In urgent need of assistance from our Incident Response team? Click below to email directly and get support.
Get Support
Set up regular vulnerability scans for Web Apps & Infrastructure with our innovative SecurePortal
Learn More
PTaaS Packages For All Businesses
Distribute, manage and monitor remediation tasks effortlessly with PTaaS, powered by SecurePortal
View PTaaS Options
Need Our Assistance?
We now offer Incident Response Retainers helping you reduce damage from a cyber attack
Read
Pentest People Privacy Policy
This policy describes how Pentest People aims to provide you with information about how we are handling or intend to handle personal information.
Introduction
This policy describes how Pentest People aims to provide you with information about how we are handling or intend to handle personal information.
Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (‘GDPR’)) and the Data Protection Act 2018 (referred to as Data Protection law) oblige us to provide you with information about how and why we use personal data. We recognise our obligations and your legal rights set out in the Data Protection Law.
About Us
Pentest People is a Penetration Testing and Cyber Security Services organisation (company number 10661715) with registered office at Pentest People Ltd, 20 Grosvenor Place, London, United Kingdom, SW1X 7HN Pentest People is the data controller of all personal data processed by us.
Registration with the Information Commissioner’s Office
For the purpose of the Data Protection Act (2018) Pentest People is registered as a data controller with the Information Commissioners Office.
Personal Data Processed
We collect, store and process personal data for several purposes, mainly client management, client relationship, contract performance, sales opportunities, marketing, service delivery, product development and feedback, finance and invoices.
Data Sharing
Pentest People may share data privacy policy with the following organisations and for the lawful reasons shown:
Xero – Accounting Software
Zoho – CRM Software
Sub-contract Processing
Pentest People may use third-party organisations to process personal data under a written contract which incorporate stringent data protection requirements. Pentest People only employ organisations that comply with the provisions of the GDPR. These organisations may be audited to ensure compliance. We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information and these agents may share personal data with Pentest People. A Full list of sub processors is available on request.
Automated Decision-Making and Profiling
Pentest People does not undertake any automated decision-making or profiling. However, if circumstances change, we will inform you via updating our privacy policy.
International Transfers
Pentest People does not transfer any personal data outside of the EEA.
Data Retention
Pentest People will hold your personal data for the length that it is required to provide you with our services in accordance with our Data Retention Policy. We may be required to retain some of your data after this time, for a set period, for us to meet our legal obligations including resolving any follow-up issues.
Your Rights
You have the following rights concerning your personal data:
- Right of Access: You have the following rights concerning your personal data:
- Right of Rectification: You have the right to oblige Pentest People to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.
- Right to Erasure: You have the right (under certain circumstances, but not all) to oblige Pentest People to erase personal data concerning you.
- Right to Restriction of Processing: You have the right (under certain circumstances, but not all) to oblige Pentest People to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.
- Right to Data Portability: You have the right (under certain circumstances, but not all) to oblige Pentest People to provide you with the personal data about you which you have provided to Pentest People in a structured, commonly used and machine-readable format. You also have the right to oblige Pentest People to transmit those data to another controller.
- Right to Withdraw Consent: If the lawful basis for processing is consent, you have the right to withdraw that consent.
- Right to Object to Direct Marketing: Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.
- Rights in Relation to Automated Decision Making and Profiling: Pentest People does not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.
Your Right to Lodge a Complaint With a Supervisory Authority
If you wish to exercise any of your rights concerning your personal data, you should contact Pentest People’s Data Protection Lead at the address provided above. If you are not satisfied with the response you receive you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
(t) 0303 123 1113(e) casework@ico.org.uk
Learn Something New
Have a read of our blogs written by industry experts, covering topics from all areas in cyber.
Meeting Compliance With Threat Intelligence
This blog covers the basics of Threat Intelligence and how you can meet compliance by adding a Threat Intelligence solution into your defences. SecurePortal 2.10 now helps customers comply with ISO27001, DORA & PCI DSS with Real-Time Threat Intelligence and its free! Read our blog for more information.
SecurePortal 2.10 - Introducing Threat Intelligence
Stay ahead of global cyber threats with our powerful new Dashboard. Access over 30 live feeds for real-time, industry-specific insights. Customise your view to focus on what matters most, and empower your team with actionable intelligence. Enhance your situational awareness, streamline reporting, and meet compliance requirements—all through our user-friendly interface. Equip your organisation to proactively address risks and strengthen your security posture.
Cyber Security Trends to Look Out For in 2025
Dive into the future of cyber security as we gear up for 2025. We'll explore how AI is set to redefine threat detection, making it smarter and faster. As we become more connected, securing supply chains against vulnerabilities is more important than ever. Plus, with the rise of hybrid work environments, zero trust architecture is becoming a must-have to keep everything locked down and secure. It's all about staying one step ahead of the curve, so let's unpack what your organisation can do to tackle these challenges head-on and keep your digital world safe.
.svg)
.webp)
