Privacy Notice for all our Customers

Simple English (Summary)

We believe in making complex things simple. In that spirit, please see a summary of our privacy notice and policy and what we do with the data we collect. To emphasise, everyone at Cyber Management Alliance Ltd wholeheartedly respects the privacy of your and our own personal information.

In summary, we:

  1. Wholeheartedly believe in the maximum protection of personal information and the fundamental concept of privacy.
  2. Will only collect the bare minimum of your data for us to survive as a business. We store this information for a period of 5 years.
  3. Strive to be fully transparent with you, the customer and the regulators when it comes to cyber attacks and or intrusion attempts on our business.
  4. Take all possible and sensible measures to protect the confidentiality and integrity of your personal information
  5. Do rely on third parties for things like managing customer interaction and are always striving to ensure that they share the same beliefs and principles around privacy and protection of data.
  6. Do not directly sell or trade in your personal information. FULL Stop. We will, as part of a transaction, share your information with our partners.

What information we collect

As a minimum we ask that you share with us your:

  • First name, last name and or middle name
  • Corporate email.
    • We prefer you provide us with your corporate email but many provide personal emails.
  • Your mobile and or contact number.
    • So that we may get in touch and discuss - sometimes a personal touch makes the difference.
  • Your country where you work.

In addition, to help us target and better meet your areas of interest, it helps if you provide us with your

  • Job Title & Company you work for.
  • Your business, IT and Security requirements.
  • Your ongoing projects

We do NOT collect and DO NOT require the following from you:

  • Sexual orientation or Gender
  • House Address
  • Religion
  • Health or fitness
  • Political views
  • Family data
  • Credit /debit card
  • Bank or other financial information

Why do we need your information:

Background: As a service oriented business we do not manufacture any product or produce any software app. We are constantly striving to produce informative and educational content for you, our customer. Some of our innovative and ground-breaking initiatives include:

  • Insights with Cyber Leaders Video Interviews.
  • Digital and physical Wisdom of Crowds events.
  • Cyber Incident Planning & Response public training.
  • Cyber Incident Planning & Response internal workshops.
  • Highly interactive and informative webinars.
  • Virtual and Onsite Consultancy.

However, to be able to survive as a business, we need to get our great content and service catalogue in front of you. As a small business we cannot afford the exorbitant costs of constant advertising on Google Ads for example. Hence, we have to collect and retain data from you so we may keep you informed and updated about our next great webinar, training or Wisdom of Crowds event.

We need some data from you so that we can:

  1. Inform you and keep you updated on our:
    1. Free and paid Cyber security, incident management and data privacy training courses and workshops.
    2. Wisdom of Crowds events, the dates, the theme and location of the events.
    3. Webinars: Our webinars are recognised as highly informative and educational and we use your contact and location data to let  you know when we are hosting the next webinar, in your time zone or otherwise.
    4. Products and services that we think you deserve to know.
  1. Share with you
    1. Information on when you can download the output from our Wisdom of Crowds events.
    2. When there is educational content, like our mind maps, checklists and etc are available to download.

What else we DO with your information

Background: Product vendors often develop cutting edge technology and in many instances also employ seasoned experts in their respective fields. Think advanced malware researchers, threat analysts and specialist cyber investigators as a few examples.  

  • So, when we introduce these experts and technology to you, we are often only empowered to do so if we share the data of those who attend or view at a later date, the webinar.
  • We share the following data: Name, last name, email, company, country, Mobile or landline phone number. 

What we DO NOT Do with your information

  1. We do not directly SELL or trade in your personal information with any person, persons or commercial organisation.  
  2. We do not share your information with anyone outside of the IT, Fintech, Governance, Risk, Training and Cybersecurity, Cyber resilience, Incident Management sectors.

Our third parties and your information

So, right now, we have no direct control over what third parties do with the information we provide them (when you, for example, watch their webinar). However, we are in the middle of making all the right noises, reviewing and tightening our contracts with all our partners so that we try our level best to ensure that the third parties are observing the same principles as us.


