Skurio Privacy Policy

 

Version 1.3 Release date November 2019

Skurio Ltd (we, our, us) have made it our business to protect individuals, safeguard their privacy and respect their wishes. We are committed to protecting personal data and being transparent about how we collect, use and disclose personal data.

This policy sets out how we use personal data for the purposes of our business. Please read the following carefully to understand our practices so you can make informed decisions about your relationship with us.

We use personal data that relates to three key categories of individuals (or “data subjects”):

  • People who use our website site skurio.com (Our Site);
  • Our customers and people we work with (this includes employees of our customers and service providers); and
  • People with personal data relating to them disclosed on the Dark Web and other sources we collect information from for BreachAlert.

For the purpose of the Data Protection Act 2018 (the Act) and the General Data Protection Regulation (GDPR), the data controller is Skurio Limited of 6B Weaver’s Court, Belfast BT12 5GH, UK.

Skurio Ltd is registered as a data controller with the Information Commissioners’ Office. Our registration number is ZA043329.

 

INFORMATION WE COLLECT AND USE:

People who use Our Site

We will collect any personal data provided via the webforms on Our Site. We will also automatically collect the following information, this will always be anonymised and cannot be traced back to you and will only be used for the purposes of improving our website and understanding how users interact with it:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
  • Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from Our Site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

Our customers and people we work with

We collect personal data relating to our customers, the employees of our customers and other individuals we work with. This personal data includes:

  • Name, address, contact details;
  • Position and company;
  • Professional social media (for example, LinkedIn and Twitter);
  • Order history and payment details;
  • Records of contact and correspondence; and
  • Applications and CVs.

We receive this information directly from individuals or from their companies or the companies we work with.

BreachAlert

We operate a Digital Risk Protection solution called BreachAlert. BreachAlert automatically alerts our customers to information security breaches relating to their data.

To identify breaches BreachAlert constantly monitors and collects a wide range of information from surface, Deep and Dark Web sources including Tor sites, IRC chatrooms, and social and text repository sites like Pastebin.

BreachAlert is primarily seeking to identify information relating to our customers such as:

  • Staff details;
  • Usernames and passwords;
  • Trade secrets and commercial information; and
  • Intellectual property;

Due to the wide range of information it collects to effectively identify breaches, BreachAlert may routinely collect data that includes personal data, special category personal data or criminal offence data.

This personal data includes personal data relating to the staff of our customers and any other personal data that is included in the sources BreachAlert monitors.

BreachAlert alerts our customers when it identifies personal data or other information relating to them. Our customers can then access this personal data or other information and decide how to use it.

 

OUR PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA:

People who use Our Site

We use personal data relating to people who use Our Site for the purposes of administering, developing and promoting our business.

Our legal ground for using the personal data we collect relating to people who visit Our Site is that doing so is necessary for the legitimate interests of our business. We will not use personal data for the purposes of our legitimate interests where an individual’s interests and rights override our business interests.

Our customers and people we work with

We use personal data relating to our customers and people we work with for the purposes of administering, developing and promoting our business.

If you are an individual who has a contract with us, our primary ground for using personal data relating to you will be for the performance of the contract. If you do not provide the personal data we need to perform the contract, we may not be able to provide services to you. We may also use personal data relating to you separately from the performance of the contract where doing so is necessary for the legitimate interests of our business or the legitimate interests of a third party such as our customers. We will not use personal data for the purposes of our legitimate interests where your interests and rights override the legitimate interests we have identified.

If you are an individual who we work with but do not have a direct contract with (for example, employees of our customers or services providers), our legal ground for using personal data relating to you is that doing so is necessary for legitimate interests of our business or the legitimate interests of a third party such as our customers. We will not use personal data for the purposes of our legitimate interests where your interests and rights override the legitimate interests we have identified.

BreachAlert

BreachAlert uses personal data for the purposes of identifying breaches and other digital risks.

Our legal ground for using the personal data collected by BreachAlert is that doing so is necessary for the legitimate interests of our business or the legitimate interests of a third party such as our customers. We will not use personal data for the purposes of our legitimate interests where your interests and rights override the legitimate interests we have identified.

Where a public body uses BreachAlert as a customer, the legal ground may be for the performance of a task carried out in the public interest or official authority.

Where BreachAlert collects special category or criminal offence personal data, our legal ground is that doing so is necessary for the purposes of:

  • The establishment, exercise or defence of legal claims; and/or
  • Preventing or detecting unlawful acts, for reasons of substantial public interest.

Legal obligations

Separately from the legitimate interests of our business and the performance of contracts we have with individuals, we will also use personal information when we are required to do so by law.  Where that is the case, our legal ground is that the use of personal data is necessary to comply with a legal obligation.

