Date of last revision: 7 February 2018
We take your privacy very seriously. Please read this privacy statement (‘Policy’) carefully as it contains
important information about how your personal information will be used.
About us.. For the purposes of data protection legislation, the “controller” is Zen
Risk Limited (trading as DynaRisk) incorporated in England and Wales under company number 09052805
and having its registered office address at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ,
i.e. this is the company who is responsible for, and controls the processing of, your personal data
(“we”). If you would like to contact us in relation to this Policy please send an email to email@example.com.
Information we collect from you. When you do business with us or register for our
services we collect certain personal information from you including:
- your contact details (such as your name and email address);
- your age range and gender;
- details of your employment or work sector;
- the types of personal information you keep on your electronic devices;
- the types of activities you carry out online (for example, transactions, socialising and
- other information in relation to your use of electronic devices (for example as part of our
services we may scan your devices for security vulnerabilities and out of date software);
- other personal aspects for us to calculate your online security score.
Information about you from other sources. Where you use our services as a result of
your employer’s corporate subscription, we may receive personal information about you from your
employer, for example your contact details. In providing you with an online security score, and to help
protect you against fraud, we may cross check your personal information against data that is already
available online in the public domain (for example on the internet or the “deep web”). This is to
check whether your details may have been published online as a result of a past data breach.
Purposes and legal bases of processing.
- Necessary processing. We may process your personal information for the
following purposes on the legal basis that it is necessary for us to provide our services to
Accordingly, your failure to provide your personal information in relation to the above
services may hinder or prevent us from providing our services to you.
- (a) to process your registration and identify you;
- (b) to provide our services;
- (c) to carry out billing and administration activities;
- (d) to customise our services to you.
- Security and fraud prevention. We may process your personal information in
order to detect and prevent fraud, and to carry out security vetting, on the legal basis
that we have a legitimate interest to do so.
- Marketing. We may process your personal information in order to let you
know about our products or services that we consider may be of interest to you. We carry out
this processing on the legal basis that we have a legitimate interest in marketing our
services and only to the extent that we are permitted to do so by applicable direct
marketing laws. Please see the section titled “Marketing” below for further information
about our marketing activities and regarding your right to opt out.
- Statistical or research purposes. We may anonymise your personal
information and aggregate it with other information for the purposes of statistical or
research purposes. We may provide such information to third parties after it has been
anonymised so that it cannot be used to identify you.
- Compliance with laws. We may process your personal information in order to
comply with applicable laws (for example if we are required to cooperate with a police
investigation pursuant to a court order).
Who we may provide your personal information to. We may provide your personal
information to the following recipients for the purposes set out in this Policy:
- other companies within our group;
- our employees, consultants, agents and service providers;
- law enforcement agencies in connection with any investigation to help prevent unlawful
Information transfers. While we are based in London, we may transfer your personal
information to a location (for example to a secure server) outside the European Economic Area, where
we consider it necessary or desirable for the purposes set out in this Policy. In such cases, to
safeguard your privacy rights, transfers will be made to recipients to which a European Commission
adequacy decision applies (this is a decision from the Commission confirming that adequate
safeguards are in place for the protection of personal data), or will be carried out under the
standard contractual clauses for controller-to-processor transfers approved by the Commission on 5
February 2010 (Commission Decision C(2010)593), a copy of which is available to view on the
Commission’s website (http://eur-lex.europa.eu/).
Data retention period. We carefully consider the personal data that we store, and
we will not keep your information in a form which identifies you for longer than is necessary for
the purposes set out in this Policy. You also have the rights referred to in clause 9 in relation to
your personal information that we process.
Marketing. We may store your contact details, and carry out marketing profiling
activities, for direct marketing purposes. Where you have given your consent, or where we are
otherwise permitted to do so, we may contact you about our products or services that may be of
interest to you. If you prefer not to receive any direct marketing communications from us, you can
opt out at any time by sending an email to firstname.lastname@example.org.
Your information rights. We draw your attention to your following rights under data
protection law: (i) the right to request a copy of the information that we hold about you and
supplementary details about that information; (ii) the right to have inaccurate personal data that
we process about you rectified, (iii) the right (in certain circumstances) to have personal data
that we process about you blocked, erased or destroyed; (iv) the right to object to the processing
of your personal information in the ways described in clauses 4.2 (Security and fraud prevention),
and 4.3 and 8 (Marketing); and (v) on or after 25 May 2018, the right to request a copy your
personal data that you have provided to us, in a machine-readable format, in order for you to
transmit those data to another organisation. Further information about your information rights is
available on the ICO’s website: https://ico.org.uk/.
How to contact us. We welcome your feedback and questions. If you would like to
contact us in relation to this Policy please send an email to email@example.com.
UK information regulator. If you have a concern about the way we handle your
data you have a right to raise this concern with the UK information regulator, the ICO:
Cookies. Our website (https://www.dynarisk.com/.) uses
cookies. For more information
on which cookies we use and how we use them, please see our Cookies Policy.