The Chain Limited - Data Processing Notice
This notice sets out how The Chain Limited ("TCL") process
data on individuals, clients and service providers that TCL interacts with.
TCL is a provider of information security services, incorporated and based in Guernsey, company no. 52604.
Data we hold
We process data in order to provide information security assurance and advisory services. The types of data we collect and process
- Contact details (names, addresses, phone numbers, email address)
- Information provided in the course of provision of information security services (for example: technical details of IT systems, relationships with service providers, risks and controls, vulnerabilities, details of security incidents, user credentials and access codes)
- Information provided in the course of digital forensics investigations (for example: details of alleged incidents, forensic images of hard drives and other digital media, credentials and access codes)
- Information that we gather from public and open-sources including name, employer, date of birth, special interests, and contact details
- Meetings attended and calls made
- CCTV footage of our premises
- Any other information you provide to us
Purposes of processing
To enter into client relationships and provide information security
- The legitimate interest of The Chain Limited as a provider of information security services to process personal data for the purpose of providing those services
- In order to support legal proceedings
- To fulfil a contract we have entered into to provide information security services
To ensure the security of TCL premises, systems and staff
The legitimate interests of TCL in preventing and detecting unauthorised access to its premises, systems and data
To provide evidence in support of audits and other reviews
The legitimate interests of TCL in providing information security assurance and advisory services, to ensure it meets legal, regulatory and ethical
Sources and recipients of data
Sources include clients, service providers, or open-source material. Potential recipients include:
- providers of legal services, courts, tribunals where disclosure is necessary to fulfil the purposes set out above
- law enforcement agencies where disclosure is necessary to meet legal obligations
All data is held within the EU, UK or Channel Islands.
Rights of data subjects
Data subjects for whom TCL holds data may have rights in respect of their personal data. To exercise those rights, including withdrawal
of consent, right of access, or to update, correct or erase data, data subjects should send requests to firstname.lastname@example.org.
Retention and destruction of data
TCL only retains data for as long as necessary to fulfil the purpose for which it was collected. Primary retention controls include:
Destruction is subject to the exception where data cannot be removed for legal, regulatory or technical reasons.
- redaction of unnecessary sensitive data from larger data sets at the point of capture
- archival of completed engagements
- secure destruction all data relating to a client engagement seven years from the completion of the engagement
Changes to this privacy notice
This notice will be updated from time to time and published on our website at https://chainci.com/privacy. This notice was last updated on 18th May 2021.