Privacy Policy

Last Updated: August 2025 | Effective Date: September 01, 2025

TL;DR: We collect minimal data necessary to provide cybersecurity services. We never sell your data. We implement enterprise-grade security for all data we handle. You have full rights to access, delete, or export your data at any time.

1. Data Controller & Contact Information

JAMEX Communications & NETWORKS Consultants LLC

Moynihan Court 21
Tallaght 24, Dublin Ireland
privacy@jamexnetworks.com
+1 000 000 000

Our Data Protection Officer (DPO) can be reached at: dpo@jamexnetworks.com

2. Data We Collect

A. Personal Information (Directly Provided)

  • Contact Form Data: Name, email, company name, phone number, job title
  • Service Engagement Data: Business contact details, authorized personnel information
  • Payment Information: Billing address, payment method details (processed securely via Stripe - we do not store card data)
  • Communications: Email correspondence, support tickets, meeting notes

B. Automatically Collected Data

  • Analytics: IP address, browser type, device information, pages visited
  • Cookies: Session management, preferences, Google Analytics (anonymized)
  • Security Logs: Login attempts, access timestamps, WAF logs

C. Client-Specific Security Data Sensitive

During VA-PT and security assessments, we may process:

  • Network vulnerability scan results
  • System configuration data (with explicit consent)
  • Identified security weaknesses and remediation guidance
  • Employee contact information for scope coordination

Important: We never access or process client personal data beyond what is necessary for agreed security services. All client data is encrypted in transit (TLS 1.3) and at rest (AES-256).

3. Legal Basis for Processing GDPR CCPA

  • Contract Performance (GDPR Art. 6(1)(b)): Delivering cybersecurity services you request
  • Legitimate Interests (GDPR Art. 6(1)(f)): Website security, fraud prevention, service improvement
  • Consent (GDPR Art. 6(1)(a)): Marketing communications, non-essential cookies
  • Legal Obligation (GDPR Art. 6(1)(c)): Tax records, audit trails

Under CCPA/CPRA: We do not "sell" personal information. All processing is for business purposes only.

4. How We Use Your Data

  1. Service Delivery: Conduct security assessments, generate reports, coordinate engagements
  2. Communication: Respond to inquiries, send service updates, schedule consultations
  3. Billing & Legal: Process payments, maintain audit trails, comply with regulations
  4. Improvement: Analyze website usage, enhance services, develop new offerings
  5. Security: Detect threats, prevent unauthorized access, investigate incidents

5. Data Sharing & Third Parties

We do not sell personal data. We only share with:

  • Service Providers: Stripe (payments), Google Analytics (website analytics), AWS (hosting)
  • Legal Compliance: When required by law enforcement or court orders
  • Business Transfers: In case of merger/acquisition (you will be notified)

All third parties are bound by Data Processing Agreements (DPAs) and maintain GDPR/CCPA compliance.

6. Data Retention

Data Type Retention Period
Contact Form Data 1 year after last contact
VA-PT Reports 3 years per contract
Security Logs 90 days
Analytics Data 14 months (anonymized)

You can request early deletion at any time (subject to legal requirements).

7. Your Rights GDPR CCPA/CPRA

Right to Access

Request a copy of all data we hold about you

Right to Erasure

Request deletion of your personal data ("Right to be Forgotten")

Right to Portability

Receive your data in a machine-readable format

Right to Object

Opt-out of marketing or profiling

How to Exercise Your Rights

  • Email: privacy@cybershield-consultants.com
  • Response Time: Within 30 days (GDPR) / 45 days (CCPA)
  • Verification: We will verify your identity before processing requests

8. Security Measures SOC 2 Aligned

As cybersecurity professionals, we implement defense-in-depth:

  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Access Controls: Role-based access (RBAC), MFA required, principle of least privilege
  • Monitoring: 24/7 SIEM monitoring, anomaly detection, alerting
  • Backups: Encrypted backups stored offsite, tested quarterly
  • Audits: Annual penetration testing, quarterly vulnerability scans
  • Personnel: Background checks, NDAs, security training
  • Incident Response: 4-hour breach notification policy, documented IR plan

Breach Notification: In the unlikely event of a breach affecting your data, we will notify you within 72 hours of discovery (GDPR) or without unreasonable delay (CCPA).

9. Cookies & Tracking Technologies

Essential Cookies

  • Session management, CSRF protection, login state
  • No consent required

Non-Essential Cookies (Require Consent)

  • Google Analytics 4 (anonymized IP, no cross-site tracking)
  • LinkedIn Pixel (for B2B marketing attribution)

You can manage preferences via our cookie banner or browser settings. Blocking essential cookies may break site functionality.

10. International Data Transfers

We operate globally but store data in:

  • Primary: AWS US-East-1 (Virginia), SOC 2 Type II certified
  • EU Clients: Data remains in EU (AWS Frankfurt) per GDPR requirements

All transfers use Standard Contractual Clauses (SCCs) where applicable.

11. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect data from minors. If we learn we have, we will delete it immediately.

12. Changes to This Policy

We update this policy annually or when regulations change. Changes are effective immediately upon posting on this page with an updated "Last Updated" date. For significant changes, we will:

  • Email clients 30 days in advance
  • Post a banner notification on our website

13. Complaints & Regulatory Authorities

If you believe we violated your privacy rights, please contact us first at privacy@cybershield-consultants.com.

You also have the right to file a complaint with:

  • US: State Attorney General (CCPA) or FTC
  • EU: Your local Data Protection Authority (find yours here)
  • UK: Information Commissioner's Office (ICO)
  • California: California Privacy Protection Agency (CPPA)

14. California-Specific Disclosures CCPA/CPRA

Do Not Sell My Personal Information: We do not sell data. No opt-out necessary.

Notice at Collection: We collect categories listed in Section 2 for business purposes only.

Sensitive Personal Information: We only process security data you provide for service delivery, with strict access controls.

Shine the Light Law: California residents may request information about third-party disclosures for business purposes.

15. Contact Us

Privacy Team: privacy@cybershield-consultants.com

Data Protection Officer: dpo@cybershield-consultants.com

Postal Address: 123 Cybersecurity Way, Suite 100, San Francisco, CA 94105

Response Time: Within 7 business days for inquiries

By using our website, you agree to this Privacy Policy. For questions about our practices, contact us anytime.

© 2024 CyberShield Consultants LLC. All Rights Reserved.