Privacy Policy

This page contains our:

1. Website privacy policy

1.1 Who we are

We are Context Information Security Ltd. (Context), a company registered in England and Wales under registration number 3574635 and our registered address is Context Information Security, 11 Westferry Circus, London, E14 4HD.

We are committed to ensuring that your privacy is protected. This policy sets out the basis on which any personal information we collect from you, or that you provide to us via our website, will be processed by us.

1.2 What do we do with your data?

We only collect identifiable personal data or information that is specifically and voluntarily provided by a visitor to our website, or by corresponding with us by phone, email or otherwise. We receive limited identifiable information which can include the following:

  • Name, title, company address, email address
  • The device you use to access the website including information such as: your IP address, location, time, the browser you use, your operating system and the pages you visit.

Typically, identifying information is collected to:

  • Subscribe to our events
  • Enquire for further information
  • Interact with us on social media platforms (such as Facebook or Twitter)
  • Distribute requested reference materials

1.3 Legal Basis for collecting your data

When you submit your data via our website forms we request consent from you to contact you regarding topics that may be of interest you. If you do not provide this consent then we are unable to process or store your data. Once you have provided consent you can withdraw this via our preference centre at any time.

If we have your information because we have been working with your organisation within the past two years then you may receive email communications from us from time to time under the legal basis of legitimate interest on items that we think may be relevant to you. You can opt out of these communications at any time.

1.4 Who we share your data with

We will not sell, distribute or lease your personal information to third parties unless we have your explicit permission or are required by law to do so.

Any information you submit via our website is processed through our email automation platform, Act-On, or if you sign up to one of our webinars it is processed via the webinar
platform GoToMeeting. You can read more about Act-On’s privacy policy here and GoToMeeting’s Privacy Policy here.

Our website uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page.

1.5 International data transfers and security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

1.6 How long we hold your information

We will only hold your data for as long as it is relevant or as long as we have your consent to do so. We will routinely provide you with the opportunity to update your preferences or unsubscribe from us contacting you. If there is no contractual or legal reason for us to retain your data and you unsubscribe from us contacting you your data will be removed from our systems within the following 6 months.

1.7 Your rights

You may request details of personal information which we hold about you under the General Data Protection Regulation and / or you can request that we erase your data at any time, such requests should be submitted in writing to [email protected] You should expect a response within 1 month.

1.8 What happens if you don’t provide your information?

We would be unable to share our insights and guidance with you and we would not be able to inform you of our upcoming events or webinars. If you choose to disable cookies this is likely to affect the functionality of our and many other websites that you visit. Disabling cooking will usually result in also disabling certain functionality and features of this site.

1.9 Data Controller details

Our data controller and Data Protection Officer is Jason Dewar, Standards & Compliance Manager. You can contact him regarding your data at: [email protected] or calling +44(0)20 7537 7515.

1.10 Concerns or complaints

To contact us about any concerns or complaints you may have in relation to your data, email: [email protected] or call +44(0)20 753 7515.

If you believe your rights are being violated you can complain to the ICO in the UK, their full details can be found on their website here:

1.11 Where we got your information from

We only retain data provided by you via our website forms and we only use it for the purposes for which it was provided to us as stated at the point of collection.

2. Recruitment Privacy Notice

Privacy notice for job applicants, current and former Context Information Security Employees.

2.1 Introduction

Context Information Security is the data controller for the information you provide during the process, unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at [email protected]

2.2 How we use the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

2.3 What information do we ask for and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for employment. You do not have to provide what we ask for but it might affect your application if you do not.

2.3.1 Application Stage

If you use our online application system, this will be collected by a data processor on our behalf (please see below).

We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, salary expectations, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.

2.3.2 Shortlisting

Our hiring manager’s shortlist applications for interview and will be provided with the details submitted as part of your application. 

2.3.3 Assessments

We might ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a technical exercise or we might take interview notes. The assessment of your performance will be held within our applicant tracking system, Lever. Context Information Security will have access to this information.

If you are unsuccessful in the selection process for the position that you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of 24 months. If you say yes, we may seek to contact you should any further suitable vacancies arise.

2.3.4 Final Offer

If we make an offer of employment we will ask you for information so that we can carry out pre-employment checks or to progress visa sponsorship applications. In certain situations, a final offer may be conditional on certain obligations being met before the start date. 

