Cuub Consultancy Privacy Policy

This document defines Cuub Consultancy's ("Cuub Consultancy" or "the Company") approach to Privacy. It provides an overview of the policies and standards across Cuub Consultancy that apply to privacy of Information and sets out Cuub Consultancy's commitment to actively manage and promote standards in this area.

This document highlights the required policies to ensure information is obtained, stored, maintained, and processed in a safe, secure and legal manner.

Our contact details
Name: Andrew Shotton
Address: 75 Shoveller Drive, Apley, Telford, TF1 6GQ
Phone Number: 07984 195 774
E-mail: ashotton@cuubconsultancy.com
ICO Reference No: ZA914877

The type of personal information we collect

We currently collect and process the following information:

Our Cookie Policy

The website cuubconsultancy.com DOES NOT use cookies to store personal data. There is only one cookie which is stored in the browser called the cookieconsent_status which is created when a site user clicks on the cookie pop up, acknowledging the site's cookie policy.

The General Data Protection Regulation (GDPR)

Cuub Consultancy will comply with all applicable data protection and privacy laws & regulations in the performance of its obligations under the General Data Protection Regulation 2016/679, and the Data Protection Act 2018 ("Data Protection Laws").

How we obtain the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

We use the information that you have provided to:

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting ashotton@cuubconsultancy.com
(b) We have a contractual obligation.
(c) We have a legal obligation.

How we store your personal information

Microsoft 365 & Microsoft Azure
Your information is securely stored on Microsoft Azure and Microsoft 365 cloud storage and is encrypted at rest and in transit by default. For full information on the security precautions and technology employed by Microsoft Azure and Microsoft 365 please see the following links:
https://docs.microsoft.com/en-us/azure/security/fundamentals/
https://docs.microsoft.com/en-us/compliance/assurance/assurance-governance

Afi.ai Secure Backup (Google Cloud)
We also utilise a secure backup solution from afi.ai to protect our services and data from threats such as ransomware; something the Microsoft versioning model can't protect against. Microsoft's Shared Responsibility Model clearly states the customer always retains responsibility for data. afi.ai services are hosted on secure Google Cloud Compute (GCP) cloud servers for diverse storage objectives, and all data is encrypted in transit and at rest. For full details of the security employed by GCP and afi.ai please see this link https://afi.ai/compliance.

Atlassian (AWS Cloud)
From time to time we use some services from Atlassian, such as Jira (cloud) for project management and Confluence (cloud) for wiki documentation. Whilst most of this data is operational and task specific there may be some basic personal data from clients such as email addresses and contact details. Atlassian use secure AWS cloud services, employing industry leading security including encryption of data in transit and at rest. For full details of Atlassian's security practices please see this link https://www.atlassian.com/trust/security/security-practices/

All of the above services and locations are controlled and secured with least privilege strategies, and all require Multi Factor Authentication (MFA) in order to gain access.

Cuub Consultancy laptops
All Cuub Consultancy laptops are enrolled in an MDM solution called Microsoft Intune. This MDM solution allows Cuub Consultancy to enforce security and compliance policies to all laptops, ensuring that every laptop is encrypted with Bitlocker, has up to date Anti-malware signatures and can be remotely wiped if lost or stolen.

We keep personal information for a limited time, and is in general limited to the length of the contract between us. Once our engagement ends, we will then dispose your information by securely deleting all personal data we have held on you.

Your data protection rights

Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at ashotton@cuubconsultancy.com if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at ashotton@cuubconsultancy.com
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO's address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk