Privacy Policy

Data Privacy Policy Notice

Applicability

This notice sets out how Black Arrow Cyber Consulting Limited (‘Black Arrow’) will process your personal information as a Data Controller.

Black Arrow Cyber Consulting Limited is registered under the Data Protection (Bailiwick of Guernsey) Law, 2017 and may retain your personal data collected from you in electronic, paper or by other information processing systems.

Introduction

Black Arrow is obligated and/or permitted by law to retain copies of certain personal data in respect of its relationship with you and/or in order to provide services.

Your personal information may be disclosed to companies within the same group as Black Arrow, in order to facilitate the provision of services. When processing your personal data there will be times where Black Arrow acts in the capacity of a Data Controller as defined under applicable Data Protection Law.

Please note that the following terms set out below will apply to the way in which Black Arrow processes your personal data when acting as a Data Controller.

Purposes of Processing and Legal Basis for Processing

Black Arrow may process your personal data for the following purposes, legitimate interests, and as necessary to:

  • comply with legal obligations to you and/or for internal administration;

  • provide services to you;

  • monitor and record calls and electronic communications, as well as the use of video surveillance in limited areas of Black Arrow premises, for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution, and to enforce or defend Black Arrow and its affiliates' rights, itself or through third parties to whom it delegates such responsibilities or rights in order to comply with legal obligations;

  • monitor and record calls for quality, business analysis, training and related purposes in order to pursue the legitimate interests of Black Arrow to improve its service delivery.

Information That We Collect Through Our Website

You are not required to provide any personal information on the public areas of the Black Arrow website; however, you may choose to send your personal information by completing any of the forms on which are included in the following pages:

In addition to the information you knowingly provide, Black Arrow collects the IP addresses of its visitors, along with usage statistics, and analytics. You may also provide personal information if you contact Black Arrow by email, telephone or letter.

Black Arrow partners with Microsoft and Google for analytics to capture how you use and interact with the Black Arrow website through behavioural metrics, heatmaps, and session replay to improve and market products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, Black Arrow uses this information for site optimisation, fraud/security purposes, and advertising. For more information about how Microsoft and Google collects and uses your data, visit the Microsoft Privacy Statement, and the Google Safeguarding Statement and Google Privacy and Terms.

Recipients of Data and International Transfer of Data

Black Arrow may disclose your personal information as follows:

  • to third-party vendors in order to process the data for the above-mentioned purposes, such as IT providers, technical service providers or strategic partners as part of the contractually agreed services being provided;

  • to competent authorities, courts and bodies as required by law or requested or to affiliates for internal investigations and reporting.

The disclosure of personal information to the third parties set out above may involve the transfer of data to the United States of America and other jurisdictions. Such countries may not have the same data protection laws as your jurisdiction.

Black Arrow will not transfer personal data to parties located outside the Channel Islands, UK and EEA until, if required by applicable Data Protection Law, that party has entered into an agreement with Black Arrow that includes the standard contractual clauses (known as model contract clauses) that are recognised by the European Commission as offering adequate safeguards in relation to data protection.

Your personal data is only processed in accordance with applicable Data Protection Laws and in order to maintain an appropriate level of protection over that personal data. Please contact the Black Arrow Data Protection Officer for further details.

Retention of Personal Information and Security

Your personal information will be retained for as long as required:

  • for the purposes for which the personal information was collected;

  • to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or

  • as required by data protection laws and any other applicable laws or regulatory requirements.

Black Arrow ensures that the personal information held is subject to appropriate security measures.

Data Subject Rights

You have the following rights, in certain circumstances, in relation to your personal data:

·       right to access your personal data;

·       right to rectify your personal data;

·       right to restrict the use of your personal data; 

·       right to data portability of your personal data; 

·       right to request that your personal data is erased; and

·       right to object to processing of your personal data.

Where you have provided your consent to processing, you may withdraw your consent at any time by contacting Black Arrow by writing to our Data Protection Officer via dpo@blackarrowcyber.com stating that you withdraw your consent.

Where Black Arrow requires your personal data to comply with legal requirements, failure to provide this information means Black Arrow may not be able to provide services.

You have the right to raise a concern with the Office of the Data Protection Authority (ODPA) in Guernsey where Black Arrow is registered. The ODPA can be contacted at Block A, Lefebvre Court, Lefebvre Street, St Peter Port, Guernsey, GY1 2JP or at info@odpa.gg.

Direct Marketing

Black Arrow may ask whether you wish to receive marketing materials that it publishes, and this will be presented to you as an option when engaging with Black Arrow. Black Arrow may also contact you by email or other means to inform you about other services or events which may be of interest to you. You have the right at any time to stop Black Arrow from contacting you for marketing purposes. If you wish to do so, please either unsubscribe or contact dpo@blackarrowcyber.com

Data Protection Officer Contact Details

If you have any questions about Black Arrow’s use of your personal data, please contact the Data Protection Officer using the following contact details:

Email: dpo@blackarrowcyber.com

Telephone: +44 1481 711 988

Postal Address: Black Arrow Cyber Consulting Limited, 31-33 Le Pollet, St Peter Port, Guernsey, GY1 1WQ.

Changes to This Policy

Black Arrow may change this policy from time to time by updating this page. You should check this page from time to time to ensure you are happy with any changes. This page was last updated on 08 July 2024.