Data Protection and Cookies
Data Protection Policy (‘Privacy Notice’)
Introduction
Code in Motion Ltd (collectively, “I” or “we” or “us”) trading as ‘Secure And Assure‘ knows you care about how your personal data is used and shared. For Secure And Assure to succeed, we need to ensure you can trust us with your personal data.
The following describes how we collect, store, use and disclose your personal data*.
*Personal data is data relating to a living individual who can be identified, or is identifiable, using this data or if this data is used in conjunction with other data that is in Secure And Assure’s possession, or could come into its possession.
If you have any questions, comments or concerns about any of this, you can contact us at hello@secureandassure.com or at +353 (1) 554 6268.
Below, we describe the types of steps we take to secure your data while it is in our possession.
We then provide more specific detail on how your personal data is collected, stored, used, shared and retained, categorised by the different types of relationships an individual may have with Secure And Assure. e.g. You may be just a site visitor, a newsletter subscriber, and/or a client.
Security Controls
Before we discuss the specific ways that we collect, store, use and store your personal data, we will describe the types of broad security controls in place within Secure And Assure that provide some level of assurance about how your personal data is secured by Secure And Assure.
Device Security
All of the personal data stored on Secure And Assure’s computer devices is encrypted. The devices are updated with the latest software and security patches at regular intervals. They are also protected with other layers of security (e.g. anti-virus, anti-malware). Device screens are configured to automatically lock after a short period of inactivity to reduce the risk of unauthorised access. Important data stored on local devices is backed up on a frequent basis and the backups are encrypted.
Account Security
MFA means that one needs more than just a password to log in to an account. We use MFA on all of the IT systems that are used to store or process client data. We also regularly review any login alerts from key systems to reduce the risk of suspicious activity going unnoticed.
Organisational Security
We are fully aware of the things we can, and can’t, do with your data.
When others are brought in to work on behalf of Secure And Assure, they are brought through data protection and IT security training as part of their on-boarding.
3rd Party Security
As detailed further in the privacy policy below, we only engage 3rd parties who understand their data protection obligations and know how to keep data secure. All are under contractual obligations to comply with GDPR and to only use your data in ways that we have instructed.
Email Security
Most of our conversations with clients occur using email. Our emails are stored in Microsoft’s European data centres and the Secure And Assure email environment is secured in line with security best practices.
Document Sharing Security
If we need to share information that includes data of a sensitive nature, we will always do so in a secure way. For example:
- The information will be stored in a file that is encrypted using AES encryption, or shared via a secure file sharing platform.
- Passwords will be communicated over a different channel to the information itself – e.g. We may send the password to you via a phone call or message.
Website visitors
The following describes the personal data we collect, store, use, share, and retain about site visits and site visitors.
What personal data is collected?
For security monitoring: Some or all of the following about site visitor: Originating Internet Protocol (IP) address, proxy IP address, url accessed on SecureAndAssure.com, complete http header, http request body.
For site page views: Secure And Assure collects data about page views but tries not to collect personal data about site visitors. Wherever possible, all data collected is aggregate data that cannot be tied back to one individual.
What is the purpose of this data collection?
For security monitoring – To try to protect the website from attackers and unauthorised / unusual activity.
For site page views – To understand how the site is used by collecting page view data. This data is only about the number of page views. It is not personal data.
What’s the lawful basis for this?
Legitimate interest (protecting the website; understanding site usage).
How do we use this data?
This data is collected and analysed by security components that are protecting the website.
Page view data is collected by, and analysed with, the Fathom Analytics platform.
Who could see this data?
This data could be accessible to specific data processors involved in running this website – e.g. the website hosting provider, website security providers, and analytics provider.
How do we protect this data?
Alongside the ‘Security Controls’ described earlier, there are other components / configurations in place to secure the data:
- Data Processing Agreements are in place with all 3rd parties with access to personal data.
- Multi-factor authentication is activated on all admin accounts , reducing the likelihood of a successful breach.
- Security layers monitor and protect the site from hacking attempts.
- The software on the site is updated on a frequent basis.
How long do we keep this data?
The maximum length of time this IP address data is retained is 90 days after Secure And Assure’s contract with its hosting provider ends.
Email Subscribers
The following describes the personal data we collect, store, use, share, and retain about people who have signed up to receive regular emails (e.g. email courses; newsletters).
What personal data do we collect?
First name and email address. We may also be able to derive your employer from your email address.
Why do we collect this?
To send you emails and updates – e.g. whenever a new blog post or newsletter issue is published.
What’s our lawful basis for this?
Consent – Anyone on the list has given their consent to be on the list. If you withdraw your consent by unsubscribing, your personal data becomes unavailable to us.
How do we use this data?
To send you newsletters and blog updates .
Who could access this data?
This data is accessible to Substack. This is the service used to manage the subscriber list.
When you subscribe, we receive an email notification. Your details are contained in this email and retained on Microsoft 365.
Does the data leave the EEA?
Yes. Substack is based in the USA. It uses EU-approved Standard Contractual Clauses to ensure the data remains protected while it is outside of the EEA.
How do we protect this data?
Alongside the ‘Security Controls’ described earlier, there are other components / configurations in place to secure the data:
- Data Processing Agreements are in place with Substack to protect the data.
- Two-factor authentication is activated on all Secure And Assure accounts on Substack.
How long do we keep this data?
The data is used on Substack to send you updates by email until you withdraw your consent.
The emails sent to us by Substack whenever anyone signs up to the list are deleted at the end of each calendar year.
People who contact us or who we contact
The following describes the personal data we collect, store, use, share, and retain about people (who are not and never were clients or employees / agents of clients) that contact us or who we contact during day-to-day business.
What personal data do we collect?
One or more of: Name, email address, phone number, job title, employer. Possibly other information published online (e.g. LinkedIn profile)
What is the purpose of this processing?
To grow and support the business; to respond to potential clients; to build networks with others in the industry.
What is the lawful basis for this processing?
Legitimate interest – We have a legitimate interest to grow the business.
How do we use this data?
Mainly to understand how we can help you, or how we could possibly help each other.
How do we protect this data?
Alongside the ‘Security Controls’ described earlier, there are other components / configurations in place to secure the data. For example:
- Data Processing Agreements are in place with any online services that are used to process your data.
- Multi-Factor Authentication (MFA) is activated wherever possible to reduce the likelihood of a hack.
How long do we keep this data?
For a maximum of 5 years after our last interaction / conversation.
Clients
The following describes the personal data we collect, store, use, share, and retain about the employees and other individuals connected to a client of Secure And Assure.
What personal data do we collect?
One or more of: Name, email address, phone number, job title, employer. Possibly other personal data that these individuals (or their colleagues or employers) have provided to us in the course of the contract.
What is the purpose of this processing?
To perform a contract between Secure And Assure and one of its clients.
What’s the lawful basis for this?
Legitimate interest. It is in the legitimate interest of Secure And Assure and its client to perform the contract.
It is also usually in the individual’s legitimate interest – e.g. to ensure we can communicate with them.
How do we use this data?
For the purposes of performing the contract of work that is in place between Secure And Assure and the client.
Who are the main 3rd parties who could also access your personal data?
- Microsoft: Most client work is communicated over email and our email provider is Microsoft.
- Accounting firms: Secure And Assure uses accountants to help with company financials. They seldom need the personal data of clients but it may happen – e.g. if a client is a sole trader, their ‘business name’ is their own name and so counts as personal data.
- Legal firms or debt collection agencies: If a client is not complying with payment terms, the client contract allows Secure And Assure to engage with these 3rd parties to pursue payment. Personal data about one or more employees working for the client (e.g. contact details of an employee working in the client’s finance department) may be share in such a scenario.
How do we protect this data?
Alongside the ‘Security Controls’ described earlier, there are other components / configurations in place to secure the data. For example:
- Data Protection Agreements are in place with relevant 3rd parties.
