Privacy Policy

We respect your privacy

   

Fox-IT as part of NCC Group (hereinafter: ‘Fox-IT’) is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.fox-it.com (“Website”), you accept and consent to the practices described in this policy. If you don’t accept the terms of this policy, please refrain from using the Website.

Your personal data is controlled by Fox-IT Holding B.V., a company registered in The Netherlands (Chamber of Commerce number: 27301623) whose registered office is at Olof Palmestraat 6, 2616 LM Delft, The Netherlands. Our local Data Privacy Manager can be contacted using the following email address: privacy@fox-it.com or alternatively by writing to the address above and marking it for the attention of the Data Privacy Manager.

Unless prohibited by national law or other applicable regulatory requirements (e.g. ABDO 2017 or other relevant (contractual) restrictions) we may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

Our ultimate holding company is NCC Group plc, a company registered in England and Wales (registered number 04627044) whose registered office is at XYZ Building, 2 Hardman Boulevard, Spinningfields, Manchester, M3 3AQ. Our Group Data Privacy Officer can be contacted using the following email address: dataprotection@nccgroup.trust, or alternatively by writing to the address above and marking it for the attention of the Group Data Privacy Officer.

For information on how the Website uses cookies, please visit our Cookie Policy.

 

Information we may collect and hold about you

We may collect and process the following personal data about you:

  • Information you’ve provided to us, such as your name, email address, postal address and contact details. You may give us information about you by filling in forms on the Website or by corresponding with us by phone, email or otherwise.

This includes information you provide when you:

  • ask us to contact you in relation to services we provide;
  • request downloads of documentation or software and related support;
  • subscribe to our mailing lists, newsletters or bulletins;
  • book a seminar or event run by us;
  • order products or services from us;
  • interact with us on social media platforms (such as Facebook or Twitter); or
  • report a problem with our Website.

We may also collect information when you visit the Website, including but not limited to your IP address, location, time of access, the browser you use, your operating system and the pages you visit.

We capture CCTV images of visitors to our offices for the purposes of security, including crime prevention and detection, and the apprehension and prosecution of offenders.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you.

 

How long do we retain your information

If we are providing services to you, we will retain your personal information for the duration of the services and for six years thereafter, unless otherwise agreed.

When you visit our Website, you will be asked whether you consent to the use of Cookies. If you consent, we will retain the information collected about you in accordance with the retention periods outlined in our Cookie Policy.

Unless otherwise set out in this privacy policy, any other information we process about you will be retained by us until we no longer need it for the purposes for which it was collected, as set out in this privacy policy and/or the relevant fair processing notice. We will base that decision on a number of criteria, including whether we are required by law to keep the information for a certain period of time, whether you have withdrawn consent to the processing, whether a contract has been performed and the likelihood of us needing to retain the information in the event of a claim arising, whether the data is still up to date, and whether there are exceptions set out in the applicable data protection legislation that allow us to retain the personal data for a longer period or indefinitely.

We will review and delete or destroy personal data on a regular basis. If we are unable, using reasonable endeavours, to delete or destroy personal data we will ensure that the personal data is encrypted or protected by security measures so that it is not readily available or accessible by us.

 

How we may use your information

In addition to using your information to fulfil our contract to provide you with requested products or services, we may also use your information in the following ways (provided that, where we are required to obtain your consent to use your information, you have provided such consent):

  • to monitor and improve our products, services and the Website;
  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about or that we feel may be of interest to you;
  • to notify you about changes to our services;
  • to administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to enable us to comply with any legal or regulatory requirements.

 

The basis on which we collect your information

We collect much of your information on the grounds of: (i) legitimate interests (for example, to send you direct marketing about products and services similar to those you have purchased from us or negotiated or enquired about, or to help us administer the Website); and (ii) fulfilment of a contract with you (for example, to provide you with products or services you have purchased from us).

If we require your personal data for fulfilment of a contract with you (for example, to provide services or products to you or to receive payment from you), we may be unable to fulfil the contract without your personal data.

Where we rely on legitimate interests, our legitimate interests are the promotion of the products and services offered by NCC Group and the provision of information in respect of products and services you have already purchased from us or in which you have expressed an interest in purchasing.

