Policy last updated: 11th December 2006
Contact details
This is the website of IsecT Ltd., an independent consultancy. Our company address is: Dunard, 365 Okirae Road, RD7, Wanganui, New Zealand. We can also be reached at any time by email through info (at) isect (dot) com or call +64 634 22922 during New Zealand office hours.
Guiding principles
IsecT Ltd. respects your right to privacy, just as we expect you to respect ours. Given that we are IT governance professionals, we truly understand the implications of privacy and data protection but we are human too. Unfortunately, we cannot offer you an absolute guarantee of security.
Governing laws
We are a New Zealand company registered in New Zealand and governed by New Zealand law. We comply with the Data Protection Act in letter and in spirit, and uphold the data protection principles. That means we take care to keep any personal data we hold confidential, complete and accurate, and we try not to collect any more information than we need for our legitimate business purposes nor do we keep it longer than necessary. We comply with other laws relating to information security and of course applicable laws and regulations relating to corporate governance, financial control and so forth.
Use of personal data
We would like to establish a reasonable commercial dialogue with colleagues, clients and potential clients, website visitors and other interested parties who contact us. This is why we record details such as names, phone numbers and email addresses from the people who contact us. We do not and will not release your email address, telephone number, name or any other personal information to anyone else unless we are required to do so by an enforceable court order. We may use the information you supply to contact you directly by email, post or telephone but if you wish us to stop, simply tell us and we will do so. It’s up to you. We avoid send marketing blurb, advertising or promotional materials unless requested.
Upon request, we can provide you with access to contact information you have supplied to us (e.g. name, address, phone number) in order for you to check, update and/or delete the details. We will validate any such requests before supplying the information in order to prevent unauthorized access to the data. We have appropriate information security measures in place to protect the information that we have collected from you against loss, misuse, disclosure or alteration. We are information security specialists after all!
Information collected from website visitors
We do not use cookies (except those nice ones with the chocolate and peanuts). We do not use or condone spyware, adware, keystroke loggers, phishing, Trojans, worms, viruses or a zillion other unethical and unsavoury practices. We hate spam. Detest it in fact.
For each visitor to our website, the webserver automatically recognises information such as the visitor's IP address and browser type. The information from our webserver logs is used in aggregate for statistical purposes to track usage of the website (e.g. the number of unique visitor IP addresses indicates approximately how many unique visitors we have) and to help us improve the website (e.g. we identify and repair broken internal hyperlinks using the log file records of ‘page not found’ messages). We do not normally take any notice of the individual IP addresses of our visitors, except in circumstances where we suspect a security incident may have occurred. Such information may then be used to trace connections and investigate possible incidents but if nothing turns up, it will not be used in any other way.
Our office is connected to the Internet through telecommunications services provided by the usual range of commercial telecomms suppliers. They potentially have access to all data coming to and from the office systems through the network, and can potentially read any information which is transmitted through the network connections in cleartext (i.e. not encrypted). Our website is hosted by a commercial hosting company that potentially has access to any information your system sends to the website. We also use their services and those of other third parties to send and receive email. These are straightforward commercial services with minimal security and privacy implications as far as we can ascertain. All our service providers have broadly similar privacy policies to ours.
Advertising and promotion on this website
We have commercial relationships with certain other companies that we occasionally allow to place advertisements on our web pages in return for pay-per-click and/or sales commission. As a result of your visit to our site, the advertisers may collect information such as your IP address and clickstream information (whatever that means!). We have taken great care to select advertising companies that commit to broadly similar privacy policies to ourselves, and especially to avoid any hint of spam. For further information, please consult the privacy policies of www.amazon.com and www.cccure.org who provide a few advertisements on our website. If you object to their policies, simply ignore the ads.
Hacking, vulnerability assessment, pen testing etc.
Ethics, integrity and professional competence are our core values. We do not engage in “hacking” (regardless of hat colour), “social engineering”, “exploits”, “penetration testing”, “vulnerability analysis/research”, “gap analysis”, “risk assessment”, “port scanning”, “competitive intelligence/competitor analysis” or indeed anything similar UNLESS we are specifically commissioned to do so by a client ... in which case we absolutely insist on getting written permission in advance from an officer of the company concerned.
Changes to this policy
From time to time, we may use visitor contact information for new, unanticipated uses not previously disclosed in our privacy policy. If our information practices change at some time in the future we will post the policy changes here on the website. If you are concerned about how your information is used, you should revisit our website periodically but please rest assured that we have absolutely no intention of ever sending you spam ourselves, nor of passing your details to spammers. Spam is repulsive. We utterly detest spam. Yuk.
Compliance
If you feel that we are not complying with our stated privacy policy or if you have concerns about our use of your personal data, you are very welcome to contact us at any time. We will make all reasonable efforts to ensure that any privacy concerns are settled to your complete satisfaction. Finally, if you would like some assistance to develop or review your own security policies, standards and controls, please contact us. Normal consultancy terms apply!
|
