Tradecraft exists to help organisations to be more secure. As part of that work, we routinely advise clients to minimise the amount of personal data that they collect and hold. The more data organisations keep, the more risk they must accept.
We take the same approach ourselves with the data that we hold: minimising what we collect, and keeping only what we need.
In order to be able to meet the obligations that we take on when we enter into a contract with our clients, we keep information about our clients and their teams to allow us to contact them and maintain effective continuity of service.
We use a third-party service, Google Analytics, to record information about visits to this website. We use this information to understand how to improve the site and make it more useful. We do not use this data to attempt to identify particular website visitors.
By accessing our website, you consent to these uses of this data.
If you contact us, we will retain your contact information indefinitely. We believe that it is in our legitimate interest to be able to keep track of queries, offers and other communications that we receive, and to be able to retrieve this information as needed.
If you choose to subscribe to a marketing newsletter, we will send you occasional emails containing marketing content. You may unsubscribe from these emails at any time.
We operate a mailing list for clients to which we add details of client staff provided to us when their employer enters into a contract with Tradecraft. This list is used to send clients occasional updates about changes to our services, our availability and other important developments. You may unsubscribe from these emails at any time, but if you do so, you may not receive important information pertinent to the services we provide you.
If you visit our offices, you will be asked to enter some basic information about yourself in our visitor log. We use these records to maintain the security of our of premises and staff, and to manage our office capacity.
We us a third-party service, Proxyclick, to collect information about visitors to our office. Read more about Proxyclick's privacy arrangements.
Our offices provide a Wi-Fi network for the use of guests. This Wi-Fi network does not record any information about users or their internet activity.
During our work, we may access personal data held by our clients. In general:
The personal data that we may retain after the conclusion of work are:
We operate private services that gather and collect items of open source intelligence. These items may include personal data. We collect this intelligence based on a set of rules designed to match confidential information which has entered the public domain. Most items collected are retained indefinitely, because we do not know at the time of collection what information may be relevant to client engagements carried out in the future.
We collect and use this information because confidential information which has entered the public domain is often used by malicious hackers as part of attacks. We use the information to provide as realistic and genuine an assessment of our clients' security as we can. The results of our work are then used to improve the organisational and technical measure our clients take to protect the data they hold. As such, we believe the collection and retention of this information is in our legitimate interests, and those of our clients.
GDPR gives you the right to access the data that we hold about you, and request that it be amended. If you would like to exercise this right, please send an email to firstname.lastname@example.org with "GDPR data accesss request" in the subject.
This policy is reviewed regularly, and may be changed without notice.