QuantumSabre Privacy Notice

Effective Date: 04.12.2024

QuantumSabre (“we,” “us,” “our”) respects your privacy and is committed to protecting your personal data. QuantumSabre Privacy Notice explains how we collect, use, share, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and relevant guidance from the National Cyber Security Centre (NCSC).

1. Who We Are

QuantumSabre is a UK-based cybersecurity firm specializing in cutting-edge security services designed to protect organizations from digital threats. As a Data Controller, we are responsible for ensuring that your personal data is processed lawfully, fairly, and securely.

Contact Information:

  • Data Protection Officer (DPO): Joseph Matthew Hajczinger quantumsabre@protonmail.com
  • Address: 27 Gloucester street, London, United Kingdom, WC1N 3AX

2. Data We Collect

We collect and process the following categories of personal data:

A. Personal Identification Information

  • Name
  • Address
  • Email address
  • Phone number
  • Job title

B. Sensitive Personal Data (Special Category Data)

  • Health-related information (e.g., sickness or disability status)
  • Biometric data (e.g., fingerprint or facial recognition for access control)
  • Race or ethnicity
  • Religion or philosophical beliefs
  • Trade union membership

C. Criminal Offense Data

  • Disclosure and Barring Service (DBS) checks
  • Criminal conviction records (where required by law or for safeguarding purposes)

D. Technical and Usage Data

  • IP addresses
  • Device information (e.g., hardware and software specifications)
  • Log files and browsing behaviour (collected through cookies and similar tracking technologies)

E. Business Data

  • Details of services requested or provided
  • Communication records

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service Delivery: To provide, manage, and improve our cybersecurity services.
  • Compliance: To meet our legal obligations, including conducting security checks and maintaining records.
  • Communication: To respond to inquiries, provide updates, and share relevant information.
  • Security and Prevention: To detect, investigate, and prevent fraud, unauthorized access, and other security incidents.
  • Training and Awareness: To provide training to clients and employees on cybersecurity best practices.
  • Marketing: To inform you about our products and services (only if you have given explicit consent).

4. Legal Basis for Processing

We process your data under the following lawful bases:

  1. Contractual Obligation: To perform our contractual commitments with you or your organization.
  2. Legal Obligation: To comply with applicable laws and regulations.
  3. Legitimate Interests: To operate and improve our business, ensuring secure operations.
  4. Consent: Where explicit consent is provided for specific processing activities (e.g., marketing communications).

5. How We Protect Your Data

We implement robust security measures aligned with NCSC recommendations to safeguard your data. These include:

  • Technical Controls: Firewalls, encryption, secure configuration, and regular vulnerability assessments.
  • Access Management: Role-based access control and multi-factor authentication for sensitive systems.
  • Incident Response: An established procedure for handling data breaches, including notifying the Information Commissioner’s Office (ICO) within 72 hours if necessary.
  • Staff Training: Regular employee training on data protection and cybersecurity practices.
  • Compliance Audits: Routine reviews to ensure adherence to legal and industry standards.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice or as required by law. Our data retention schedule specifies:

  • The types of data retained
  • The retention periods based on legal and operational requirements
  • Secure methods for data deletion, including physical destruction and electronic erasure

7. Sharing Your Data

We may share your data with:

  • Service Providers: Third parties providing essential services (e.g., cloud storage, payment processing).
  • Regulatory Bodies: To comply with legal obligations or law enforcement requests.
  • Business Partners: For the delivery of integrated services (with your consent).
  • Professional Advisors: Legal, financial, or IT consultants assisting us in our operations.

8. International Data Transfers

If we transfer your data outside the UK or European Economic Area (EEA), we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Transfer Impact Assessments (TIAs)
  • Compliance with adequacy decisions under the UK GDPR

9. Your Rights

You have the following rights under the UK GDPR:

  1. Access: Obtain a copy of your personal data.
  2. Rectification: Correct inaccurate or incomplete data.
  3. Erasure: Request deletion of your data (subject to legal exceptions).
  4. Restriction: Limit how your data is processed under certain conditions.
  5. Portability: Receive your data in a structured, machine-readable format.
  6. Objection: Object to processing based on legitimate interests.
  7. Withdraw Consent: Revoke consent at any time for consent-based processing.

To exercise your rights, please contact us at quantumsabre@protonmail.com

10. Cookies and Tracking Technologies

We use cookies to enhance user experience and analyse website usage. You can manage your cookie preferences through our [Cookie Policy].

11. Data Breaches

In the event of a data breach:

  • We will assess the impact and take immediate steps to contain and mitigate the breach.
  • Affected individuals will be notified without undue delay if there is a high risk to their rights and freedoms.
  • We will report significant breaches to the ICO within 72 hours of discovery.

12. Updates to This Privacy Notice

We may update this Privacy Notice periodically to reflect changes in legal requirements or our practices. The latest version will always be available on our website.

13. Contact Information

If you have questions or concerns about this Privacy Notice or your data, please contact:

Data Protection Officer

  • Email: quantumsabre@protonmail.com dpo@quantumsabre.co.uk
  • Address: 27 Gloucester street, London, United Kingdom, WC1N 3AX

You may also lodge a complaint with the ICO if you believe your rights have been violated.

QuantumSabre – Your Trusted Partner in Cybersecurity