Website Privacy

This includes:

  • Domain and IP address e.g aaa.bbb.ccc.ddd
  • Time of access
  • Details of which version of browser used e.g. “Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2”
  • Which pages your IP address accessed e.g. “GET /index.php/admin HTTP/1.1”
  • Referrer IP (this site that lead you to this one)

This information is collected/held by every website on the world wide web that you connect to, most of it is required for the WWW to operate the way it does.

You can email us via our website forms, in which case you can choose or not to provide your name and email address.

What we use this information for

This information is used to help us:

  • Determine which pages get the most views
  • Which pages fail to load
  • Determine if malicious/hacking is being attempted
  • Which referrer is referring to us [Twitter, Facebook…]

We are unable identify you personally using just this information 

Where your data is stored

  • Our host (UK Web Solutions) stores this site and its access logs (as described above) in an ISO 27001 accredited data center in the UK and subject to data protection law.

Retention

  • Log files other than those that are of malicious intent are held for up to 6 month in the secure data centre after which they are destroyed.
  • IP addresses of those systems that have attempted to gain unauthorised entry to this site are retained for blocking and analysis purposes, and may be passed on to law enforcement as this is breach of the Computer Misuse Act 1991 in the UK.
  • We don’t retain your name, email address or message on this web site if you use the email form, this held by our email service provider please see the email privacy policy.

Keeping your data secure

  • Transmitting information over the internet is inherently not secure
  • We use https / TLS to encrypt the data sent between your browser and this web site, this ensures up to a point that it can’t not be interfered with, this is however not 100% secure
  • Any data you transmit is at your own risk, it is in public domain as soon as it leaves your network
  • Information gained from your use of this website will not be shared with any other organisations by ourselves

Disclosing your information

We will only release the base information that is held as described above, if we have a legal obligation to do so but not otherwise. Our host may be required to retain information for longer under the Regulation of Investigatory Powers Act (RIPA) which we have no control or influence.

 

 

 

 

 

Cookie Policy

We do not place cookies on your system.

If you find any being set, please report it to us.

 

Privacy

Aggress Ltd does not hold any personal information outside of that which it explicitly needs to provide your business with its services. We operate B2B and do not work with public consumers.

What data we hold

When you email/work with us we will store information about you and your business, these detail include – for basic interaction:

  • your name
  • email address(s)
  • telephone number(s)
  • billing/payment information (when you become a client)
  • engagement source (website, email, telephone,networking…)

If you purchase a service from us we will ask you for further information in order to provide that service.

What we use this information for

We use this information to provide you with our service offering and thus

  • allow us to reply to your email
  • inform you of our services within the context of the services used and provided by us

If you do not want to contacted about our services please let us know, by call, email of face to face.

If you do not want us to contact you or reply to your email please don’t email us!

Data retention

Before you become a paying client paying we will retain your correspondence for 1 year.

When you become a customer we hold data that we must retain to meet our statutory responsibilities (such as details of invoices sent to you, VAT related details).

For the Cyber Essentials Scheme we are required to retain a copy of your report and any log files for a period of 6 years after the date of certification.

For other services we will retain details other than those that are statutory requirements for a period of 12 months.

Where your data is stored

Email

We use Google GSuite to handle our email and contacts: Google Compliance Statements

We keep a close watch on our compliance requirements and will move or remove your information where a supplier does not meet the compliance requirements of the UK/EU if you are a UK or EU citizen. Where we use serveis based in the US we ensure that they are registered with Privacy-Seal.

When you become a customer your business information is stored in our accounts package, this a UK company and stored on UK servers, in ISO27001 accredited data centres.

Service Related information

Each customer record held by us for Cyber Essentials Basic/Plus is encrypted with AES, and the key held in a encrypted password manager. The files are backed up to multiple separate storage mediums.

Disclosing your information

We only allow access to your contact details when required by law, we do not and will never sell your details.

We do not allow services such as Facebook, Twitter, LinkedIn, Snapchat and other social media platforms access to our contacts database and suggest you do likewise.

We may contact you using LinkedIn, Twitter or Facebook (if you are  already a member), no personal or technically damaging information will be passed via these channels.

Our email host (Google) has access to your details in order to provide its email and contacts and calendar service to us, we do not use third party add on’s that may use or have access to your data. All future add-on’s are/will be check that they comply with UK/EU privacy law.

We are evaluating CRM systems that comply with GDPR and the DPA and will add details when we have found a compliant one!

Keeping your data secure

We use TLS connections and 2FA (two factor authentication) to access our email accounts on secured devices. All backups are secured using AES 256, all keys are stored using AES 256.

Information we hold is access controlled, backed up, encrypted and stored in the UK.

Transparency

If our systems are ever compromised, we promise to inform users immediately after an incident, and will self-report to the Information Commissioners office. An incident would include any breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, your identifiable personal or corporate data.

We will notify affected users first, and then publish details of the breach on this site.

We do not use third party advertising companies to provide advertisements or allow third party advertisers to track your browsing

 

Compliance

Aggress Ltd, as a Cyber Security take security seriously, to that end we have been externally audited to Cyber Essentials Plus and IASME Governance Gold standard. We are currently working towards ISO 9001:2015 and ISO 27001:2013.

IASME Governance Gold Standard

The IASME Standard
This information assurance audit is repeated annually, and covers many aspects of ISO 27001.

Cyber Essentials Plus

The same service we offer to our clients was conducted by an external auditor Terabyte IT, this is repeated annually.

Insurance

The following aspects are insured

  • Public and Products Liability
  • Professional Indemnity
  • Employee Liability

Aggress Ltd will only collect personally identifiable data, such as your name, address, telephone number, or e-mail address, when it is voluntarily submitted to us at this website. This information will be collected through an online form or when you contact  Aggress Ltd regarding any other matter.

Change of Privacy Policy
If we are going to use your personally identifiable information in a manner different from that stated at the time of collection through this Web site, we will notify you via email. You will have a choice as to whether or not we use your information in this different manner. In addition, if we make any material changes in our privacy practices that do not affect user information already collected through our site, we will post a prominent notice on our web site notifying users of the change.

Access to Your Information
If you would like us to delete any information we have about you, we shall unless its part of a condition of using one of our services. You may request to have your information deleted once the agreement of the service is deemed nullified.

We will respond to your request to access, update or delete your information within 30 business days. Before we are able to provide you with any information, correct any inaccuracies or delete any information, however, we may ask you to verify your identity.

In the event of a merger all data will be transferred to the new entity.

In the event of  Aggress Ltd ceasing operations entirely all personal data will be destroyed within 14 days.

Children
We do not intentionally collect information from persons under the age of 16.

Third Party Links and Advertisement

As a convenience to our visitors,  Aggress Ltd sites currently contain links to past or current clients and sources of information which we believe at the time of linking will be of benefit to our visitors. The privacy policies and procedures described here do not apply to those sites. We suggest contacting those sites directly for information on their data collection and distribution policies.