cyber Essentials assessment result and wish to appeal, you have 30 days to do from the report being issued.
In the first instance please email or call to discuss the issue, where an error has been made we will seek to rectify it, however the NCSC/Cyber Partner (IASME) are the final arbiters on such issues.
At all times we value your constructive feedback, we welcome all suggestions to make our offerings and services better.
Annually we carry out customer satisfaction surveys, you are under no obligation to complete this and are free to let us know if you would not like to take part at any time, or to give us direct feedback.
We send these only to those clients that have engaged with us under contract and will relate to the service offering you received and as such they do not require consent, we of course will respect your right to opt out.
For other constructive feedback please email ‘feedback @ aggress.co.uk’ (remove the spaces)