Who are your partners

We have an exclusive partnership with Advanced Cyber Solutions Ltd. However, to reveal all our partners would be, as the SCOTS, would say, “lifting our kilt”! - However, we can list here the types of companies and the sectors those companies operate in:

  • Cyber security, including, but not limited to,  technologies like firewalls, anti-malware, anti-virus, cyber incident response, cyber incident management, two factor authentication, identity management, cyber awareness, privileged user and end user management, user behaviour analytics, endpoint protection, cloud (all three layers, infrastructure, platform and software as a service) security and service offerings, encryption, hardware security, SIEM, Firewalls, Virtual.
  • Data privacy, risk management, dashboards.
  • Information technology: software defined networking, software defined security, Operating systems, general technology products, cloud based technology products, Virtualisation,
  • Blockchain, IoT, Artificial Intelligence, Machine Learning.
  • DevOps, DevSecOps, Programming, Application development, Application security.
  • Security assessment, pen-testing, vulnerability management, patching, software updates, certificates, certificate management.

How do you protect my Data?

It would be naive for us to declare that your data is 100% safe from cyber criminals.  100% percent security is a fallacy.

We take several precautions to ensure to ensure your data is not subject to unauthorised access. Some of the steps we take include, but are not limited to:

  • Encrypting, where possible, your personal information when it is NOT being transmitted (at rest)
  • Encrypting your data during transmission (for example, when we use our CRM software in the cloud)
  • Ensuring our staff are constantly made aware of their responsibilities towards protecting your personal information.
  • We believe in transparency and are always prepared to own up when things go wrong. We will keep you and the regulators posted when things go wrong and also let you know what we did to recover from such incidents.

How Do You Process My Data?

We primarily rely on our CRM systems to host  and process your personal information. This approach, (nothing is 100 percent secure) allows for a far more efficient method to control (issue, take-away) access for our employees and third parties.

So, yes, our CRM system is our primary data processor. The BrightTalk platform is our other primary data processor.


How Do You Obtain My Data?

We use multiple methods of obtaining your data including:

  • Forms on https://www.cm-alliance.com and any subdomains on this website.
  • Webinars - we use BrightTalk and obtain your information from BrightTalk when you view one of our educational webinars.
  • LinkedIn - we, like you, use LinkedIn.

How long do we keep your information

Based on our experience we have deemed it necessary to retain your data for 60 months after which we will reach out to confirm your intentions. You always have the ability and the right to opt-out at any time.


How do you dispose of my data?

We primarily rely on our CRM system and BrightTALK to host your data.  To that extent, we rely on those parties to ensure that they

  • Remove your data when we hit the “delete” or remove button.
  • Allocate your data in the “Do not Email” bucket when you unsubscribe from our mailing lists.

When I invoke “Forget me” what do you do?

Hmmm - This is a vicious cycle (surely it is) For us to truly forget you, we have to remove all instances of your records in all our databases. You may want to check if we have done so. Herein lies the contradiction, if a business deletes all evidence of you (your personal information) and your request to “Forget me” - then there is no available record that they held your data in the first place. If they maintain a record of your request they could expose the very fact that you were associated with the particular business in some way.

However, if you do invoke the RBF (Right to be Forgotten) option we will remove you from our CRM. We do not store any personal information in our email systems.


Complete Transparency - when attackers succeed

When discussing a data breach - It’s not a matter of IF but WHEN a business is attacked and compromised. To that extent, we believe in being fully transparent with you and the ICO and any other regulators.

We are constantly on the lookout for criminal activity on our networks and systems. When discovered we invoke our cyber incident response plan and take the necessary steps to either stop the ongoing attack and or take sensible response measures to mitigate the impact to you and our business.


Do you use cookies?

Yes. As most business we strive to offer you the best experience when you are on our website. We use the following cookies, from the following partner websites

Primary reason to use cookies- honestly, we feel it makes your life easier. Once you fill in a form we can remember its you when you visit us next.

  • Google/
  • HubSpot
  • More detailed information on cookies will be here soon.

Data protection registration

We are registered as a data controller with the UK Information Commissioner’s Office.. Our data protection registration number is ZA148168

Our details

This website is owned and operated by Cyber Management Alliance Ltd. We are registered in England and Wales under registration number 9547814, and our registered office is at 71-75 Shelton St, Covent Garden, London. WC2H 9JQ

Our principal place of business is at 71-75 Shelton St, Covent Garden, London. WC2H 9JQ You can contact us by writing to the business address given above, by using our website contact form, by email to info@cm-alliance.com or by telephone on 0203 1891422.