Romano Security Consulting Training

1. Introduction

Romano Security Consulting (“we”, “us”, “our”) is committed to protecting the privacy and security of personal data. This privacy notice explains how we collect, use, store, and protect personal data when you interact with us, whether through our website, services, or business relationships.

We act as a data controller for the personal data we process for our own purposes.

2. Contact Details

If you have any questions about this privacy notice or wish to exercise your rights, please contact:

Email: [email protected]

Post: Data Protection Officer, Romano Security Consulting, 18 Higher Lane, Kerridge, SK10 5AR

Telephone: +44 (0) 1625 3150210

3. Personal Data We Process

We process personal data in the following contexts:

3.1 Consultancy Services

We may process personal data as part of delivering our services to clients.

Data types: Name, email address, telephone number, job role, business contact details, signatures

Purpose: Delivery of contracted services

Lawful basis: Contract (Article 6(1)(b)) and Legitimate Interests (Article 6(1)(f))

3.2 Website Enquiries

When you contact us via our website or email.

Data types: Name, email address, message content

Purpose: Responding to enquiries

Lawful basis: Legitimate Interests (responding to enquiries)

3.3 Prospective Clients

We process business contact information obtained through networking, meetings, or events.

Data types: Name, email address, telephone number, business details, correspondence

Purpose: Managing business relationships and opportunities

Lawful basis: Legitimate Interests (business development)

3.4 Financial Management

We process data for accounting and legal obligations.

Data types: Contact details, bank details, invoices, transaction records

Purpose: Financial management and compliance

Lawful basis: Legal Obligation (Article 6(1)(c)) and Contract

3.5 Client Satisfaction Surveys

Data types: Contact details, feedback responses

Purpose: Service improvement

Lawful basis: Legitimate Interests

3.6 Marketing Communications

Data types: Contact details

Purpose: Sending relevant updates or marketing

Lawful basis:

Consent (where required)

Legitimate Interests (for B2B communications)

You can opt out at any time.

3.7 Employees

We process employee data separately under an internal employee privacy notice.

4. Data Retention

We retain data only for as long as necessary:

Client and contract data: Up to 7 years after contract end

Financial records: 6–7 years (legal requirement)

Marketing data: Until you withdraw consent or object

General enquiries: Up to 12 months after last contact

We regularly review and delete data when no longer required.

5. Sharing Your Data

We may share personal data with trusted third-party service providers, including:

Cloud hosting providers (e.g. Microsoft Azure / AWS)

Email and office systems (e.g. Microsoft 365)

CRM systems

Accounting and financial platforms

All third parties are required to process data securely and in accordance with data protection law.

6. International Data Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

UK International Data Transfer Agreement (IDTA)

Standard Contractual Clauses (SCCs)

7. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

Encryption

Access controls

Secure cloud infrastructure

Information Security Management practices

We assess risks to ensure confidentiality, integrity, and availability of data.

8. Cookies and Website Tracking

Our website may use cookies or similar technologies to improve user experience and analyse website usage.

You will be provided with clear information and choices regarding cookies when visiting our website.

9. Your Rights

Under UK data protection law, you have the right to:

Be informed about how your data is used

Access your personal data

Request correction of inaccurate data

Request deletion of your data

Object to processing

Request data portability

Withdraw consent at any time

You can exercise your rights by contacting us.

10. Complaints

If you are unhappy with how we process your data, you can contact the regulator:

Information Commissioner’s Office

Website: https://ico.org.uk

Telephone: 0303 123 1113

11. Changes to This Privacy Notice

We may update this privacy notice from time to time. Any significant changes will be communicated via our website or directly where appropriate.