Privacy Policy

External Privacy Notice 

Last Updated: March 2024 

1. Introduction 

We ask that you read this Privacy Policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities if you have a complaint. 

​This Privacy Policy relates to your use of our website and our services. By using our website, you indicate your agreement to this Privacy Policy. If you register for our services, we will ask you to accept this Privacy Policy. 

This Privacy Policy does not cover any third-party websites which you may access from our website or by using our services. Such third-party websites will be governed by their own separate privacy policies. 

If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.  

2. Who we are and what we do 

Who we are 

We are CovertSwarm Limited (“CovertSwarm”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 12564314 and we have our registered office at International House, 36-38 Cornhill, London EC3V 3NG, United Kingdom. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO, in relation to our processing of Personal Data under registration number ZA888886. 

What we do 

CovertSwarm is a specialist red team of ethical hackers and penetration testers based in the UK. We are committed to protecting the privacy and security of the Personal Data we process about you.  

Controller 

Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it. 

3. Who this privacy notice applies to 

This privacy notice applies to you if:

  • You visit our website 
  • You purchase goods or services from us 
  • You enquire about our products and/or services  
  • You use our App 
  • You sign up to receive newsletters and/or other promotional communications from us  

4. What Personal Data is 

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.  

5. Personal Data we collect 

The type of Personal Data we collect about you will depend on our relationship with you. For the type of Personal Data we collect see the table below in the section entitled ‘Purposes, lawful bases and retention periods’. 

The personal information we collect about you may include:

  • your name, business address and contact details including telephone number, job title and email address 
  • details of any feedback you give us by phone, email, post, submission of a form from our website or via social media 
  • information about the services we provide to you 
  • technical data including Internet Protocol (IP) address details including your public browser type and version. 

We use this personal information for various reasons including:

  • confirm acceptance of your registration and create and manage your account with us 
  • verify your identity 
  • communicate with you to provide our services 
  • notify you of any changes to our services that may affect you 
  • improve our services 
  • for marketing purposes 

6. How we collect your Personal Data 

We collect personal information about you when you access our website, contact us, send us feedback, purchase services from us or complete customer surveys. We collect this personal information from you either directly, such as when you contact us or purchase services, or indirectly, such as your browsing activity while on our website (see “Cookies” below). 

7. Lawful bases 

When we use your personal information, we are required to have a legal basis for doing so. There are various legal bases on which we may rely, depending on what personal information we process and why. 

The legal bases we may rely on include:

  • consent: where you have given us clear consent for us to process your personal information for a specific purpose (e.g. for marketing communications which you are free to withdraw your consent at any time). 
  • contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. (e.g. for using our services). 
  • legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations, e.g. for requirements of the Financial Conduct Authority, Anti Money Laundering Regulations, accounting and taxation purposes and reporting requirements). 
  • legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (e.g. for marketing communications which you are free to opt out of receiving at any time or to improve our customer service, improve our website and improve our relationships with customers, suppliers and third party vendors). 

8. How we use your information 

We may process your information on the following lawful bases and for the following purposes (including but not limited to):

  • If you have an account with these companies and consent to cookies being placed on your device, your personal data may be shared with them so that they can serve you personalised advertisements when you are using their platforms or apps. Depending on the processing activity Meta or Google will be acting as a data controller and in some circumstances joint controller with us. 

Performance of contract:

  • To help manage your online account 
  • To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about 
  • Make available our products and services to you 
  • Process your orders 
  • Take payment from you or give you a refund 
  • To power our security measures and services so you can safely access our website and mobile apps 
  • Help answer your questions and solve any issues you have (please note we may record calls for training and monitoring purposes) 

Legitimate interests:

  • It is in our legitimate interest to keep you updated on our products and services in order to maintain high levels of engagement with you so we can provide you with the best products and develop our brand. We may process your data for the following purposes to do this: 
  • Personalise your shopping experience, for example we may provide you with details of products that match a product, which you may have purchased or enquired about previously 
  • Help us understand more about you as a customer, the products and services you consume, so we can serve you better 
  • Contact you about products and services from us 
  • Provide you with online advertising and promotions 
  • Carry out our marketing function 
  • For any competitions we may carry out 
  • To carry out any of the above activities in connection with any other brands owned or operated by CovertSwarm Limited and any of their related companies (including parent and subsidiary undertakings of CovertSwarm Limited). 

Legal obligation:

  • Fraud protection and detection to protect you from fraudsters and crime 
  • To comply with applicable data protection and information security laws 

9. Sharing your Personal Data 

Your Personal Data may be processed outside of the UK. This is because the organisations we use to provide our service to you are based outside the UK. 

We will also share personal information with:

  • law enforcement or other authorities if required by applicable law. 
  • third parties if there is a change in the ownership of CovertSwarm or any of our assets. 
  • FreshSales and Google for marketing and business development purposes. 

We will not share your personal information with any other third party. 

We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK.  

We do this by ensuring that:

  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or 
  • We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)). 

If you would like further information, please contact us (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the UK or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries. 

10. Marketing 

We would like to send you information about our services and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call. Our marketing practices are all carries out on the basis of legitimate interests which you have the option to opt-out. 

We will only ask whether you would like us to send you marketing messages when you tick the relevant box when submitting requests for assistance or information on any of the public web forms presented upon the www.covertswarm.com website. 

If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:

  • contacting us 
  • using the ‘unsubscribe’ link in emails 

It may take up to 10 business days for this to take place. For more information on your rights in relation to marketing, see ‘Your rights’ below. 

11. Cookies 

A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or another electronic device) when you use our website. Our website uses cookies. Please refer to our separate cookies policy to understand how we use cookies and how you can change your consent and preferences.  

12. Your rights and how to complain 

You have certain rights in relation to the processing of your Personal Data, including to: 

  • Right to be informed: You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this. 
  • Right of access (commonly known as a “Subject Access Request”): You have the right to receive a copy of the Personal Data we hold about you. 
  • Right to rectification: You have the right to have any incomplete or inaccurate information we hold about you corrected. 
  • Right to erasure (commonly known as the right to be forgotten): You have the right to ask us to delete your Personal Data. 
  • Right to object to processing: You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.  
  • Right to restrict processing: You have the right to restrict our use of your Personal Data.  
  • Right to portability: You have the right to ask us to transfer your Personal Data to another party. 
  • Automated decision-making: You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.   
  • Right to withdraw consent: If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so. 
  • Right to lodge a complaint: You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

Contact us | ICO

Or by telephone on 0303 123 1113.

For supervisory authorities in other countries within the EU see the link below: 

https://edpb.europa.eu/about-edpb/about-edpb/members_en 

How to exercise your rights

You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.  

If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.   

13. Keeping your personal information secure 

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. 

​We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 

14. How to contact us and our Data Protection Officer  

Please contact us if you have any questions about this Privacy Policy or the information, we hold about you. 

If you wish to contact us, please write to our Data Protection Manager at: Data Protection Manager, CovertSwarm, International House, 36-38 Cornhill, London EC3V 3NG, United Kingdom or email [email protected]. 

15. Changes to this privacy notice 

This Privacy Policy was published on 1/Mar/2024. 

​We may change this Privacy Policy (and any supplemental privacy notice), from time to time. Any changes will be posted on this page and, where appropriate, notified to you by email. 

You can find the previous version of this notice here.