Privacy Notice

Your privacy means a lot to us

About This Notice

At Reddome, we understand the importance of your privacy and go to great lengths to ensure it is protected at all times.

This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services, including Reddome Academy, RedScan, and our Managed Security Service Provider (MSSP) solutions.

This notice is provided in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

Reddome Ltd is the data controller responsible for your personal data.

Company Name: Reddome Ltd

Registered Address: Suite 201 Antelope Walk Offices, Antelope Walk, Dorchester, England, DT1 1BE

Contact Email: info@reddome.org

Telephone: 0203 488 3929

What Personal Information Will We Collect About You?

When you interact with us in different ways, we may ask you for the following information:

  • Personal and contact details (name, email address, telephone number, and address)
  • Professional details (job title, company name, industry sector)
  • Information related to Reddome Academy enrolments (training history, certifications, assessment results)
  • Technical data (IP address, browser type, device information) for RedScan and SOC services
  • Information collected via cookies. Please refer to our Cookies Policy for more details on how we use cookies.

Special Category Data

We do not intentionally collect special category data (such as health information, religious beliefs, or biometric data) unless specifically required and with your explicit consent.

How and When Do We Collect Your Personal Information?

Directly From You

Most of the personal information we process is provided directly by you, including when you:

  • Contact our business in relation to one or more of our services
  • Enrol in Reddome Academy training programmes or certification courses
  • Request a quote for penetration testing, SOC, or MSSP services
  • Attend an event hosted by us
  • Provide your business card or contact details
  • Submit your CV or apply for a position via a job board or our website
  • Subscribe to our newsletter or marketing communications

Indirectly

We may also collect your information indirectly when:

  • An employee provides your contact details as an emergency contact or referee
  • We use publicly available internet resources to identify and contact individuals regarding relevant business opportunities
  • Our security monitoring tools (RedScan/SOC services) process technical data as part of service delivery
  • Third-party platforms where you have authorised the sharing of your data

Lawful Basis for Processing

Under UK GDPR, we must have a valid lawful basis to process your personal data. We rely on the following legal bases:

Purpose Lawful Basis
Delivering our cybersecurity services (penetration testing, SOC, MSSP) Performance of a contract
Processing Academy enrolments and training delivery Performance of a contract
Responding to enquiries and providing quotations Legitimate interests (to respond to potential clients)
Sending marketing communications (where consented) Consent
Improving our services and website functionality Legitimate interests (to improve user experience)
Complying with legal obligations Legal obligation
Recruitment and processing job applications Legitimate interests / Contract (pre-contractual steps)

Why Do We Collect Your Personal Information?

Although our core cybersecurity services do not primarily revolve around collecting and processing personal data, we may process personal data as part of delivering our services to clients, including:

  • Technical log data during security assessments and monitoring
  • User activity data when required for incident response investigations
  • Contact information for alert notifications and reporting

When acting as a data processor on behalf of our clients, we process data strictly according to their instructions and our data processing agreements.

How We Use the Personal Information You Provide

We may use the data you provide to:

  • Deliver and improve our cybersecurity services
  • Provide training and certification through Reddome Academy
  • Optimise your client experience
  • Process payments and manage accounts
  • Send service updates, alerts, and important notifications
  • Notify you of services or offerings that may be of interest to you (with consent)
  • Conduct security assessments and penetration testing as contracted
  • Provide 24/7 security monitoring and incident response

Data Processors and Third-Party Sharing

We do not provide your data to third parties for their marketing activities.

We may share your personal data with trusted third-party service providers who assist us in delivering our services. These include:

  • Cloud hosting providers for secure data storage
  • Payment processors for transaction handling
  • Email service providers for communications
  • Professional advisors (legal, accounting) where required

All third-party processors are contractually bound to process your data only on our instructions and in compliance with UK data protection law. We ensure appropriate safeguards are in place for any international data transfers.

When Acting as a Data Processor

When providing SOC, RedScan, or MSSP services to clients, Reddome may act as a data processor. In these cases, we process personal data on behalf of our clients according to their instructions and the terms of our data processing agreement.

How Long Do We Store Personal Information?

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected.

Our standard retention periods include:

  • Client records: 6 years after the end of the business relationship
  • Academy training records: 6 years from course completion
  • Marketing contacts: Until consent is withdrawn or 3 years of inactivity
  • Job applications: 12 months from application date (unless employed)
  • Security logs and incident data: As per client agreements, typically 12-24 months

In some cases, we may be required to retain data for longer periods to comply with legal or regulatory requirements.

Security and Confidentiality

As a cybersecurity company, we take the protection of your data extremely seriously. All information provided will be stored securely and used only for the purpose for which it was provided.

Our security measures include:

  • Encrypted storage and transmission of all personal data
  • Access restricted to authorised personnel on a need-to-know basis
  • Regular security assessments and penetration testing of our own systems
  • Staff training on data protection and information security
  • Incident response procedures for data breach management
  • Physical security controls at our premises

International Data Transfers

We primarily store and process your data within the United Kingdom and European Economic Area (EEA).

Where we transfer personal data outside the UK/EEA, we ensure that appropriate safeguards are in place, such as:

  • Transfers to countries with adequacy decisions from the UK government
  • Standard Contractual Clauses (SCCs) approved by the ICO
  • Other appropriate transfer mechanisms as permitted under UK GDPR

Links to Other Websites

Where we provide links to websites of other organisations, this privacy notice does not cover how those organisations process personal information. We encourage you to read the privacy notices on any external websites you visit.

Your Data Protection Rights

Under UK data protection law, you have rights that we must make you aware of. These include:

  • Right of access: To request a copy of the personal information we hold about you
  • Right to rectification: To request correction of inaccurate or incomplete information
  • Right to erasure: To request deletion of personal information where legally applicable (the "right to be forgotten")
  • Right to restrict processing: To request restriction of how we use your data
  • Right to data portability: To receive your data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means
  • Right to object: To object to processing based on legitimate interests, direct marketing, or research purposes
  • Right to withdraw consent: Where we rely on consent for processing, you may withdraw it at any time
  • Rights related to automated decision-making: To not be subject to decisions based solely on automated processing that produce legal or significant effects

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month of receipt. There is no fee for making a request, unless requests are manifestly unfounded or excessive.

Complaints

We take complaints about our privacy practices seriously. If you are unhappy with how we have handled your personal data, please contact us in the first instance, and we will endeavour to resolve your concerns.

Information Commissioner's Office (ICO)

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO).

Website: www.ico.org.uk

Telephone: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

Contact Us

If you have any questions about this Privacy Notice, wish to exercise your rights, or have concerns about how we handle your personal data, you may contact us:

Email

info@reddome.org

Telephone

0203 488 3929

Post

Reddome Ltd
Suite 201 Antelope Walk Offices
Antelope Walk, Dorchester
England, DT1 1BE

This Privacy Notice was last updated on 8 February 2026