Hogen Data Ltd is the Limited company we have registered with the UK Companies House.
We thought that was pretty boring so we trade under the Name ‘Trusthogen’…….We also offer products and services relating to the deep and dark web. We call this range of products ‘Dark Hogen’……..original hey!
So, when we say us, we, they, we mean Hogen Data Ltd, Trusthogen or Dark Hogen……….get it?
We wouldn’t be much of a privacy or cyber security firm if we didn’t try our best to secure your data, so anytime we hear from you, through phone, email, social media or any method they’ve dreamt up, we make sure its looked after…….we’re good like that!
Going forwards, if you have a question about the relationship between us and your personal data, you can probably find the information below.
Data Protection and other privacy regulations have been in the media a lot over the last few years. Data protection act 1998, 2018, GDPR, UK GDPR……..alot to remember right. So when we say Legislation or Laws, we mean all these rules!
Hogen Data Ltd will always be the Data Controller when dealing with your personal Information. As mentioned above, this includes that other names we dreamt up to make us look like a marketing powerhouse!
We’ve also registered our intention to process Personal Data with those guys over at the Information Commissioner’s Office. To be fair, they’re not a bad bunch. They even gave us this number you can search us with:
ZA780346
In case you ever want to write to us or validate our registration, our Registered Company Address is 86-90 Paul Street, Hoxton, London, EC2A 4NE
You can also email us via info@trusthogen.com. Our DPO is Gary Langrish and he can be contacted directly by emailing gary@trusthogen.com if that’s what you’d like to do!
On the off chance you’d like to send a letter in the post , please use the same address as above……….the London one!
So, you’ve heard how good we are, how we help protect businesses and prevent reputational disaster and save you loads of money. But what data do we need from you and when do we need it?
Its pretty simple to be fair…..you just fill out the contact form, or call us. It really is no more exciting than that. In future, we might even dabble in a few trade shows…….if that happens, we’ll point you towards this when capturing your information
If it’s just a general query, but you chose not to follow up or take one of our services, that’s cool too. We’ll probably only hold your email, name and phone number at this point. We’ll keep this for 3 months then delete it.
If you decide to come on board (and let’s face it, why wouldn’t you), we’ll probably ask for some additional information. Information that helps might relate to contact details, names of some ‘points of contact’ within your business, company name, your position held within the firm etc
We don’t really do much marketing (we don’t need to) and we don’t capture any clever information about you via cookies and visits to our website either. But if we ever do, we’ll ensure you have given informed consent.
Here’s a table explaining what information we hold, including the purpose for capturing it and the lawful basis we rely upon to process it. It might surprise you, but consent isn’t the only ‘kid on the block’. We might also rely on basis such as Contract, Legitimate Interest or Legal Obligation.
Data | Purpose | Lawful Basis |
Name | Facilitate Contact and create a file for you | Contract (preparation for entering into a contract also relies on this basis) |
Phone | Facilitate Contact and create a file for you | Contract (preparation for entering into a contract also relies on this basis) |
Email and physical Address | Facilitate Contact and create a file for you | Contract (preparation for entering into a contract also relies on this basis) |
Job Titles | To know who to ask for | Contract (preparation for entering into a contract also relies on this basis) |
Points of Contact | To help facilitate Discovery exercises in order to build an accurate picture of aggregated risks | Legitimate Interest |
We never share your data with anyone unless we have a very good reason. So when we get asked if we’d like to sell our data, the answer is always a resounding NO!
But there will be occasions when we might be obliged to share your data. For example, if Law Enforcement or other Government Agencies ask us for it. We’ll still make sure we follow the Principles of Good Data Protection regardless.
In the unlikely event that you decide to bring legal action against Hogen Data Ltd, we may need to share your information with legal third parties, to help defend our legal rights and argument.
We use Studio Inc to build our web pages, so perhaps they might get access to information stored within the site should there be an issue or maintenance required. This is rare, but these guys will be bound by Non Disclosure Agreements around this and other information they know about us.
In order to maintain good security of your data, we may store your information within databases such as Hubspot or similar CRM’s. We also have a panel of providers that may help deliver services on our behalf.
These affiliated partners may be given your data simply to facilitate contact. They will never market to you or be allowed to action your data in a way not specified in our Data Processing Agreement sections of supplier contracts.
Email services, cloud storage and other software used by us may also house your data. This is inevitable, but perfectly safe and secure.
We’re simply telling you all of this to be compliant, honest and open!…..oh, and its sort of like a rule within GDPR!
We don’t currently capture marketing preferences, so you’ won’t hear from us about that…..
