In this privacy notice, references to "our", "us" and "we" are to The Cyber Risk Team Limited registered office is at More Place, 1 Fore Street, London, EC2Y 5EJ and we are a company registered in England and Wales under company number 11013980.
This privacy notice describes how and why we obtain, store and process information which can identify you directly or indirectly, such as your name, contact details and location information. This privacy notice applies where we're acting as a data controller for personal data. References to the processing of information includes the collection, use, storage and protection of personal data. For your security, all personal data collected by us will only be processed in accordance with this privacy notice.
We amend this privacy notice from time to time, so please review regularly for the most up to date version.
How we protect information
We'll make sure that we treat any information we receive from you as private and confidential.
We're committed to ensuring that the information we process is secure. In order to prevent unauthorised access, use or disclosure, we've put in place suitable physical, electronic and managerial procedures to protect it. Anyone processing personal data in our team or on our behalf must do so in accordance with this privacy notice and on the basis that we're satisfied that they can and will adhere to our high standards for data protection and security.
Information entered on our website and email data processed by our mail servers is encrypted in transit using HTTPS over Transport Layer Security (TLS). Please note however that transmission of data over the internet is inherently insecure, so we can't guarantee the security of information sent over the internet.
If we provide you with a password to access our website, it's your responsibility to keep it confidential. We won't ask you for your password, other than if and when you need it to log in to our website.
Information we collect and how we use it
Generally, information we may collect from you and process falls into two categories:
Legitimate interests – the processing is necessary for our or a third party's legitimate interests unless overridden by good reason to protect the individual's personal data
Contract – the processing is necessary for a contract (insurance policy or employment) between us, or because we are taking specific steps towards entering into a contract
Within the boundaries of those two categories, we collect information from you when you visit our website, when you enter information on it, and when you call, email or write to us. In particular:
We may process information about your use of our website ("Website Data"). Website Data may include your IP address, browser type and version, location data, source of referral, length of visit, pages you view, search queries you make and general use of our website. We may process Website Data to analyse access to and use of our website. We do this for the purpose of monitoring and improving our website and services. We may also use Website Data to engage with our website visitors, to market our services to them and to provide them with information by email or otherwise which may result in them subscribing to our services.
Where you provide an email address or phone number to us, including where you enter it in to our website, in doing so you are providing your express consent to receiving communications from us about our services.
We may process information you provide to us and other publically available information about you and your business ("Account Data"). This may include personal data such as your name and contact details. Account Data may be processed for the purpose of assessing your insurance requirements, calculating your insurance premiums and policy conditions, obtaining and providing you with quotes for insurance, arranging and managing your insurance policies, including claims, mid-term alterations, renewals and cancellations. We may also use Account Data to help us improve, market and cross-sell our services, and to monitor our compliance with regulatory requirements.
Account Data may be collected electronically, in writing, over the phone or in person. Please note that we may sometimes record phone calls for the purpose of collecting Account Data, and for training and monitoring our team.
We don't store payment card information on our systems so please don't send it to us.
We're entitled to process personal data where necessary to comply with any legal obligations which we're subject to; to establish or defend any legal claims so as to protect our or your legal rights, or the legal rights of other interested parties; or to obtain or maintain our own insurance cover, obtain professional advice or otherwise manage business risks.
Information we share
We may share Account Data with other businesses in the insurance industry, such as underwriters and other intermediaries and business service providers, including external consultants who assist with the calculation of premiums and assessment of claims.
We may share Account Data with our own insurers and professional advisors where necessary to obtain insurance or professional advice; establish or defend legal claims; comply with any legal obligations; protect your interests as best we can, and otherwise manage business risks.
Payments to us may be processed by our payment service providers from time to time, which include Stripe (for credit and debit card payments), GoCardless (for direct debits) and Premium Credit (for insurance premium financing) ("PSPs"). We may share information with our PSPs to the extent necessary for the purposes of processing payments and refunds, and sending communications related to those payments and refunds. In the case of Premium Credit, we may also provide them with your personal data when introducing you to them. You should separately review the privacy policies and terms of our PSPs which are separate to this privacy notice and should be available on their respective websites.
We use third parties to store personal data, which include Salesforce, Mailchimp, Trustpilot, Google, AWS, IBM and other online services ("Third Party Data Processors"). We enter into separate agreements with Third Party Data Processors, which state that neither us nor they will use personal data for any purpose other than as stated in our respective privacy policies. However, we can't control the data protection policies of Third Party Data Processors.
International transfers of data outside the European Economic Area
The data storage facilities of some of our Third Party Data Processors are located in the USA. Based on a decision of the European Commission on the adequacy of the USA for the purpose of storing personal data, they will be protected by appropriate safeguards, namely the use of standard data protection clauses approved by the European Commission, a copy of which can be found on the Third Party Data Processors' respective websites.
You acknowledge that any information you submit for publication through our service or website may be available globally on the internet, and that we can't control use of such information beyond our reasonable control.
Retention of personal data
Personal data that we process for any purpose won't be kept for longer than is necessary for that purpose. Subject to any overriding legal requirements, we'll store and retain your personal data as follows:
Website Data will be deleted when a visitor to our website has not visited our website for a minimum period of 6-months and a maximum period of 12-months; and
2. Account Data will be retained for a minimum period of 7-years and a maximum period as necessary for any relevant competent authority to monitor our compliance with the requirements under the regulations applicable to our business.
Your legal rights
Subject to any overriding legal requirement for the retention of your personal data, as the data subject you're entitled to:
modify or withdraw consent to send you marketing communications;
request access to, deletion of or correction of your personal data;
request personal data to be transferred to another person or company; and
·make a complaint to a supervisory authority.
You can modify or withdraw consent to send you marketing communications at any time. An email should be sent to
Please note that we reserve the right to charge a reasonable fee to cover the administrative cost of providing the information or refuse to respond if your request is manifestly unfounded or excessive.
Links to third party websites
Our website may contain links to other websites. However, once you've used these links to leave our website, you should note that we don't have any control over that other website. Therefore, we can't be responsible for the protection and privacy of any information you provide whilst visiting third party websites and those other websites aren't governed by this privacy notice.
Cookies are small data files which are stored on your computer or mobile device when you visit a website. Cookies are widely used by online service providers to facilitate and help make the interaction between websites and their visitors faster and easier, as well as to provide reporting information.
Essential website cookies: These cookies are necessary to provide you with services available through our website and to use some of its features, such as access to secure areas.
Performance and functionality cookies: These cookies are used to enhance the performance and functionality of our website but are non-essential to its use. However, without these cookies, certain functionality may become unavailable.
Analytics and customisation cookies: These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customise our website for you.
Advertising cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting ads that are based on your interests.
Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on our website through third party social networking and other websites. These cookies may also be used for advertising purposes too.
You can adjust the settings on your computer to reject cookies if you wish. This is usually managed within the "settings" section of your browser.
For more information please read the advice available at aboutcookies.org