May 23, 2018

Privacy Policy

Who we are

Our website address is:

Centric Security provides Information security assurance services, and consultancy. We are based in Wales, UK (Pontypridd). Centric Security Limited is committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws.  This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. The data controller of the personal data referred to in this policy is Centric Security Limited, 4 Ty’r Person, Church Village, Pontypridd, CF38 1UP.

Information Security

Centric Security Limited will take all steps reasonably necessary including policies, procedures and security controls to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this notice.

What personal data we collect

We don’t want to keep any of your data beyond what is absolutely necessary. Centric Security Limited may collect and/or create or otherwise obtain and process the following data about you:

1.    Information about you that you provide by filling in forms while registering for downloads, service or product sales applications or requests for information through our website;

2.    We may also ask you for information when you contact us through or make a complaint and, if you contact us, we may keep a record of that correspondence.

3.    We may also ask you to complete optional surveys that will be used to provide you with a more relevant customer experience, service reviews/feedback, or in some cases, to answer research questions. The type, purpose and use of this data will be clearly laid out at the time of request.

4.    Details of when you digitally interact with Centric Security Limited via our websites and other digital channels and the resources that you access which may include the use of cookies (subject to our Cookie policy).

5.    Information about emails and other communications we have sent to you and your interaction with them

Why we collect this information

Centric Security Limited will use your personal information to:

1. Ensure that content from our websites is presented in the most effective manner;

2. Carry out our obligations arising from any contracts entered into between you and Centric Security;

3. Provide you with information, products or services that you request from Centric Security Limited or which we feel may interest you, where we are legally entitled to do so;

4. Notify you about changes to our service;

Centric Security Limited will not use any of the personal information we collect from you to make automated business decisions.
The legal basis on which we collect and process the personal data described above depends on the personal information concerned and the specific context in which we collect it. However, we will only use your personal information where we:

1. Have your consent to do so;

2. Need the personal data to perform and deliver a contract in place with you;

3. Need to process your personal information for our legitimate interests and only where our legitimate interests are not overridden by your data protection interests or fundamental rights and freedoms;

4. Have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time, and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information).


When visitors leave comments on the site we collect the data shown in the comments form, and the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. We reserve the right to remove any images we deem necessary in order to ensure regulatory compliance and user satisfaction.

Contact forms

Any Contact form used on our sites are explicit communication between you and us. We will not pass your details to any other companies unless we gain specific direction from you to do so. By using the contact forms on our site, you agree for us to keep your email address on file for future communications. If, at any time, you wish for us to remove this information, you need simply instruct us to do so.

IP Addresses and Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic when you visit a website. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

In addition to the above we use third party cookies and pixels to advertise Centric Security Limited and our products across the internet (for example via Google AdWords Remarketing and other services). Remarketing will display relevant adverts tailored to you based on what parts of the Centric Security Limited website you have viewed by placing a cookie on your machine. This does not in any way identify you or give access to your computer. Remarketing allows us to tailor our marketing to better suit your needs and only display adverts that are relevant to you.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the Site. You can see a full list of cookies used on our websites here.

In addition to cookies, Centric Security Limited records the activity of users of our website for marketing purposes detailing the pages you visit on the website. We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration purposes. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website. You should not use this content if you are not happy for these websites to collect any information. Please visit the website’s privacy policies for clarity.


We use Statify to analyse site data.

Statify provides a straightforward and compact access to the number of site views. It is privacy-friendly as it uses neither cookies nor a third party.

Data PrivacyIn direct comparison to statistics services such as Google Analytics and Stats, Statify doesn’t process and store personal data as e.g. IP addresses – Statify counts site views, not visitors.

Absolute privacy compliance coupled with transparent procedures: A locally in WordPress created database table consists of only four fields (ID, date, source, target) and can be viewed at any time, cleaned up and cleared by the administrator.

Due to this tracking approach, Statify is 100% compliant with GDPR and serves as a lightweight alternative to other tracking services.

Period of data savingStatify stores the data only for a limited period (default: two weeks). Data which is older than the selected period is deleted by a daily clean-up job.

Who we share your data with

We don’t. We see no reason to share your data with anyone, after all, our services are to you and you alone. If you would like to share anything we produce for you, that is your property and your decision.

How long we retain your data

We will hold information about you in our data systems only for as long as we need it for the purpose for which we collected it, which is as follows:

1. As long as you continue to be an active customer in use of our services (including purchasing services/products, engaging with emails and downloading content) we will retain and process information about you. In such cases, you will be considered an ‘active’ customer. If you have not been ‘active’ as a customer for a period of three years, Centric Security Limited will annually delete/anonymise any personal data held relating to you.

2. Personal data gathered as part of the delivery of professional or managed services about you, or employees or customers will be maintained for the minimum document period as defined by regulation and/or legislation. If this is not defined then it will be held for a maximum of 3 years, after which point information is erased.

3. Personal data linked to the processing of insurance claims, subject access requests, disputes, disciplinary or police matters will only be kept for as long as it necessary for those purposes, as each is applicable.

4. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

5. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service. We do not envisage any transfer of information to any international destination. Our routine offsite backups may contain information that is stored on multiple locations, though this information will only be held within the European Union within the constraints of GDPR. Any details around where your data is held for backup purposes can be obtained by contacting us, as we may hold backup data in different locations for different customers.

Your Rights as a Data Subject

Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below:

1. Right to be informed – You have the right to know what data we collect and why and how we process it.

2. Right of access – You have the right to obtain a copy of information we hold about you

3. Right of rectification – If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it.

4. Right of erasure – You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data.

5. Right to restriction of processing – You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.

6. Right to Portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.

7. Right to Object – You have a right to object to our processing your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
Right to Withdraw Consent – You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent. You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below.

Changes to our privacy policy

Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by date-stamped communication.

Additional information

For any further information, please contact us via Email: