Privacy notice

Let’s cut to the chase.

Who we are, what we do, and how we use your data

We’re ISO Serious, a company dedicated to helping startups and scaleups achieve ISO 27001 certification risk free.

If you contact us about our services, we’ll capture whatever information we need to respond to you, and rely on ‘legitimate interests’ to do this. We retain this information for up to 2 years, unless we need it for legal or contractual reasons, which we’re hoping we won’t. In these cases we’ll keep it for as long as we need to. All of this is done via Gmail and Gdrive, from Google, and Squarespace.

Before we do any work together, we’ll ask you some background questions about yourself and your company to give us some context before we give you a quote. At this point, we’ll rely on ‘legitimate interests’ to do this, and will retain your data on Gmail, Gdrive, Reclaim Inc. for no more than 2 years, unless we work together.

If we do any work together, we’ll provide you a privacy notice specific to that work before we start. This is to save you time reading through all of that now, and means you only need to read that when you actually need to understand it.

If you sign up to our mailing list, you’re doing so because you’ve consented, and you can withdraw that anytime. We use Squarespace to manage this.

We might send you some emails, because we think you might be interested in our services. And we need to make money. So, it’s in both our ‘legitimate interests’ - which is great because that’s also the lawful basis to process this data. Similar to the newsletter, you can just unsubscribe we we won’t contact you again. Also managed via Squarespace.

Many of the companies named above are based in the good ol’ USA, but we always make sure we put the right safeguards in place before sharing your data with them, such as Standard Contractual Clauses, an International Data Transfer Agreement, or relying on these companies getting themselves involved in the EU-US Data Bridge, which the UK piggybacks off of. That’s a long sentence, but we have to tell you.

Cookies

You might have noticed a lack of cookie banner. That’s because we don’t use any non-necessary cookies, and that’s because we don’t need them.

The only cookies that should be dropped on your device are functional ones that make the website work. If you ever spot one that you think is a non-necessary one, let us know.

Contacting us

Reach out to our Co-Founder at tom@isoserious.com. Easy.

Your rights

UK GDPR gives you rights over your personal data. You can do the following:

  • you can access personal data held by us

  • you can correct any personal data we hold if it’s incorrect, and you can show us that

  • you can ask us to erase any personal data that we hold or use without a legitimate purpose to to so

  • you can get a machine readable copy of personal data that you we’ve got about you whenever that’s under consent or under a contract. If we work together, this won’t be much more than your name, email address, and phone number.

  • you can ask us to stop processing any personal data relating to you that we don’t have a legal or contractual obligation to process. If we’re contacting you under legitimate interests, and you tell us you don’t want us to, we’ll stop, no questions asked.

  • you can prevent any wholly automated decisions involving personal data but we don’t do this so it’s a waste of time asking us to not do this. We have to tell you about this, though.

Complaints

If you’re not happy, you can complain to the ICO. Their details are at www.ico.org.uk. However, we’d really rather you spoke to us first. We can probably sort it out between us.

Fin.