Policy last updated in July 2014
This is the website of IsecT Ltd. Our address is: Castle Peak, 1262 Taihape Road, RD9 Hastings 4179, New Zealand. We can also be reached at any time by email through info (at) isect (dot) com or during New Zealand office hours please telephone +64 6874 3344.
IsecT Ltd. respects your right to privacy, just as we expect you to respect ours. Given our professional expertise, we truly understand the implications of privacy and data protection, but we are merely human and we rely on all manner of technology and service providers. Unfortunately, we cannot offer you an absolute guarantee of privacy or security but then nobody truly can. We promise to do the best we possibly can.
We are a New Zealand company, registered and based in New Zealand and governed by the laws of - you guessed it - New Zealand. We comply with the Privacy Act in letter and in spirit, and support the OECD’s privacy principles. That means we take care to keep any personal data we hold confidential, complete and accurate, and we try not to collect any more information than we need for our legitimate business purposes nor do we keep it longer than necessary. We comply with other laws relating to information security and of course applicable laws and regulations relating to corporate governance, financial control, the environment and so forth. We even stick to the speed limit.
Use of personal data
The following two paragraphs do not apply to those who send us unsolicited emails or junk mail:
We would like to establish a reasonable commercial dialogue with colleagues, clients and potential clients, website visitors and other interested parties who contact us. This is why we record details such as names, phone numbers and email addresses from some of the people who contact us. We do not and will not release your email address, telephone number, name or any other personal information to anyone else unless we are required to do so by an enforceable court order. We may use the information you supply to contact you directly by email, post or telephone but if you wish us to stop, simply tell us and we will do so. It’s up to you. We avoid send marketing blurb, advertising or promotional materials unless requested.
Upon request, we can provide you with access to contact information you have supplied to us (e.g. name, address, phone number) in order for you to check, update and/or delete the details. We will validate any such requests before supplying the information in order to prevent unauthorized access to the data. We have appropriate information security measures in place to protect the information that we have collected from you against loss, misuse, disclosure or alteration. We are information security specialists after all!
We record all the information we can regarding spammers, scammers, 419ers, phishers, fraudsters and anyone else who sends us unsolicited emails or junk mail, and we often take action against them. Depending on the circumstances, we may or may not do any of the following:
Contact their ISPs, web hosting companies, email service suppliers and anyone else who’ll listen to complain;
Pass their details to the companies whose good names are being besmirched;
Liaise with the police and other authorities (such as tax);
Liaise with industry bodies and like-minded professionals who are fighting the scourge;
Pillory the ridiculous claims, outrageous but unfounded threats and poor English;
Other things that we are not at liberty to reveal.
Information collected from website visitors
For each visitor to our website, the webserver automatically gathers information such as the visitor's IP address and browser type. The information from our webserver logs is used in aggregate for statistical purposes to track usage of the website (e.g. the number of unique visitor IP addresses indicates approximately how many unique visitors we have) and to help us improve the website (e.g. we identify and repair broken internal hyperlinks using the log file records of ‘page not found’ messages). We do not normally take any notice of the individual IP addresses of our visitors, except in circumstances where we suspect a security incident may have occurred. Such information may then be used to trace connections and investigate possible incidents but if nothing turns up, it will not be used in any other way.
Our office is connected to the Internet through telecommunications services provided by the usual range of commercial telecomms suppliers. They potentially have access to all data coming to and from the office systems through the network, and can potentially read any information which is transmitted through the network connections in cleartext (i.e. not encrypted). Our website hosting and related services such as email are provided by commercial companies that potentially have access to any information your system sends to the website, emails to us etc. These are straightforward commercial services with minimal security and privacy implications as far as we can ascertain. All our service providers have broadly similar privacy policies to ours.
Advertising and promotion on our websites
We have commercial relationships with certain other companies that we occasionally allow to place advertisements on our web sites in return for sales commission or advertising income. As a result of your visit to our sites, advertisers may collect information such as your IP address and clickstream information (whatever that means!). We take care to select companies that commit to broadly similar privacy policies to ourselves, and especially to avoid any hint of spam. For further information, please check the advertisers’ policies. If you object to their policies, simply ignore the ads.
Hacking, vulnerability assessment, pen testing etc.
Ethics, integrity and professional competence are our core values. We do not engage in “hacking” (regardless of hat colour), “social engineering”, “exploits”, “penetration testing”, “vulnerability analysis/research”, “gap analysis”, “risk assessment”, “port scanning”, “competitive intelligence/competitor analysis” or indeed anything similar UNLESS we are explicitly commissioned to do so by the organization concerned ... in which case we absolutely insist on getting written permission in advance from Someone In Charge.
Changes to this policy