Privacy Policy

DCT Security Limited trading as DCT Security is dedicated to ensuring that your privacy is protected. 

Here forth, in this privacy notice we set out the basis on which any Personal Data we collect from and about you, or that you or your employer provide to us about you, will be processed by us. 

Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it. 

DCT Security Limited are the operators of this website, dctsecurity.com and the affiliated application on the website godeep.ie.  The goDeep platform is a SaaS business cyber security awareness training & simulated email phishing platform.  

DCT Security Limited is a registered company operating in the Republic of Ireland, falling under the requirements of the Data Protection Acts 1988 and as amended in 2003 and as of 25 May 2018, the General Data Protection Regulation (GDPR). DCT Security Limited trading as DCT Security of Joanhurst, Castle Rd., Blackrock, Cork, Ireland is both the Controller and Processor of Data.

CONTACT DETAILS

If you would like to contact us with any queries or comments in relation to your Personal Data, please:

Send an e-mail to privacy@dctsecurity.com

Send a letter to our registered business address:

     DCT Security Limited, Joanhurst, Castle Road, Blackrock, Cork.

DATA WE COLLECT AND PROCESS

We will collect and process the following Data about you:

-Information you give us

This is information about you that you or your employer give us by corresponding with us by phone, e-mail or otherwise. It includes the information you or your employer supply us with when, you or your employer, engage us to provide security awareness training, email phishing simulation, publicized data breach monitoring, penetration testing or cyber security consultancy services.  The information you or your employer give us may include, but is not limited to- your name, address, e-mail address, phone number, financial information.

Information we collect about you

You are not obliged to provide us with your personal information, you may decide to share with us your name, phone number and email address or other Data.  This information is essential for us to provide our services to you. 

Information provided to us

We may be given Data related to you by other persons. Your contacts or employer may decide to share with us Data such as your name and email address. This information is essential for providing our training services and essential for us to provide our service to you. 

Information the platform goDeep collects about each user includes:

1. First & Last Name
2. Email address
3. Response to email phishing simulations
4. Type of email phishing simulation sent out & response
5. Training progress or status
6. Department
7. Test attempts & Test results
8. If the user's email address appears in a Publicised data breach

WHY WE PROCESS YOUR DATA

We process your Data in order to comply with legal obligations to which we are subject, to perform the services you, or your employer, have requested of us, or to take steps at your request prior to undertaking to provide services for you. We do this because, you or your employer, have consented to our processing of your Data or for the purposes of our legitimate interests, such as to inform you of changes to our services or to provide you with information about other services we offer. 

HOW WE USE YOUR DATA

We gather and use your information to:

•         allow us to provide you with security awareness training, phishing simulation email exercises and security consultancy

•         comply with legal obligations we might be subject to (such as anti-money laundering)

•         provide you with information about other services we offer that are similar to those you have already requested of us or enquired about

•         notify you of changes to our services

•         monitor and improve the quality of our services, websites and platform

•         advertise our services or products

WHO WE SHARE YOUR DATA WITH

DCT Security Limited do not share your information with agents, contractors or partners of DCT Security Limited. 

We may disclose or share your Data in order to comply with any legal obligation or in order to enforce or apply Terms and Conditions.

Your goDeep user Data may be accessible to the system administrator(s) of your employer on the goDeep platform.

Our agents, contractors or partners are restricted from using your Data in any way other than to provide services for DCT Security Limited. DCT Security Limited requires that all such agents, contractors or partners enter into contractual guarantees to observe security and privacy obligations as least as stringent as those set forth in this privacy statement.

DATA SECURITY

We take our data security responsibilities seriously, employing the most appropriate physical and technical measures, including staff training and awareness. 

DCT Security use stringent Role Based Access Policy to ensure segregation of duties, only allowing personnel access to Data that they require to perform their duties.  

Unfortunately, the transmission of information by means of the internet, including through e-mail, is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Data transmitted to or from us by means of e-mail, phishing simulation email or text message and any such transmission is at your, or your employer's own risk.

VISITORS UNDER 13 YEARS OLD

Our website and services are targeted at businesses and are not meant to be used people under 13. We do not purposefully gather data on users of our application or website who are under 13. If you are under 13, please do not share your personal data with us through our contact forms or social media. 

DATA RETENTION

It is our aim to only hold your Data for as long as this is necessary. Unless otherwise required under applicable law, we store your Data for as long as we provide services to you or your employer and for a period of no less than seven years from the termination of contractual agreements.

DELETING goDeep USERS:

As the goDeep platform is a service provided to employers, the system administrator holds the ability and responsibility for deleting user accounts when a user ceases to be an employee of the organization.  If you are a user from an organization we recommend that you reach out to your organization's goDeep account administrator and exercise your rights under GDPR to be deleted. Otherwise DCT Security Limited will need to contact the user's company administrator for the user regarding any queries from individual or external users about deleting user goDeep training data. 

MARKETING

We may contact you by mail, email and telephone about our services and other events involving or relating to DCT Security Limited which may be of interest to you. You have the right to ask us to stop processing your Personal Data for direct marketing purposes. If you wish to exercise this right, please send us an email to privacy@dctsecurity.com with a subject line that says “Unsubscribe”.

