Privacy Policy

Privacy at Romano Security Consulting 

Romano Security Consulting is responsible for the data we collect and process for our own purposes.  We’re committed to maintaining the security and privacy of the personal data we process, whether through our website or through our interactions with clients, prospects or industry partners.

Whether we are supporting our clients or managing our own data, privacy and security are at the heart of our operations.  Whilst we take appropriate measures in our own practices, security and privacy is at the core of our business operations, so it is imperative we operate in accordance and where possible above industry and regulatory requirements.

Key Contacts

Should you wish to contact us in order to find out more about how we process personal data, exercise your rights, make a complaint to us or just discuss some of our practices then please contact us using the following details:

Email: enquiries@romanosecurityconsulting.com

Post: Data Protection Officer, Romano Security Consulting, 18 Higher Lane, Kerridge, SK10 5AR

Telephone:  +44 (0) 7425 580 911

Data Retention

Romano Security Consulting only processes personal data for as long as necessary to meet our legal obligations or where we have a legitimate business reason for keeping it.  We review personal data on a case by case basis and document the period of retention for each.

For further information on how long Personal Data is likely to be kept before being removed from our systems and databases, please contact us via

Email: enquiries@romanosecurityconsulting.com

Post: Data Protection Officer, Romano Security Consulting, 18 Higher Lane, Kerridge, SK10 5AR

Telephone:  +44 (0) 1625 315 021

Data we Process and Why

Consultancy Services

Although our core services do not revolve around collecting and processing personal data, we often process personal data as part of delivering our security services to clients.  This can range from our clients data or our clients, client data.

We do not collect personal data as a matter of course in these interactions, except for pre-contractual material and communications relating to individual pieces of work.  There are instances where our penetration testing services process data but this is covered directly with the client and not collected by us.  This work and subsequent processing of data is all done performed under a contract or with a view of entering into one, which Romano Security Consulting and our clients are subject to.

Data Types – Name, email addresses, address, telephone details, signatures, business contact details.

Website Enquiries

We have a contact page on this website, which allows individuals to ask questions about our services, including exercising your rights under Data Protection Law. The contact page and sending an email into enquiries@romanosecurityconsulting.com is monitored by our internal team, to ensure we identify and handle your request effectively.  

Data Types – Name, email addresses, subject field and free text field (which should not include personal data)

Employee Administration

We process personal data to facilitate contracts of employment and provide our employees with employee benefits that are associated with working at Romano Security Consulting.  Employees are provided with internal privacy information on how their data is processed but if you have previously worked with Romano Security Consulting, you are able to make a request through our contact page.

Data Types – Provided via internal privacy policy to employees.

Prospective Clients

We process basic business contact information of prospective clients and opportunities, which may initially be collected via sales meetings, business cards, verbally, events we may host, speak at or attend.  This includes the prospective client’s business contact information, which includes their personal information and details about each opportunity.  We use a cloud based solution to host this data, which also integrates into our email services and as such prospect emails are also synchronised into our cloud based solution, so that we can keep track of our interactions with you and manage the relationship effectively.  

Data Types – Name, email addresses, address, telephone details, signatures, business contact details, email conversations.

Financial Management, Accounting and Administration

Our financial management and accounting services process basic client contact information in order to fulfil our accounting requirements.  This ranges from invoices, account details, timesheet approvals, statement of works, terms and conditions and bank details.  We use a cloud based solution to process this data and use a separate cloud based document storage solution.  This processing is primarily to enable us to perform our side of the contract with our client and meet our legal obligations for financial reporting.

Data Types – Name, email addresses, address, telephone details, client and supplier bank account details, signatures, business contact details.

Client Satisfaction Surveys

When we have delivered a piece of work to our clients, we like to make sure they have received a great service.  We use the client contact information in order to send a survey asking some basic questions on how we performed when deliver our services.  This is performed under our legitimate interests and purely used to ensure we have delivered to our expectations.  This processing and the responses from clients are not used for spamming you with marketing communications.  We may ask for a reference but that’s about it.

Marketing and Events

We will only send you personalised marketing communications if you have provided us with your consent, except for where we are sending business communications and we believe there is a legitimate business purposes that would be of interest and benefit to the recipient.

