Privacy Policy

About Us

For the purposes of data protection legislation, the "processor" is Zen Risk Limited (trading as DynaRisk), incorporated in England and Wales under company number 09052805, with a registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. Contact: info@dynarisk.com.

Definitions

• Personal Data: Any information relating to an identified or identifiable individual.
• Processor: Under GDPR, a data processor is an individual, company, or organization that processes personal data on behalf of a data controller. This means that we handle data for a specific purpose determined by the controller. We do not have control over the data themselves, but act under the controller's instructions.

Under GDPR, a data controller is a company, or organization that determines the purposes and means of processing personal data. In essence, we decide why and how personal data is collected, stored, and used. The data controller bears the main responsibility for ensuring compliance with GDPR principles.

Information We Collect

• Directly from You (may include any or all of the following):
  • Contact details (name, email address)
  • Employment sector details
  • Information stored on electronic devices
  • Online activities
  • Security vulnerabilities and device information
  • Data required for generating your security score
• From Other Sources:
  • Any other data as instructed by the data controller from time-to-time.
• Employer-provided information (for corporate users):
  • Public domain or deep web data to detect breaches

Where SaaS products are purchased directly from the DynaRisk website DynaRisk acts as the data controller.

Purposes and Legal Bases for Processing (this may include but is not limited to the following)

• Necessary for Contract:
  • Registration, identity verification, service provision, billing, customization
• Legitimate Interests:
  • Fraud detection and prevention
  • Security vetting
• Legal Obligations:
  • Compliance with law enforcement requests or court orders
• Consent:
  • Where required by law for specific activities
• Statistical Purposes:
  • Anonymized and aggregated data used for research and analysis

Marketing Communications

Where authorised to do so we may contact you about our services as a Data Controller unless you opt out by contacting info@dynarisk.com unless otherwise authorised this is not typically the case as a Data Processor.

Automated Decision-Making

Where automated processing is used to generate security scores, you have the right to request human intervention, express your opinion, and contest the decision.

Information Sharing

We may share your personal information with:

• Employees (and if so authorised) consultants and service providers.
• Law enforcement agencies if legally required

All third-party service providers are subject to contractual obligations to safeguard your personal information.

International Data Transfers

If so authorised to do so in our contract with you, we may transfer your data outside the UK/EEA, applying:

• Transfers to countries with an Adequacy Decision**; or
• The 2021 Standard Contractual Clauses (SCCs) for appropriate safeguards.

** For clarification an "adequacy decision" in data protection refers to a formal recognition by the European Union (EU) that a country, territory, or international organization provides a level of data protection that is "essentially equivalent" to EU standards. This allows for the free flow of personal data between the EU and the recognized jurisdiction without requiring additional safeguards, like Binding Corporate Rules or Standard Contractual Clauses.

Security of Your Information

We implement appropriate technical and organisational measures to secure your personal data, including encryption, access controls, and regular security reviews as defined under GDPR.

Data Retention

We retain personal data only for as long as necessary for the purposes set out in this Policy, or to comply with legal obligations.

Your Rights

You have rights to:

• Access your data
• Correct inaccuracies
• Erase your data (in certain circumstances)
• Object to specific processing where applicable.
• Data portability where applicable.
• Withdraw consent (where processing is based on consent)

Requests: Email info@dynarisk.com. We shall respond within one month.

Children's Privacy

Our services are not intended for individuals under 18 years old. We do not knowingly collect data from children.

Cookies

We use cookies on our website. See our Cookies Policy at https://www.dynarisk.com/cookies-policy for more information.

Google reCAPTCHA

Our website uses Google reCAPTCHA to enhance security. Please review Google's Privacy Policy and Terms of Use.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via our website or direct communication where appropriate.

How to Contact Us

Questions, comments, or requests? Email us at info@dynarisk.com.

Regulatory Authority

If you have concerns that we are unable to address or are not happy with how we have addressed your concerns, you may contact the Information Commissioner's Office (ICO): https://ico.org.uk/.