- Multi-Factor Authentication is activated wherever possible to reduce the likelihood of a breach.
How long do we keep this data?
Personal data needed for the performance of the contract is retained for a period of 7 years after the contract ends, in line with contract law and the statute of limitations.
Other Notes
Business Transfers: We may choose to buy or sell assets, and may share and/or transfer personal data as part of such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, your personal data could be one of the assets transferred to or acquired by a third party.
Protection of Secure And Assure and Others: We reserve the right to access, read, preserve, and disclose any information as necessary to comply with law or court order; enforce or apply our agreements with you and other agreements; or protect the rights, property, or safety of Secure And Assure, its employees, customers, or others.
Disclosures for National Security or Law Enforcement: Under certain circumstances, we may be required to disclose your personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Cookie Policy
The website does not use cookies, because the site does not use Google website analytics tools, ad networks, or other trackers.
As mentioned earlier, Secure And Assure collects basic site usage information (e.g. number of page views) at an aggregate level through Fathom Analytics, a privacy-centric web analytics service. This service does not use cookies or other tracking technologies that retain your personal data. More information about Fathom Analytics is accessible from https://usefathom.com/.
Third-party links
Occasionally, we may include links to third-party products or services on the website. While we will only mention trustworthy sites, these third-party sites have separate and independent privacy policies. We have no responsibility or liability for the content and activities of these linked sites. Having said that, we seek to protect the integrity of Secure And Assure and welcome any feedback about these sites.
Your rights
While we have personal data about you, you have certain rights. These include:
Right to access
You may request a copy of all personal data held by Secure And Assure about you.
Right to rectify
You have the right to ask Secure And Assure to correct any inaccuracies in the personal data held about you.
Right to erasure
In certain circumstances, you have the right to ask that Secure And Assure erases any personal data that it is processing about you.
For example, if we have your data because you gave your consent, you are now withdrawing consent and we have no other lawful basis for keeping the data.
Please note that we may still be allowed to retain and use your information. For example, if it is necessary to comply with a legal obligations, resolve disputes, enforce our agreements, or defend / establish a legal claim.
Right to restrict
In certain circumstances, you have the right to request that we restrict the processing of your personal data.
Right to object
In certain circumstances, you have the right to object to Secure And Assure’s processing of your personal data. This is especially true if we are processing your data on the basis of Secure And Assure’s legitimate interest.
Right not to be subjected to automated decision making
You have the right not to be subjected to automated decision making where the decision has legal or significant effects. However, we don’t think we have such automated decision making processes in Secure And Assure.
Right to withdraw consent
Where we are processing your personal data on the basis of your consent, you have the right to withdraw your consent at any time.
For example, if we are sending you marketing emails, you can withdraw your consent immediately by clicking the UNSUBSCRIBE link in the footer of the email.
How to exercise your rights
Please contact us at hello@secureandassure.com and provide as much information as possible to enable us to respond to your request.
Right to complain
If you believe Secure And Assure is breaching your data protection rights, you have the right to complain to the data protection regulator.
Secure And Assure is established in Ireland and is regulated by Ireland’s Data Protection Commission (Click here to visit the regulator’s website).
Contact us
If you have any questions about this privacy or cookie notice, please contact us by emailing hello@secureandassure.com
Changes to this notice
Any changes to this Privacy Notice will be posted on this website so you are always aware of the personal data we collect, use, store, disclose and retain.
If at any time we decide to use your personal data in a manner significantly* different from that stated in this Privacy Notice or otherwise stated to you at the time it was collected, we will note this significant* change below. We will also notify you if you have asked to be notified of such changes.
(* We don’t regard changes that just clarify meaning or improve explanations as significant).
History of Significant Changes (over the last 3 years)
September 2025: Reviewed and updated content. Reflected Code in Motion Ltd’s new trading name, Secure And Assure. Replaced MailChimp with Substack, as the newsletter is now published on that platform.
June 2023: Reviewed and updated content. Removed third parties that are no longer in use.
January 2023: Added reference to the score cards that are now available on the website.