At the Institute of Cyber Security for Society (iCSS), we are committed to protecting and respecting your privacy.
Who are we?
We are the Institute of Cyber Security for Society (iCSS) at the University of Kent. The University of Kent is registered as a ‘Data Controller’ under registration number Z6847902. View the full entry on the register.
How do we collect information from you?
We obtain information about you when you:
- use our website, for example, when you contact us via our ‘Contact us’ page;
- email us or phone us to enquire about our services;
- book attendance at an exhibition, conference or event, or give us your business card;
- submit an entry for a competition;
- request to join our mailing list;
- fill a form to participate in activities we (co-)organise such as CyberFirst and other school outreach activities, activities of KMCS3 (Kent & Medway Cyber Security Student Society), KMCSN (Kent & Medway CyberSchools Network) and KMCC (Kent & Medway Cyber Cluster).
Categories of information we collect
The personal information we collect in connection with your interaction with iCSS may include your name, email address, organisation, IP address, and information regarding what pages are accessed and when.
If you join our mailing list or give us your business card, for example at an exhibition, conference or event, we will add your name, email address, organisation, and specific area of interest so we can send you appropriate information relating to your interest in our services. You can unsubscribe at any time by emailing us.
If you purchase a product from us or purchase a place on a conference or event, your card information is not held by us, it is collected by third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
We will collect dietary and accessibility requirements for our conferences and events in order to accommodate your needs. This information will be deleted once the event has taken place.
How is your information used?
We will not share your information, unless required to by law. We may use your information to:
- process orders that you have submitted
- carry out our obligations arising from any contracts entered into by you and us
- seek your views or comments on the services we provide
notify you of changes to our services
- send you communications which you have requested and that may be of interest to you.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted.
You can change your marketing preferences or unsubscribe from our mailing list at any time by contacting us.
Our lawful basis for processing your data
We rely on the following lawful basis as allowed by the UK GDPR for processing your personal data as this is necessary for:
- the performance of a task carried out in the public interest or in the exercise of official authority –Article 6(1)(e)
- our contract with you – Article 6(1)(b)
- to protect your vital interests or those of another person – Article 6 (1)(d)
- you have given your consent for one or more specific purposes – Article 6(1)(a)
Who your information will be shared with
We will share relevant personal data with other third party organisations (e.g., EC-Council, Chartered Institute of Information Security, The STEM Hub, KMCC, etc.) for the purposes of their service that they provide or jointly provide to you (e.g., courses, membership, events, etc.). Such third party organisations are normally explicitly stated in the specific web page explaining the relevant service. We will ensure that only the minimum amount of relevant personal data necessary for the purpose is transferred. We will ensure that contractual agreements exist to ensure compliance with data protection regulations and that data is used solely under our instruction. In these circumstances personal data shall be deleted after the contract has terminated.
Sometimes it may be necessary for your personal information to be shared:
- with competent authorities (such as the police, NCA) or action fraud for law enforcement purposes (for on substantial public interest reasons – Article 9(2)(g) – for preventing or detecting unlawful acts, safeguarding or fraud purposes.
- with our professional advisors where it is necessary for the establishment, exercise or defence of legal claims – Article 9(2)(f).
Occasionally the University may, if appropriate, legitimate and necessary, rely on relevant exemptions to UK GDPR provisions as are allowed under the Data Protection Act 2018 (in relation to crime and taxation, management forecasts, negotiations, confidential references and exam scripts and exam marks).
We will ensure that security measures are in place to prevent the accidental loss, unauthorised use or access to your data. Access is given to staff on a ‘need to know’ basis. Our staff are required to keep your data safe and complete data protection training.
We have procedures in place to deal with any data security incidents and will notify you and the ICO in the event of a data breach where we are required to do so.
Please be aware of the following rights which can be accessed free of charge by contacting firstname.lastname@example.org:
- know how we are using your personal information and why (right to information)
- access the personal data held by us (subject access request)
- ask for correction of any mistakes (rectification)
- to object to direct marketing
- to complain to the ICO
In some circumstances you also have the right to:
- object to how we are using your information
- ask us to delete information about you (the right to be forgotten)
- have your information transferred electronically
- object to automated decisions which significantly affect you
- restrict us from using your information.
For further guidance regarding your rights please see the ICO website.
Your rights if you have given consent or explicit consent for a specific use of your personal data
You can withdraw your consent at any time.
You can do this by contacting us by emailing email@example.com or other email address indicated when you provide your personal information to us. This does not affect the lawfulness of the processing based on consent before its withdrawal.
Your right to complain to the Information Commissioner
You have the right to lodge a complaint with the Information Commissioner’s Office. Their helpline telephone number is: 0303 123 1113.
If you have any questions or concerns about the way the University has used your data, or wish to exercise any of your rights, please consult our website.
The University’s Data Protection Officer can be contacted at: firstname.lastname@example.org
Document review date
This privacy notice will be reviewed at least annually. This notice was last reviewed and updated in November 2023.