We don’t send unsolicited marketing communications.  Our main form of showcasing our services are through industry events.

Industry Events 

This is where Romano Security Consulting are either showcasing our services, whereby we produce information about our services and capabilities.  We may also run competitions but will only communicate with you for the purposes of that competition, so entering a competition doesn’t mean you get bombarded with marketing material.  We may also exchange business cards at events and we will email you to follow up on our interaction with you.  This does not mean we will send you marketing material, but we will enter any information about opportunities into our sales system to ensure we have provided you with the information you require.

Social Media 

Romano Security Consulting make use of social media platforms such as Linkedin, Instagram, Facebook and Twitter.  We as a business sign up to the terms and conditions of the provider and use the platforms to provide insight into the latest cyber security and data privacy activities taking place across the world, to promote Romano Security Consulting’s employees, services and provide you with our latest thought leadership content on different subject matter.

If you do not wish to receive any form of communication from Romano Security Consulting then simply inform us through our contact page or email enquiries@romanosecurityconsulting.com

Use of Third Parties

We use third party system providers to enable us to deliver our services effectively and store our information (including personal data) securely, which allows us to focus on delivering our industry leading security and privacy solutions to our clients. 

Our providers consists of:

Our own Infrastructure 

We use world leaders in cloud based infrastructure services, which means that the provider looks after all of the physical equipment and management of it and Romano Security Consulting do the rest.  This means that there are high levels of physical security on our systems and Romano Security Consulting provide additional layers above that.  

Email, Office Applications and Document Storage 

We use an externally hosted provider for these services who are world renowned experts in providing these services.  The data is all processed in Europe and we are responsible for ensuring its configured securely.  These systems are critical to our company and if you have dealings with us, no doubt your data will be held within these, unless its been deleted, as we no longer required it.

Security of Personal Data

At Romano Security Consulting we take the security of personal data extremely seriously.  We have implemented a mixture of cyber security controls, encryption and an Information Security Management System (ISMS).

We assess security for Confidentiality, Integrity and Availability to ensure that data remains protected, accurate and available for its intended purposes.  Some of the core controls we have implemented as part of these certifications are:

Romano Security Consulting have implemented appropriate specific measures to ensure an adequate level of protection of your Personal Data when processed to countries outside of Europe and countries deemed to have inadequate safeguards.  These measures consist of our processors registering under Privacy Shield, Model Clause Contracts or by way of derogations for specific circumstances.  If you have any questions or would like to obtain copies of safeguards in for a specific set of processing then please contact us.

Your Rights in Relation to your Data

Under Data Protection Law you have a number of Rights that are focussed on placing you in control of how your data is processed.

You can exercise these Rights by emailing us at enquiries@romanosecurityconsulting.com or by writing to Romano Security Consulting, 18 Higher Lane, Kerridge, SK10 5AR. 

We may ask you for identification prior to disclosing any data, as we need to ensure we only disclose information to the person entitled to it.

You have the following Rights in relation to the processing of your personal data;

Right to be Informed – You have the right to be provided information on how your personal data is processed.

Right to Access – You have the right to have access to the personal information we hold about you.

Right to Rectification – This relates to the right to rectify any inaccurate personal information we hold about you.

Right to Erasure – The right to request that we delete your data, or stop processing it or collecting it, in some circumstances

The Right to Object – You have the right to object to the processing of your data, such as requesting us to stop sending you marketing communications.

Right to Data Portability – You can request your personal data to be sent to another service provider.

Right to Lodge a Complaint – You can lodge a complaint with Data Protection Regulator, which for us is the UK Information Commissioner’s Office, using the below details;

Postal Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Email: casework@ico.org.uk

Website: https://ico.org.uk/global/contact-us

Telephone: 0303 123 1113

Ultimately, we want you to be in control of your personal detail so feel free to get in touch and ask any questions.

Changes to your Privacy with us

From time to time, things change and at Romano Security Consulting we are always striving to continually improve our business operations and services we deliver to clients.

Some changes may result in changes to our privacy information and this page, to ensure we are transparent about how we are processing your data at all times.

When any significant changes in the way we protect your privacy are made, we will make this clear on our website or by other means of communication such as email, so that you are able to review the changes and make an informed decision as to whether you want to exercise any of your rights in relation to the processing of your personal data.