Privacy Notice

We are committed to safeguarding the privacy of your personal data. This document explains what type of personal data we collect, how we collect it and how we use it.

Our contact details
Bleam Cyber Security Limited
58 Malinda Street
Sheffield
S3 7EF
Tel: 0114 276 0632
Email:
info@bleam.co.uk


What information do we collect, how do we collect it and why?

When you visit our website

When you visit our website, we collect information about how you interact with it and details of your device. This includes some Personal Information such as IP Addresses. We may also collect any information that you submit to us via our website e.g. when you fill in a contact form or interact with us via live chat. We collect this information to help improve our website, gather usage statistics, implement and enforce security measures and also to enable us to contact you regarding contact form submissions.

When you place an order or make an enquiry

If you place an order for a product or service or make an enquiry, we will collect Personal Information from you. This may include information such as Names, addresses, IP addresses, email addresses, phone numbers, bank details and other types of personal information. You can place an order or make an enquiry via phone, email or on our website.

When using our Security Services

When using our security services we may collect information both manually and automatically from your computers or devices. This can include proprietary, confidential and/or personal information, customer information, special categories of data or even criminal records, including without limitation names, email addresses, emails and their contents, telephone numbers and other contact details; account usernames; IP addresses; usage information; lists of all software, files, paths and applications installed on the device, details of changes or attempted changes to executable files, pathnames and scripts, logs of websites visited; infection logs; and files suspected of being infected with malware.

We collect this information to enable us to effectively deliver our services and protect you from cyberattacks. We only collect information when it is necessary in relation to the performance of our contract to you. This is primarily to ensure the confidentiality, integrity and availability of your business or personal IT services, systems, data and any other elements in scope of our contract.

For example, if you are a Bleam Endpoint customer and experience a cyberattack that originated in a document which contained confidential information, the content of that document may be revealed to Bleam Cyber Security Limited and/or its partners when performing incident response and root cause analysis.

Account Management

When you signup and place an order, we collect personal information from you to enable us to provide the services, manage your account and billing. This includes, without limitation names, email addresses, addresses, mobile phone numbers, IP addresses, account usernames and bank details. In order to effectively deliver our security service, we may need to collect all of this information from all directors, managers and other employees.

Marketing and Research

We, our suppliers, or partners, may contact you to provide you with information about products and services, special offers or promotions.  This could be via phone, email or post. We may use your information that we have obtained via signup or from a trusted third party, the information processed will includes names, addresses, telephone numbers and email addresses.

Emails sent for marketing purposes may contain tracking technologies to detect how you interact with the email, i.e have you opened it, have you clicked any links etc.

You have the right to request that processing stops for specific or all marketing purposes.

Legal Obligations

We may process and share your personal information in order to meet our legal or regulatory obligations.

Basis For Processing

The lawful basis for processing will  depend on the personal information concerned and the specific context for which it was collected.

Processing under a contract

We may process personal data in order to fulfil our contractual obligations with you or your organisation. We may also process personal data in the lead up to entering a contract, e.g. providing a quote.

Legitimate Interests

We may also process your data for the purposes of legitimate interests pursued by either Bleam Cyber Security Limited or a third party. Our legitimate interests include:

  1. The processing of data to protect the confidentiality, integrity and availability of computer systems and networks and any data contained within.
  2. For commercial interests of Bleam Cyber Security Limited when performing direct marketing.
  3. Other commercial reasons e.g. provision of a contract or service, to process financial transactions and invoices including refunds or charges and to combat identity fraud.
  4. To ensure compliance with applicable regulatory and legal requirements such as tax.

 

Who do we share information with?

We share your information with our partners, sub-contractors and third party service providers, who are critical to ensuring we can deliver unrivalled managed cyber security services. We may also share your information with our partners for marketing and analytical purposes.

We may also share your information with legal bodies if there is an obligation to  do so.

 

International Transfers

As we operate globally, we and our service providers operate our products and services from all over the world. When you provide us with personal information, that data may be used, processed or stored anywhere in the world, including in countries outside of the European Economic Area.

We have taken appropriate safeguards to require that your data remains protected in accordance with the UK Data Protection Act 2018. These include:

  1. EU-US Privacy Shield. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
  2. Standard Contractual Clauses with our suppliers and partners where the EU-US Privacy Shield does not apply.
  3. EU Commission Adequacy Decisions.
  4. Exceptions as set out in the UK Data Protection Act 2018.

 

Data retention

Data we collect will be retained for as long as necessary to fulfil the purposes for which it was collected. We will retain and use your personal information as necessary to ensure compliance with legal obligations, to meet our business requirements, resolve disputes, protect assets and enforce our service agreements.

When data is no longer required, we will securely delete it. In some scenarios this may not be possible where your data is stored in secure backup archives, in this scenario we will securely store the data and ensure it isolated from further processing, until deletion is possible.

 

Your Rights

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  1. Right of access – you have the right to request a copy of the information that we hold about you.
  2. Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  3. Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  4. Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  5. Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  6. Right to object – you have the right to object to certain types of processing such as direct marketing.
  7. Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  8. Right to judicial review: in the event that Bleam Cyber Security Limited refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain to the appropriate supervisory authority.

Automated Decision Making

Some of your personal information may be subject to automated decision making. For example, some of our security services may automatically block IP addresses, domain names or email addresses if they are deemed to be malicious.