In urgent need of assistance from our Incident Response team? Click below to email directly and get support.
Get Support
Set up regular vulnerability scans for Web Apps & Infrastructure with our innovative SecurePortal
Learn More
PTaaS Packages For All Businesses
Distribute, manage and monitor remediation tasks effortlessly with PTaaS, powered by SecurePortal
View PTaaS Options
SecurePortal 2.11 - Single Sign On (SSO) and Requested Upgrades
Read
Need Our Assistance?
We now offer Incident Response Retainers helping you reduce damage from a cyber attack
Read
Pentest People Privacy Policy
This policy describes how Pentest People aims to provide you with information about how we are handling or intend to handle personal information.
Introduction
This policy describes how Pentest People aims to provide you with information about how we are handling or intend to handle personal information.
Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (‘GDPR’)) and the Data Protection Act 2018 (referred to as Data Protection law) oblige us to provide you with information about how and why we use personal data. We recognise our obligations and your legal rights set out in the Data Protection Law.
About Us
Pentest People is a Penetration Testing and Cyber Security Services organisation (company number 10661715) with registered office at Pentest People Ltd, 20 Grosvenor Place, London, United Kingdom, SW1X 7HN Pentest People is the data controller of all personal data processed by us.
Registration with the Information Commissioner’s Office
For the purpose of the Data Protection Act (2018) Pentest People is registered as a data controller with the Information Commissioners Office.
Personal Data Processed
We collect, store and process personal data for several purposes, mainly client management, client relationship, contract performance, sales opportunities, marketing, service delivery, product development and feedback, finance and invoices.
1. What Personal Information do we Collect & How we Collect it?
We collect, store and process personal data for several purposes, mainly client management, client relationship, contract performance, sales opportunities, marketing, service delivery, product development and feedback, finance and invoices.
We collect personal information that you provide directly to us or via third parties via events:
Contact information. If you sign up to receive our newsletter, emails, or text messages from us, we will collect your name, email address, mailing address, phone number, and any other information needed to contact you about the Services.
Payment information. To order products or services through the Services, you will need to provide us with payment information (like your bank account or credit card information). Please note that your financial information is collected and stored by a third party payment processing company. Use and storage of that information is governed by the third party payment processor’s applicable privacy policy.
Survey information. You may provide us with other personal information when you fill in a form, respond to our surveys or questionnaires, provide us with feedback, participate in promotions, or use other features of the Services.
Communications information. We may also collect other information during our communications with you, including information that you send to us when interacting with our customer service agents, or when you call us or send emails or text messages. This may include information about how you contacted us, your marketing preferences, and other information that you choose to share.
2. How do we Use Your Business Data?
We use the personal information we collect for the following reasons:
- To send you our newsletter, or other information or marketing about our Services that you think may be of interest to you.
- To reply to your questions, inquiries, or customer service requests or to send you notices, updates, security alerts, or support and administrative messages.
- To provide you with information about the Services that you request from us or which we feel may interest you.
- To monitor and analyse trends, usage and activities in connection with our Services and to improve the Services.
- To facilitate contests, sweepstakes and promotions, and to process entries and provide prizes and rewards.
- To reply to your questions, inquiries, or customer service requests or to send you notices, updates, security alerts, or support and administrative messages.
3. Your Marketing Choices
When you message our business, provide your data at an event, subscribe to receive our newsletter or marketing/promotional messages, we use your business information to help us decide which products, services and offers may be of interest to you.
We will send marketing messages to you if you have asked us to send you information, bought goods or services from us, or if you provided us with your details at an event or promotional purposes. If you opt out of receiving marketing messages, we may still send you non-promotional emails.
You may unsubscribe from marketing messages through a link we include on all marketing messages we send you. You can also ask us to stop sending you marketing messages at any time by contacting us at: info@pentestpeople.com.
Data Sharing
Pentest People may share data privacy policy with the following organisations and for the lawful reasons shown:
Xero – Accounting Software
Zoho – CRM Software
Sub-contract Processing
Pentest People may use third-party organisations to process personal data under a written contract which incorporate stringent data protection requirements. Pentest People only employ organisations that comply with the provisions of the GDPR. These organisations may be audited to ensure compliance. We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information and these agents may share personal data with Pentest People. A Full list of sub processors is available on request.
Automated Decision-Making and Profiling
Pentest People does not undertake any automated decision-making or profiling. However, if circumstances change, we will inform you via updating our privacy policy.
International Transfers
Pentest People does not transfer any personal data outside of the EEA.
Data Retention
Pentest People will hold your personal data for the length that it is required to provide you with our services in accordance with our Data Retention Policy. We may be required to retain some of your data after this time, for a set period, for us to meet our legal obligations including resolving any follow-up issues.
Microsoft Clarity
"We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimisation, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement."
Your Rights
You have the following rights concerning your personal data:
- Right of Access: You have the following rights concerning your personal data:
- Right of Rectification: You have the right to oblige Pentest People to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.
- Right to Erasure: You have the right (under certain circumstances, but not all) to oblige Pentest People to erase personal data concerning you.
- Right to Restriction of Processing: You have the right (under certain circumstances, but not all) to oblige Pentest People to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.
- Right to Data Portability: You have the right (under certain circumstances, but not all) to oblige Pentest People to provide you with the personal data about you which you have provided to Pentest People in a structured, commonly used and machine-readable format. You also have the right to oblige Pentest People to transmit those data to another controller.
- Right to Withdraw Consent: If the lawful basis for processing is consent, you have the right to withdraw that consent.
- Right to Object to Direct Marketing: Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.
- Rights in Relation to Automated Decision Making and Profiling: Pentest People does not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.
Your Right to Lodge a Complaint With a Supervisory Authority
If you wish to exercise any of your rights concerning your personal data, you should contact Pentest People’s Data Protection Lead at the address provided above. If you are not satisfied with the response you receive you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
(t) 0303 123 1113(e) casework@ico.org.uk
Learn Something New
Have a read of our blogs written by industry experts, covering topics from all areas in cyber.
SecurePortal 2.11 - Single Sign On (SSO) and Requested Upgrades
Discover how Pentest People’s latest updates to SecurePortal—featuring Single Sign-On (SSO), Company Tasks, and Quick Filters—are transforming task management, enhancing security, and streamlining workflows. Stay organised, save time, and experience a smarter way to manage your assessments!
.svg)
.webp)
