Email Twitter LinkedIn Google Plus Hamburger
Incident Response
Get in touch

Customer Privacy Policy

Commissum Associates Ltd. is committed to protecting your personal data and respecting your privacy. This privacy policy sets out the basis on which any personal data that Commissum collects from or about you when you interact with us will be processed by us. It also explains how we will store and handle that data and keep it safe. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

1.  Who Are We?

Commissum Associates Ltd. is a leading provider of information security services, which includes our affiliated companies operating under the Commissum brand.

This Privacy Policy is issued on behalf of Commissum so when we mention “Commissum”, “we”, “us” or “our” in this Privacy Policy, we are referring only to Commissum and our affiliated companies operating under the Commissum brand. It is Commissum that is the data controller in respect of any personal data we collect about you in the UK, and is responsible for the Commissum website (https://commissum.com) (the ‘Website’) and any registration on the Website.

2.  Contacting Us

If you have any queries, comments or requests regarding this Privacy Policy or you would like to exercise any of your rights, you can contact us in the following ways:

It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, using the contact details above.

3.  What is Personal Data?

Personal data means any information about an individual from which that person can be identified, whether directly (e.g., personally identifiable information such as your name) or indirectly (e.g., online identifiers such as IP address or cookies). It does not include data where the identifying element has been removed (anonymous data).

4.  What Personal Data Do We Collect?

We collect personal data for the following purposes.

4.1 Marketing

  • What personal data do we process?
    • We collect your name, organisation name & address, business email, phone numbers, LinkedIn handle, and job title
    • We may obtain this information directly from you as part of interactions with our Website, at events, or as a result of you contacting us, or we may obtain this information from public sources such as LinkedIn
  • Why do we do this? 
    • We use this information to provide you with relevant information pertaining to services that we believe are of interest to you, in relation to your company
  • What is the lawful basis for this processing?
    • This processing is under our legitimate interest to enable us to provide services that are of benefit to your company
    • We have undertaken a legitimate interests assessment in relation to this processing, please get in touch with us via the details in the ‘Contacting Us’ section if you would like a copy of this assessment
  • How long do we keep this data?
    • We retain this data until you inform us that you do not wish to receive any further marketing communications, you unsubscribe from our system, or we receive a bounce back from your email address
  • Who has access to this data?
    • Authorised staff at Commissum
    • We may be required to share data with our professional advisors such as lawyers and accountants for legal or business administration purposes

4.2 Website Interaction

  • What personal data do we process?
    • Apart from queries submitted to us via our contact form (for which see the Marketing section above) we set cookies on our Website that collect various information – please see our Cookie Policy for full details
  • Why do we do this?
    • To allow for the operation of our Website and provide a better experience for you as a user of our website
  • What is the lawful basis for this processing?
    • This processing is under our legitimate interest to enable us to operate our Website
    • We have undertaken a legitimate interests assessment in relation to this processing, please get in touch with us via the details in the ‘Contacting Us’ section if you would like a copy of this assessment
  • How long do we keep this data?
  • Who has access to this data?
    • Only authorised staff at Commissum have access to this data
    • We may be required to share data with our professional advisors such as lawyers and accountants for legal or business administration purposes

4.3 Negotiation for or Delivery of Products and Services

  • What personal data do we process?
    • We collect your name, organisation name & address, business email, phone numbers, and job title
  • Why do we do this?
    • We require this data in order to enter into negotiations with you for our products or services, or to deliver these products or services to you
  •  What is the lawful basis for this processing
    • Contractual obligation
  • How long do we keep this data?
    • We retain this data for 10 years after we cease having a commercial relationship with your organisation
  • Who has access to this data?
    • Authorised staff at Commissum
    • Our Associates, vendors or sub-contractors that we use in the delivery of products or services to you, only when required, and only where there is a contractual relationship and appropriate data protection and security measures in place
    • We may be required to share data with our professional advisors such as lawyers and accountants for legal or business administration purposes

5. Special Categories of Personal Data

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions or offences.