However, if you are a Business and we believe you may have an interest in some of our services, we may reach out to you. Simply tell us you want to unsubscribe if you don’t want these emails…..we won’t be offended!
However, we are obliged to contact you about changes to this privacy notice and the way we process your personal data.
Likewise, if there were ever an incident with our IT that you needed notifying about, we’ll be sure to let you know.
7.1 The right to be informed
In short, we have a duty to tell you what data we are collecting and why. How do we do this? We’ll give you a clue……you’re reading it!
7.2 Right to Access Your Personal Information
Want to know what data we have about you? Simply ask us! It’s not a secret nor do we mind responding to Data Subject Access Requests. It’s free too! But remember, you can only ask for YOUR personal data, unless you are a third party with written consent and right to represent
7.3 Right to Rectification
Misspelt your surname? Recently married and want your new name on our database? Have your contact details incorrectly stored? Just tell us and we’ll change it. Alternatively, if something is potentially misleading, give us a shout and we’ll add some context to explain it
7.4 Right to Object or Restrict Processing of Your Data
If you need us to change the way we process your data, just ask. We’ll look into it and give you a full response on how we plan to act . You may not always have an absolute right to action the above and this might depend on the lawful basis we used when first processing your personal data
7.5 Right to Erasure
‘The Right to be Forgotten’ as someone once said…..
To be fair, we’ll normally keep data inline with our data retention policy, meaning you should never have to ask for your data to be erased. However, should you find something you’re not happy for us to retain, lets have a conversation.
7.6 Right to Portability
The right to portability gives you the right to receive personal data you have provided to the data controller.
Should you need this, we’ll pop it into a machine readable format and send it wherever you choose……..probably in Excel!
7.7 Complaints
If you’re not happy with a response to a rights request, you can contact the Information Commissioner’s Office. We’ll be happy to reply to their correspondence and come to a pragmatic solution .
When we process your personal data, we will typically use it to manage our excellent service offering to you. Even when our relationship ends however, we may be duty bound to hold this information for a statutory time period. This means that data isn’t deleted the day you decided to walk away.
In order to maintain transparency, we have a Data Retention Schedule which defines which data type is kept for how long! It’s a sizeable document, but typically we’ll keep DSAR request data for 3 years post request, invoicing and transactional data is kept for 7 years post relationship and complaint data for the same period. As mentioned above, shorter periods may come into force when you’re making an inquiry but it doesn’t come to anything………..3 months, tops!
Upon reaching the end of its life-cycle, we’ll delete or anonymise it!
We have a number of social media channels including Instagram and Linkedin. These are great tools for raising our profile and also for making it easier for you to contact us. This privacy notice will apply to all correspondence through these channels also, not just traditional email and telephone means
As you can imagine, this is kind of a big deal to a cyber security and privacy consultancy, so we apply appropriate controls to mitigate risks and safeguard your information. We raise staff awareness, ensure colleagues are trained and often simulate Phishing Attacks to prepare for hostile emails!
We also deploy class leading SOC services and threat intelligence solutions to ensure we’re doing all we can. But it’s not always as sophisticated as that. We always wear ID, challenge tailgaters into restricted areas and ensure robust Role Based Access is applied across our infrastructure. ‘If your names not down, you’re not coming in’ for desktop folders and CRM’s so to speak….if there’s no business need for access to certain data, staff don’t get escalated privileges!
Should the business be acquired, sold, merged, expanded etc, we’ll ensure the data we hold is dealt with correctly.
So where its justifiable, proportionate and necessary, we’ll transfer this data over to the new controller, where it is required to continue providing a service to you.
We reserve the right to change and update this notice when appropriate. Whilst most changes are small and administrative, we’ll be sure to add transparent version controls. We’ll also keep previous versions should you have a legacy issue to contest.
In the event that there is something we think you should be made aware of, we’ll contact you.
We endeavour to deliver world class products and services to you. However, should we fall short of your expectations, we’d ask that you give us a chance to rectify the issue or complaint in the first instance.
Our DPO is Gary Langrish and he can be contacted on gary@trusthogen.com.
020 4538 6669
If this fails, you reserve the right to make a complaint to the Information Commissioner’s Office. They can be contacted on:
Or by calling
0303 123 1113
This Privacy Notice was last updated on 05/07/2022 and is version 2.0
Trust Hogen is a leading independent managed security service provider (MSSP). We help companies keep their data safe and secure, and our services are used by local and global organisations.
Trust Hogen
Hoxton Mix
86-90 Paul Street
London
EC2A 4NE
Phone: +44 020 4538 6669
Email: info@trusthogen.com