COOKIE POLICY

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. 

Our website uses the following categories of cookies:

•  “Session cookies” – these keep track of you while you navigate our website, and will be deleted from your computer when you close your browser 

DCTSecurity.com currently has a cookie in use to enable Google Analytics. Our Google Analytics’ cookie monitors dctsecurity.com user’s website browsing experience while on the website. 

We have the following cookie on our website DCTsecurity.com:

Name of Cookie: dps_site_id

Purpose of Cookie: This is a session cookie to optimize speed & performance of the website

DCT Security's cyber awareness platform, goDeep, uses the following cookies:

•  “Session cookies” – these keep track of you while you navigate the goDeep platform allowing users to remain logged in while doing modules or administration. The cookie tracks user progress in the training and tests. The cookie does not track user activity on other sites and is deleted when the user logs out.

We have the following cookie on the goDeep platform:

Name of Cookie: PHPSESSID.

Purpose of Cookie: This is a session cookie to keep users logged in and keep track of the goDeep platform's user activity and training.

GOOGLE ANALYTICS

When a user is browsing on the company website, we do not share their personal information with third parties. Only aggregated, anonymized Data is periodically transmitted to an external service, Goggle Analytics (traffic analysis, SEO optimization) to help us improve the DCT Security Limited website and service. 

The dctsecurity.com website uses Google Analytics to monitor website performance, analyse the website traffic and current user content engagement. The Data, Google Analytics provides DCT Security, includes amongst other things, a user’s general geographic location (town and country), returning vs new visits and interactions with the site. The information gathered does not uniquely identify the user or contain PPI, only the user’s actions while browsing the website content.

To learn more about how Google utilizes the data collected with Google Analytics please refer to their policy here:  https://policies.google.com/privacy 

When a user visits the DCTSecurity.com website, Google Analytics places a cookie on the user’s browser which contains a unique ID. We have set up Google Analytics to anonymize our website user’s IP Address and use the anoymized unique ID while on our website. 

THIRD PARTY SOCIAL MEDIA SHARE BUTTONS

The website uses social buttons provided by the services Twitter, Google+, LinkedIn, Instagram and Facebook. Your use of third party services, while on our website, is entirely optional. DCT Security Limited is not responsible for the privacy policies and/or practices of third party services, and an individual user is responsible for reading and understanding those third party services’ privacy policies. 

LINKS TO OTHER WEBSITES

There may be links shared on our website that connect to other websites. Clicking links online has risks, always take steps to stay safe by only going to websites that are known to you and have an SSL certificate. If you follow a link from our website to another website please be aware that  your use of third party services, websites or applications, linked to on our website, is entirely optional. DCT Security Limited is not responsible for the privacy policies and/or practices of third party services and websites, and an individual user is responsible for reading and understanding those third party websites and services’ privacy policies. 

ADVERTISING

Our Company uses cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device. Our Company sometimes shares some limited aspects of this Data with third parties for advertising purposes. We may also share online Data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

PAYMENTS

All payment arrangements for our product are made directly to our Irish Bank. Customer invoices will contain DCT Security's bank account information.  No member of staff or employee of DCT Security Limited will contact you via email. text, chat of phone for financial information. We do not have or use an online payment system. 

WHERE WE STORE YOUR INFORMATION

DCT Security Limited stores your information in a secure, ISO27001 accredited, EU tenancied, cloud environment. No physical files are stored in our office or archives. Electronic files are stored on our secure servers and in the cloud. We do not transfer your data to, or store it, at any destination outside of the European Union. If there was a need to transfer your data in such a way, we would ensure appropriate safeguards are in place. You may contact us via e-mail, letter or telephone in case you wish to find out more or to obtain a copy of the appropriate safeguards at privacy@dctsecurity.com.

YOUR RIGHTS

You have the right to request that we:

•         inform you whether we process your Data, provide you with details relating to our processing, and with a copy of your Data

•         rectify any inaccurate data we might have about you without undue delay

•         complete any incomplete information about you

•         erase your personal data without undue delay.

•         are restricted from processing your data

•         furnish you with the personal data which you provided to us in a structured, commonly used and machine readable format

•        opt you out or unsubscribe you from our marketing, if you wish to unsubscribe please email us at privacy@dctsecurity.com and request to unsubscribe.

Where we process your data solely on the basis of your consent, you are entitled to withdraw your consent at any time. This will not affect the lawfulness of our processing before the withdrawal.

You also have the right to lodge a complaint with the Data Protection Commissioner at any time. 

The exercise of your rights might be subject to certain conditions prescribed by law and we might require further information from you before we can respond to your request.

You may exercise your rights by contacting us at the addresses or e-mail address privacy@dctsecurity.com. 

Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact the Data Protection Commissioner through their website contact form or telephone.

website: dataprotection.ie

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Ireland

phone:  076 110 4800  or  057 868 4800 

CHANGES TO STATEMENT

We may update this privacy statement from time to time and will publish such updated version on our website, as appropriate.

This privacy notice has been updated and is effective from April 14, 2021