As a professional in the IT security business interacting with SRC Cyber
Solutions LLP (hereafter referred to as “SRC”) or as a professional interacting with SRC Cyber
Solutions LLP back-office or management teams, certain of your employees’ personal data, in the
meaning of Article 4(1) of the European Regulation 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data (“GDPR”), may be collected and processed by SRC
in the ordinary course of its business activities.
In accordance with Articles 13 and 14 of the GDPR, this notice aims to properly inform your employees, on their capacity as data subjects, of the processing that is likely to be carried out by SRC and pertaining to their personal data.
In view of your direct relationship with your employees whose personal data is disclosed to and processed by SRC, you are required to, and solely liable for, providing them with the information contained herein within fifteen (15) days as of the date this notice is communicated to you by SRC.
In the ordinary course of its business, SRC (the controller in the meaning of Article 4(7) of the
GDPR) may collect and process certain personal data pertaining to the categories of data subjects
listed below.
SRC may collect and process personal data pertaining to:
In accordance with applicable laws, you have a right of access, to rectification, to erasure, to
restriction of processing, to data portability, to object to the processing of your personal data,
and not to be subject to a decision based solely on automated processing. Where we are processing
data based on your consent (notably regarding the deposit of cookies), you have the right to
withdraw that consent at any time.
These rights are not absolute and may be exercised under the conditions set out in sections 15 to 22
of the GDPR. You can exercise them, subject to the provision of proof of identity, with the General
Counsel, at: support@srccybersolutions.com.
In the event of a breach of applicable regulations on the protection of personal data and in
particular of the GDPR, you may lodge a complaint with the national data protection supervisory
authority.
SRC may collect the following personal data: name, surname, professional email, professional phone number, job title, pictures if you attend marketing events.
SRC processes your personal data for the following purposes:
These personal data processing activities are implemented by SRC in pursuit of its legitimate interests (as per article 6(1), f) of the GDPR).
Your personal data is communicated:
Please note that some of your personal data may be transmitted to data recipients located outside the European Union. SRC informs you that these transfers are, where applicable, governed by the mechanism of the standard contractual clauses of the European Commission and thus meet the requirements of Articles 44 to 50 of the GDPR relating to the transfers of personal data to third countries.
SRC stores your personal data in accordance with the retention periods imposed by applicable laws, and the latest recommendations of the national data protection supervisory authority. In any event, SRC undertakes to store your personal data for a period not exceeding that necessary for the purposes for which they are collected.
Prospect’s employees identification data: 3 years as of the last contact from the prospect.
SRC may collect the following personal data: name, surname, address, professional email, job title, professional interests, passport/ID number, pictures if you attend marketing events.
SRC processes your personal data for the following purposes:
These personal data processing activities are implemented by SRC in pursuit of its legitimate interests (article 6(1), f) of the GDPR).
Your personal data is communicated:
Please note some of your personal data may be transmitted to data recipients located outside the European Union. SRC informs you that these transfers are, where applicable, governed by the mechanism of the standard contractual clauses of the European Commission and thus meet the requirements of Articles 44 to 50 of the GDPR relating to the transfers of personal data to third countries.
SRC stores your personal data in accordance with the retention periods imposed by applicable laws, and the latest recommendations of the national data protection supervisory authority. In any event, SRC undertakes to store your personal data for a period not exceeding that necessary for the fulfilment of our legal and contractual obligations.
Clients’ employees identification data: 3 years as of the end of the contractual relationship; Passport/ID number: deletion immediately after the travel organization has been finalized.
SRC may collect the following personal data: name, surname, address, professional email, professional interests, job title, pictures if you attend marketing events.
SRC processes your personal data for the following purposes:
These personal data processing activities are implemented by SRC:
Your personal data is communicated:
Please note some of your personal data may be transmitted to data recipients located outside the European Union. SRC informs you that these transfers are, where applicable, governed by the mechanism of the standard contractual clauses of the European Commission and thus meet the requirements of Articles 44 to 50 of the GDPR relating to the transfers of personal data to third countries.
SRC stores your personal data in accordance with the retention periods imposed by applicable laws, and the latest recommendations of the national data protection supervisory authority. In any event, SRC undertakes to store your personal data for a period not exceeding that necessary for the fulfilment of our legal and contractual obligations.
End-users’ employees identification data: 3 years as of the end of the contractual relationship.
SRC may collect the following personal data: name, surname, address, professional email, job title, pictures if you attend marketing events. [to be amended/completed at a local level, depending on the data mapping]
SRC processes your personal data for the following purposes:
These personal data processing activities are implemented by SRC in pursuit of its legitimate interests (article 6(1), f) of the GDPR).
Your personal data is communicated:
Please note that some of your personal data may be transmitted to data recipients located outside the European Union. SRC informs you that these transfers are, where applicable, governed by the mechanism of the standard contractual clauses of the European Commission and thus meet the requirements of Articles 44 to 50 of the GDPR relating to the transfers of personal data to third countries.
SRC stores your personal data in accordance with the retention periods imposed by applicable laws, and the latest recommendations of the national data protection supervisory authority. In any event, SRC undertakes to store your personal data for a period not exceeding that necessary for the fulfilment of our legal and contractual obligations.
Vendors’ employeesidentification data: 3 years as of the end of the contractual relationship.
SRC may collect the following personal data: name, surname, professional email, professional phone number, job title, pictures if you attend to marketing events.
SRC processes your personal data for the following purposes:
These personal data processing activities are implemented by SRC in pursuit of its legitimate interests (article 6(1), f) of the GDPR).
Your personal data is communicated:
Please note some of your personal data may be transmitted to data recipients located outside the European Union. SRC informs you that these transfers are, where applicable, governed by the mechanism of the standard contractual clauses of the European Commission and thus meet the requirements of Articles 44 to 50 of the GDPR relating to the transfers of personal data to third countries.
SRC stores your personal data in accordance with the retention periods imposed by applicable laws, and the latest recommendations of the national data protection supervisory authority. In any event, SRC undertakes to store your personal data for a period not exceeding that necessary for the fulfilment of our legal and contractual obligations.
Provider’s employees identification data: 3 years as of the end of the contractual relationship.
SRC may collect the following personal data: name, surname, professional email, professional phone number, job title.
SRC may collect the following personal data: name, surname, professional email, professional phone number, job title.
These personal data processing activities are implemented by SRC in pursuit of its legitimate interests (article 6(1), f) of the GDPR).
Your personal data is communicated:
Please note some of your personal data may be transmitted to data recipients located outside the European Union. SRC informs you that these transfers are, where applicable, governed by the mechanism of the standard contractual clauses of the European Commission and thus meet the requirements of Articles 44 to 50 of the GDPR relating to the transfers of personal data to third countries.
SRC stores your personal data in accordance with the retention periods imposed by applicable laws, and the latest recommendations of the national data protection supervisory authority. In any event, SRC undertakes to store your personal data for a period not exceeding that necessary for the fulfilment of our legal and contractual obligations.
Agent/IOR’s employees identification data: 3 years as of the end of the contractual relationship.
SRC may collect the following personal data: name, address, hobbies, personal email, birth date, phone number, history of professional experience, studies, professional certifications.
SRC processes your personal data for the following purposes:
These personal data processing activities are implemented by SRC in pursuit of its legitimate interests (as per article 6(1), f) of the GDPR).
Your personal data is communicated:
Please note that some of your personal data may be transmitted to data recipients located outside the European Union. SRC informs you that these transfers are, where applicable, governed by the mechanism of the standard contractual clauses of the European Commission and thus meet the requirements of Articles 44 to 50 of the GDPR relating to the transfers of personal data to third countries.
SRC stores your personal data in accordance with the retention periods imposed by applicable laws, and the latest of the national data protection supervisory authority. In any event, SRC undertakes to store your personal data for a period not exceeding that necessary for the purposes for which they are collected.
Job applicants’ personal data: 2 years as of the last contact with the applicant.
© 2025 SRC Cyber Solutions LLP. All Rights Reserved.