This policy describes how Pentest People aims to provide you with information about how we are handling or intend to handle personal information.
Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (‘GDPR’)) and the Data Protection Act 2018 (referred to as Data Protection law) oblige us to provide you with information about how and why we use personal data. We recognise our obligations and your legal rights set out in the Data Protection Law.
Pentest People is a Penetration Testing and Cyber Security Services organisation (company number 10661715) with registered office at Round Foundry Media Centre, Foundry Street, Leeds, LS11 5QP. Pentest People is the data controller of all personal data processed by us.
Registration with the Information Commissioner’s Office
For the purpose of the Data Protection Act (2018) Pentest People is registered as a data controller with the Information Commissioners Office.
Personal Data Processed
We collect, store and process personal data for several purposes, mainly client management, client relationship, contract performance, sales opportunities, marketing, service delivery, product development and feedback, finance and invoices.
Xero – Accounting Software
Zoho – CRM Software
Pentest People may use third-party organisations to process personal data under a written contract which incorporate stringent data protection requirements. Pentest People only employ organisations that comply with the provisions of the GDPR. These organisations may be audited to ensure compliance. We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information and these agents may share personal data with Pentest People. A Full list of sub processors is available on request.
Automated Decision-Making and Profiling
Pentest People does not transfer any personal data outside of the EEA.
Pentest People will hold your personal data for the length that it is required to provide you with our services in accordance with our Data Retention Policy. We may be required to retain some of your data after this time, for a set period, for us to meet our legal obligations including resolving any follow-up issues.
You have the following rights concerning your personal data:
Right of access
Right to rectification
Right to erasure (right to be forgotten)
Right to restriction of processing
Right to data portability
Right to withdraw consent
Right to object to direct marketing
Rights in relation to automated decision making and profiling
Your right to lodge a complaint with a supervisory authority
If you wish to exercise any of your rights concerning your personal data, you should contact Pentest People’s Data Protection Lead at the address provied above. If you are not satisfied with the response you receive you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:
Information Commissioner’s Office
(t) 0303 123 1113
(e) [email protected]