You must successfully complete pre-employment checks and any obligations set out in the offer. Pre-employment checks are undertaken by a data processor on our behalf, HireRight. The offer is conditional on the satisfactory completion of pre-employment screening and any other specific obligations, set out in the offer. Failure to meet these specific requirements could lead to the offer being revoked.

We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. 

You will therefore be required to undergo or provide: 

Proof of your identity – you will be asked to attend our office with original documents, we may take copies.

Proof of your qualifications – you will be asked to attend our office with original documents, we may take copies.

Criminal records checks – You will be asked to complete a criminal records declaration to declare any unspent convictions. Our data processor is fully registered with Disclosure and Barring Service and Disclosure Scotland to provide full UK criminal record searches. We will retain the document confirming successful completion of this check, supplied by the data processor. When working with some clients, this document may also be shared as part of the on-boarding process. 

Employment history checks – our data processor will independently verify your employment by contacting your referees, former employers and through checking its internal databases. 

Academic Verification – our data processor will engage institutions and authorised agents in order to verify your academic history and qualifications. 

Identity document checking – our data processor will verify the authenticity of any identity documentation provided. We will also do this ourselves in certain circumstances. 

Organisation and membership checking – our data processor will verify professional qualification and industry memberships. 

Credit history checks – our data processor will carry out a credit history check in order to uncover any details of bankruptcy, debt history or financial litigation. 

If we make a final offer, we will also ask you for the following:

Bank details – to process salary payments

Emergency contact details – so we know who to contact in case you have an emergency at work

2.3.5 Post start date 

Some roles may require a higher level of security clearance – if required, this will be clear on the advert. 

You may be asked whether you would be willing to undergo security clearance after starting your employment at Context. This will be optional. The purpose of this will be to broaden the array of tasks that you are able to undertake. 

If this is the case, then you will be asked to submit information via the National Security Vetting process to the agency providing this clearance. The vetting agency will be the data controller for this information. 

The sponsoring agency will tell us whether your application is successful or not. If it is unsuccessful, Context Information Security will not be told the reason (s) why but if a higher level of security clearance is required for the role we might need to review your suitability for the role or how you perform your duties. 

2.4 Use of Data Processors

Data processors are third parties who provide elements of our recruitment service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct. 

2.4.1 Lever

If you use our online application system, you will provide the requested information to Lever who provide this online service for us. Once you click ‘Apply for this job’ you will be taken to Lever’s website. They will hold the application information you submit but Context Information Security will have access to it. 

You can read more about Lever’s privacy policy here:

2.4.2 Recruitment Agencies 

We sometimes use recruitment agencies to help fill our vacancies. We only use agencies that form part of our preferred suppliers list. The recruitment agencies will collect the application information which is used to assess your suitability for the role you have applied for, the results of which will then be assessed by our hiring teams. Information collected by recruitment agencies will be retained by us for 12 months, after it is submitted to us. 

2.4.3 HireRight

HireRight will conduct our pre-employment screening checks. HireRight utilises a combination of online and offline security technologies, procedures and organisational measures to help safeguard consumer information against loss, misuse, and unauthorised access, disclosure, alteration and destruction. We employ SSL / TLS data encryption when data is transmitted over the Internet to our website. We have installed layered firewalls and other security technologies to help prevent unauthorised access to our systems. Strong password protection protocols are used on our computers, and employees are kept up-to-date on our security and privacy policies. The servers used to store consumer information are maintained in a secure environment with appropriate security measures. 

For additional information about how HireRight manages data, please visit their privacy policy page:

2.5 How Long Is The Information Retained For? 

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. 

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained by us for 12 months following the closure of the campaign. We may then seek to contact you and request your permission to hold your details for a further 12 months, so that you can be considered for other suitable vacancies. 

Lever may provide us with management information about our recruitment campaigns. This is anonymised information which tells us about the effectiveness of the campaigns, for example, which source generated the most candidates. 

2.6 How We Make Decisions About Recruitment?

Final recruitment decisions are made by hiring managers and members of our recruitment team. All of the information gathered during the application process is taken into account. 

You are able to ask about decisions made about your application by speaking to our recruitment team or by emailing [email protected]

CHECK IT Health Check Service
CTAS - CESG Tailored Assurance Service
Cyber Essentials
CESG Certified Product
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor