Who we are
Chameleon Cyber Consultants Ltd is a Limited company that provides cyber security consultancy.

GDPR Legal Basis for Processing
We and our joint data controller/third party data processor (Neptik LTD) use data to carry out direct B2B marketing and lead generation campaigns. The lawful basis we use for this processing is “Commissioner’s Legitimate Interest” in accordance with recital 47 of the GDPR.

The United Kingdom’s Information Office (ICO) recommends that companies using this basis conduct a “Legitimate Interests Assessment” (LIA) and we have to do this in regard to the data processing we undertake. Chameleon Cyber Consultants Ltd and our joint data controller/third party data processor (Neptik LTD) fully complies with all key principles laid out in the GDPR legislation as outlined and enforced by the ICO. These are:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

Who do Chameleon Cyber Consultants Ltd, and our joint data controller/third party data processor (Neptik LTD) share data with?
We and our joint data controller/third party data processor (Neptik LTD) use a number of third-party cloud-based software platforms to process and store personal data in our daily business operations. We do not resell or share this data with any other party other than in the circumstances below:

1. Where we are legally required by law to disclose your personal information.
2. To further fraud protection and reduce the risk of fraud.
3. In the event that we sell any or all of our business to the buyer.

International transfer of data
Many of the third-party cloud-based software platforms we and our joint data controller/third party data processor (Neptik LTD) use to process and store personal data in our daily business operations are owned by companies based outside the UK and EEA. Therefore, in many cases we transfer personal data to cloud-based software providers that operate outside of the UK and EEA in order for us to complete our business operations. We only transfer personal data to countries that have been identified as being able to provide an adequate level of data protection security by the UK and European Commission, and we only use cloud-based software providers which deliver the same level of data protection security as required in the UK and the European Union.

Where does the data come from?
The data we, and our joint data controller/third party data processor (Neptik LTD) process is obtained from several sources. These include GDPR compliant data providers and online resources. Our processing is based principally on the use of publicly available data to identify sales prospects. As such your privacy is important to us, we take our responsibilities seriously and will always respond quickly and courteously to any request.

Right to Rectification
Our work, and that of our joint data controller/third party data processor (Neptik LTD) involves the continual updating of data based on interactions we have with customers and prospects to ensure accuracy. We, and our joint data controller/third party data processor (Neptik LTD) rectify, and update information based on what we’re told by the people we communicate with about themselves and their businesses. If you believe that we hold information about you which is incorrect you can also contact us using sarah@chameleoncyberconsultants.com with the subject line “Right to Rectification”.

Right to object
You have the right to object to our processing of your data, which will prevent data associated with your contact details from being processed. Please contact us to request this using sarah@chameleoncyberconsultants.com with the subject line “Right to Object”. We will require your phone number(s) in order to affect this.

Other rights
As well the aforementioned, all data subjects have other rights with regards to data protection as outlined by the ICO in the below links:

• The right to be informed
• The right to access
• The right to erasure
• The right to restrict processing
• The right to data portability
• Rights related to automated decision-making including profiling
• The right to complain to a supervisory authority
• The right to withdraw consent

Access to Information
You may ask for the data specific to you in the form of a Data Subject Access Request. We will require you to prove your identity in order to release this information. Please contact us to request Access using sarah@chameleoncyberconsultants.com with the subject line – ‘Subject Access Request’.

Information We Collect
B2B data is only collected in relation to Chameleon Cyber Consultants Ltd services. This information will be processed under either “Legitimate Interest” in accordance with recital 47 of the GDPR or on a consent basis depending on our clients GDPR policy.
In running and maintaining our website and during the course of our day-to-day business we may collect and process the following data about you:

1. Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
2. Information provided voluntarily by you. For example, when you download content or register for information.
3. Information that you provide when you communicate with us by any means.
4. Name and job title
5. Professional contact information including business email address

Information Commissioner’s Office
Chameleon Cyber Consultants Ltd protects client data in the same way it protects all sensitive and personal data, in accordance with the rules and regulations stated in the General Data Protection Act. The Information Commissioner’s Office registration number of the third-party company (Neptik LTD) that we contract to source, store, and manage our prospective customer data is: ZA795453.
In addition, to meet client requirements we comply with client policies and procedures for data protection and privacy.

Use of Your Information
For information collected on behalf of our clients this B2B data is only collected in relation to their business services or goods, this information will be processed under either “Legitimate Interest” in accordance with recital 47 of the GDPR or on a consent basis depending on our clients GDPR policy.

Storing Your Personal Data
We and our joint controller/third party data processor (Neptik LTD) do our utmost to ensure that all reasonable steps are taken to make sure that your data is treated and stored securely.
Unfortunately, the sending of information via the internet is not totally secure and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send us electronically. Sending such information is entirely at your own risk.

Disclosing Your Information
We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:

1. In the event that we sell any or all of our business to the buyer.
2. Where we are legally required by law to disclose your personal information.
3. To further fraud protection and reduce the risk of fraud.

Website Privacy Policy
We are committed to safeguarding the privacy of our website visitors. You can access our full Website Privacy Policy https://www.chameleoncyberconsultants.com/privacy-policy

Contacting Us
Please do not hesitate to contact us regarding any matter relating to this Email Marketing Privacy Policy. To opt-out of receiving email marketing communications from us, please email us sarah@chameleoncyberconsultants.com.