 

RETENTION:

Our site

We only store personal data collected via Our Site while it is needed for our business purposes up to a maximum of 36 months. We will only keep personal data collected via Our Site for longer where necessary to comply with our legal obligations or to safeguard are legal rights.

Our customers and people we work with

We will generally store personal data that is related to our customers or other people we work with for a maximum of 36 months from our last relevant contact. We will only keep personal data relating to customers or other people we work with for longer where necessary to comply with our legal obligations or to safeguard our legal rights.

BreachAlert

All personal data collected by BreachAlert is stored for 36 months before automatic deletion.

Where you request personal data relating to you to be removed from our system, please note it may take up to 28 days for this process to be completed.

 

DISCLOSURE OF PERSONAL DATA:

Service providers

To help administer, develop and promote our business, we share personal data with and receive personal data from the following types of service provider –

  • Payment processors.
  • Advertising partners.
  • Analytics service providers.
  • IT providers.
  • Email database management.
  • Consumer relationship management.
  • Professional services (for example, accountants and lawyers).

We have contracts in place with these service providers that strictly govern how they may use the personal data we share with them.  We keep a list of relevant service providers that is available here.

Business reorganisation

We will share personal data with potential buyers, group companies, investors and/or business partners where necessary for a reorganization, restructuring, merger, sale or transfer of assets involving Skurio and/or the Service.

BreachAlert

Where BreachAlert identifies information relating to one of our customers, that customer is able to access that information.  Customers are strictly limited to only searching for personal data that relates to them and their business.

 

WHERE WE STORE PERSONAL DATA:

We store personal data within the European Economic Area.  However, the personal data hold may be transferred to service providers or others based outside the EEA. Where we transfer personal data outsider the EEA we will implement safeguards such as standard contractual clauses approved by the European Commission or the US-EU Privacy Shield.

 

RIGHTS:

You have the rights to:

  • Information about how we use personal data (which is what this policy is for);
  • Access to personal data;
  • Object to direct marketing and the use of personal data based on the grounds of legitimate interest;
  • Erasure of personal data;
  • Portability of personal data;
  • Withdraw consent where our use of personal data is based on consent;
  • Rectification of personal data;
  • Restriction of personal data; and
  • Complain to the Information Commissioner’s Office.

 

Please be aware that these are not absolute and there may be some situations in which they cannot be exercised or they are not relevant. You can find out more detail about these rights on the website of the Information Commissioner’s Office – www.ico.org.uk.

Should we send you information and you no longer wish to be contacted please unsubscribe or contact us by email ([email protected]). This process should be completed within 28 days. If you are a customer, your preferences can also be managed directly via your account.

 

OTHER SITES REFERENCED ON WWW.SKURIO.COM:

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

 

CHANGES TO OUR PRIVACY POLICY:

Any changes we make to our privacy policy in the future will be posted on this page. Where this affects the consents needed from you then we will seek your renewed permission the next time you visit the website.

 

CONTACT AND DATA PROTECTION OFFICER:

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to our Data Protection Officer (“DPO”) via [email protected].

 

Cookie Policy

INFORMATION ABOUT OUR USE OF COOKIES

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can find more information about the individual cookies we use and the purposes for which we use them below:

Cookie name

_ga

Purpose

Analytical cookie

More information

Google Analytics user identification

1 year persistence

Cookie name

_gid

Purpose

Analytical cookie

More information

Google Analytics user identification

24 hour persistence

Cookie name

wfwaf-authcookie-(hash)

Purpose

Analytical cookie

More information

This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded. This is only set for users that are able to log into WordPress.

Cookie name

wf_loginalerted_(hash)

Purpose

Strictly necessary cookie

More information

This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location. This is only set for administrators.

Cookie name

wfCBLBypass

Purpose

Strictly necessary cookie

More information

Wordfence offers a feature for a site visitor to bypass country blocking by accessing a hidden URL. This cookie helps track who should be allowed to bypass country blocking.

In addition, we use HubSpot for some web pages you may visit, which also sets cookies. HubSpot’s tracking code sets a number of tracking cookies which fall into two general categories: 

  • Essential/necessary cookies: essential cookies which do not require consent. 
  • Consent banner cookies: cookies included in the consent banner under GDPR.

Essential/necessary cookies

__hs_opt_out
This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again. This cookie is set when we give visitors the choice to opt out of cookies.
(Expires: 13 months)

__hs_do_not_track
This cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, as it still allows anonymised information to be sent to HubSpot.
(Expires: 13 months)

hs_ab_test
This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.
(Expires: end of session)

<id>_key
When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. The cookie name is unique for each password-protected page.   

__hstc
The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
(Expires: 13 months) 

hubspotutk
This cookie is used to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
(Expires: 13 months

__hssc
This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. 
(Expires: 30 min) 

__hssrc
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
(Expires: end of session)