If we are unable to rely on legitimate interests, fulfilment of a contract or any other ground set out in the General Data Protection Regulation 2016/679 (“GDPR”) to process your personal data, we will obtain consent from you to the processing. This will be the case if, for example, you download documentation from us and we would like to send you marketing communications about our products and services. If you give us your consent, you can withdraw it at any time by clicking on the link in the email we send to you, or by emailing marketing@fox-it.com. Withdrawal of your consent won’t affect any processing we have carried out in respect of your personal data prior to you withdrawing consent.

 

Sharing your information

Unless prohibited by national law or other applicable regulatory requirements (e.g. ABDO or other relevant (contractual) restrictions) we may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may disclose your personal information to third parties unless prohibited by national law or other applicable regulatory requirements (e.g. ABDO or other relevant (contractual) restrictions):

  • if the third party contracts with us to provide certain of the services you have requested and requires your personal information in order to do so;
  • if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if NCC Group, Fox-IT or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or to protect the rights, property, or safety of Fox,-IT or NCC Group, our customers, or others.

 

Where we store your personal data

We may at some point decide that the data we collect from you while using this Website is transferred to, and stored at, a destination outside the European Economic Area (“EEA”) and transferred from such destination to another destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. The aforementioned will not be applicable if prohibited by national law or other applicable regulatory requirements (e.g. ABDO 2017 or other relevant (contractual) restrictions). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. The destinations to which your personal data will be transferred will either offer adequate protection for your personal data, as determined by the European Commission, or we will make sure there are appropriate safeguards in place. We will also ensure adequate safeguards are in place when transferring personal data outside of countries located outside the EEA, where additional measures are required by national law. If you would like to know more about the basis on which we transfer your data outside the EEA where a finding of adequacy hasn’t been made, please contact privacy@fox-it.com.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

 

Your privacy rights

Last Update: October 22nd 2019

Access to your data
You have the right to ask us to confirm that we process your personal data, as well as to have access to and receive copies of your personal data. We will provide this information free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge you if you request more than one copy of the same information.

We will provide the information you request as soon as possible and in any event within one month of receiving your request. In order to make sure we provide this information to the right person, we may ask you to identify. If we need more information to comply with your request, we’ll let you know.

Rectification of your data
If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it, unless we don’t feel it’s appropriate for us to do so, in which case we’ll let you know why. We’ll also let you know in time if we need more time to comply with your request.

Right to be forgotten
In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:

  • where we no longer need your personal data for the purpose for which we collected it;
  • where we have collected your personal data on the grounds of consent and you withdraw that consent;
  • where you object to the processing and we don’t have any overriding legitimate interests to continue processing the data;
  • where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR); and
  • where the personal data has to be deleted to comply with a legal obligation.

There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.

Right to restrict processing
In some circumstances, you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:

  • if you believe the personal data we hold isn’t accurate – we’ll cease processing it until we can verify its accuracy;
  • if you have objected to us processing the data (see below) – we’ll cease processing it until we have determined whether our legitimate interests override your objection;
  • if the processing is unlawful; or
  • if we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.

Data portability
Where Fox-IT acts as a Data Controller, you have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another Data Controller.

This right only applies:

  • to personal data you provide to us;
  • where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and
  • where we carry out the processing by automated means.

We’ll respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we’ll let you know.

Right to object
You are entitled to object to us processing your personal data:

  • if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
  • for direct marketing purposes (including profiling); and/or
  • for the purposes of scientific or historical research and statistics.

In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defense of legal claims.

If you would like to exercise any of your rights in respect of your personal data, please contact us at privacy@fox-it.com.

 

Changes to our privacy statements

Last update: October 10th 2019

Any changes we may make to our privacy statements in the future will be posted on the pages of our website and, where appropriate, notified to you by e-mail. Please check the relevant statements regularly to remain updated with any changes to our privacy statements.

Links
The Fox-IT website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy & cookie policies and that we do not have any influence regarding their policies. We therefore cannot accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

 

Contact with the Privacy Department

Last update: October 10th 2019

Questions, comments and requests regarding these privacy statements are welcomed and can be addressed to privacy@fox-it.com or write to us at Fox-IT, Data Privacy Manager, Olof Palmestraat 6, P.O. Box 638, 2600 AP Delft, The Netherlands.

If you feel your concerns or questions are not handled adequately you might consider to contact the ‘Autoriteit Persoonsgegevens’ (AP), the Dutch supervisory authority: https://autoriteitpersoonsgegevens.nl