Privacy Notice
This Privacy Notice explains how SecuMap Ltd. ("SecuMap", "we", "us") uses your personal data when you use our public website, create or manage an account in the SecuMap customer portal, contact us, or receive marketing from us. For the purposes of UK data protection law, SecuMap acts as the data controller.
SecuMap provides the Detection System of Record platform and this public website. Visitors can learn about detection governance, request briefings, open support requests, and sign up for a SecuMap account at portal.secumap.co.uk. Data is used only as described in the sections below; SecuMap does not sell personal data.
Who we are
SecuMap Ltd.
1 Dornoch Way
Blantyre
G72 0GR
Scotland, United Kingdom
Company No. SC875008
You can contact us about privacy at [email protected].
What data we collect
Depending on how you interact with SecuMap, we may collect:
- Customer portal account data — when you register or manage an account at portal.secumap.co.uk, including your name, email address, organisation details, subscription choices, contact information, and billing contact details you provide with your consent.
- Support and enquiry data — when you use our support form, request an executive briefing, email us, or submit a licence upgrade request through the portal, including your email address, name, organisation details where you provide them, message or form content, and any attachments you choose to send. Support requests are logged in our Atlassian service desk so we can respond and follow up with you.
- Sales and relationship data — when you enquire about SecuMap, register for a portal account, accept our End User Licence Agreement, or ask about a licence upgrade, we may record your contact details, organisation name, role, and the context of your request so we can qualify enquiries, manage our relationship with your organisation, and follow up appropriately.
- Marketing contact data — your email address and related contact details where you have opted in to receive product updates, security content, or other marketing from SecuMap.
How we use your data
We use personal data to:
- create and manage customer portal accounts and subscriptions;
- maintain contact and billing contact records for your organisation;
- respond to support requests, briefing enquiries, licence upgrade requests, and other messages you send us — including contacting you about open support tickets;
- manage sales enquiries and customer relationships, including recording briefing requests, portal sign-ups, and licence-related requests;
- send product updates, service notices, and security-related content where you have agreed to receive them; and
- operate, secure, and improve our website and customer-facing services.
Legal basis
Our legal bases under the UK GDPR depend on the activity:
- Consent — when you sign up for a portal account, opt in to marketing, or otherwise agree to a specific use of your data. You can withdraw consent at any time using unsubscribe links in marketing emails or by contacting us.
- Contract — where processing is necessary to provide your SecuMap subscription, manage your account, or fulfil our agreement with you.
- Legitimate interests — where we need to respond to enquiries, operate support, protect our services, or keep business records, provided your rights are not overridden.
Service providers
We use trusted processors to run SecuMap services:
- Cloudflare — hosts and delivers this website and the SecuMap customer portal infrastructure. Cloudflare processes personal data on our behalf to provide hosting, security, and related platform services.
- Atlassian — our support and service desk provider. Atlassian processes contact details and support request content on our behalf so we can triage issues, respond to you, and maintain a record of support conversations. Atlassian may process data outside the UK; we rely on appropriate safeguards where required.
- Brevo — our email and contact management provider for customer communications and marketing. Brevo processes data on our behalf to send emails and manage contact lists. Brevo’s servers may be located outside the UK; we rely on appropriate safeguards (such as standard contractual clauses) to protect your data.
- HubSpot — our customer relationship management provider. HubSpot processes contact and organisation details on our behalf when you request a briefing, register for a portal account, accept our End User Licence Agreement, or ask about a licence upgrade, so we can manage enquiries and our relationship with you. HubSpot may process data outside the UK; we rely on appropriate safeguards where required.
We name processors here because they receive personal data on our behalf. We do not publish internal system designs, security controls, or integration details on this page.
How long we keep your data
We retain portal account, subscription, and billing contact data for as long as your account is active and for a reasonable period afterwards to meet legal, accounting, and support obligations. Support records held in Atlassian are kept for as long as needed to resolve your request and maintain an appropriate support history. Sales and relationship records held in HubSpot are kept while relevant to an active enquiry or customer relationship, and for a reasonable period afterwards for business and legal purposes. Marketing contact data is kept while you remain subscribed or until you withdraw consent. If you ask us to delete your data, we will do so unless we must retain certain records for legal or contractual reasons.
Your rights
Under the UK GDPR you have rights to access, correct, erase and restrict how we use your personal data, as well as the right to object to certain uses and to data portability in some cases. To exercise any of these rights, contact us at [email protected].
You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk if you are unhappy with how we handle your data.
Cookies and tracking
This website does not use analytics or advertising cookies. We may record anonymous, aggregate blog-read events, such as whether a blog page was viewed for long enough or scrolled far enough to count as a qualified read. These events do not use cookies and are not used to identify individual visitors. We may use strictly necessary cookies or similar technologies where required for security — for example, bot protection on forms that submit data to us (including support, briefing requests, and portal sign-up). The customer portal may use cookies needed to keep you signed in and operate your account. If we introduce cookies that are not strictly necessary, we will update this notice and ask for your consent where required.