6.  If You Fail to Provide Personal data

Where we need to collect personal data by law, or under the terms of a contract that we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have, or are trying to enter into with you, for example, to provide you with services. In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

7.  Sharing Your Personal Data

We do not share your personal data with third parties, apart from professional advisors such as our lawyers and accountants, where we are legally required to do. We may store your data in third party services so that we may provide our services to you, for example:

  • Cloud storage providers
  • Outsourced email service providers

When we make use of third parties we only provide the information they need to perform the service. They may only use your data for the exact purpose we specify to them and we work closely to ensure your privacy is secure and respected.

8.  International Transfers of Your Personal Data

We are a global business and some of our offices and service providers are located in countries outside of the European Union (EU). As a result, personal data that we collect from you may be transferred to, accessed and/or stored outside the EU in order to provide our services.

If we do this, we have procedures in place to ensure your data receives the necessary protections. Any transfer of your personal data will follow applicable laws and we will treat the information under the principles set out in this Privacy Policy. In addition, any transfer of your personal data to a third country or international organisation will only ever take place on the following conditions

  • Adequate data protection measures are in place for the destination country, as determined by the European Commission
  • European Commission-approved model clauses are in place between us and any joint controller or processor

For further details, please get in touch using the information provided in the ‘Contacting Us’ section.

9.  How Long Will We Keep Your Personal Data?

We will only keep your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out in Section 5 of this Privacy Policy, and thereafter for as long as we need to keep it for legal purposes. 

At the end of that period, your data will either be deleted or anonymised. For example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

10. Security 

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have implemented an Information Security Management System (ISMS) that is certified to ISO 27001. In addition, we are certified to Cyber Essentials Plus.

We have put in place suitable physical, electronic, contractual and managerial control to safeguard and secure the data we collect from and about you in accordance with this Privacy Policy.

11.  Your Rights

11.1 Overview of your Rights

You have the following rights in relation to your personal data:

  • Access - you have the right to obtain a copy of the personal data that we hold on you
  • Rectification - where data that we hold on you is incorrect or incomplete, you have the right for this to be corrected
  • Erasure - in the following circumstances you have the right to the deletion of your data:
    • Where it is no longer necessary for the original purpose
    • Where it is no longer necessary for the original purpose
    • Where you have previously given consent for the processing of your data and wish to withdraw it
    • Where you object to the processing of your data, and we have no overriding legitimate interest to continue this processing
    • You no longer wish your personal data to be used for direct marketing
    • To meet a legal obligation
    • Where personal data is unlawfully processed
    • We have processed the personal data in relation to providing services to a child
  •  Restriction of processing - in the following circumstances you have the right to request us to restrict how we process your data:
    • You dispute the accuracy of the personal data that we hold on you
    • The processing is unlawful and you wish us to restrict processing instead of deleting your data
    • We no longer need to process your data, but the data is required by you in relation to legal claims
    • In relation to you raising an objection to the processing of your data
  • Data portability – you have the right for your data to be transferred to another controller if we process your data by automated means as a result of your freely given consent or as part of a contract with you
  • Object to processing – you may object to processing of your data where we process your data in relation to direct marketing, on the basis of our legitimate interest, where the processing is by automated means, or for scientific, historical or statistical purposes
  • Automated decision-making - you have the right not to be subject to solely automated decisions about you (i.e., performed by a computer without human intervention)
    • We do not conduct any automated decision-making  

In all cases, use the contact details provided in the ‘Contacting Us’ section.

11.2 Further Information on Specific Rights

11.2.1 Direct Marketing

You have the right to opt-out of marketing at any time and you have a choice about how you wish to receive information from us. If you do not wish to receive direct marketing communications then you can you can change your marketing preferences at any time by getting in touch using the details in the ‘Contacting Us’ section.

You can also click on the ‘unsubscribe’ link in all marketing emails to opt-out of receiving future communications from us by email.

11.2.2 Accessing Your Personal Data

You have the right to obtain a copy of all personal data we hold on you.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

To request a copy of the personal data we hold on you, please get in touch using the details in the ‘Contacting Us’ section.

12.  Complaints

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. 

You can contact them by:

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. If in doubt, contact the ICO.

In order for this site to work properly, and in order to evaluate and improve the site, we have placed cookies on your computer.

That's fine!