Privacy Policy

1. Introduction

MEMA Consultants ("we", "us", or "our") operates the Vulnerability Assessment Portal ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and handling your data in an open and transparent manner in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect information that you provide directly to us:

• Account Information: Name, email address, company/organization name, and password when you register
• Assessment Data: Customer vulnerability assessments including customer references, vulnerability indicators, and assessor notes
• Usage Data: Information about how you interact with our Service

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process and store vulnerability assessments within your organization workspace
• Generate analytics and reporting for your organization
• Send you technical notices and support messages
• Respond to your comments, questions, and requests
• Comply with legal obligations

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

• Multi-tenant Architecture: Your data is isolated at the organization level
• Encryption: Data is encrypted in transit using TLS/SSL
• Access Controls: Only authorized personnel within your organization can access assessment data
• Regular Backups: We maintain regular backups to prevent data loss

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With your consent or at your direction
• To comply with legal obligations or respond to lawful requests
• To protect the rights, privacy, safety, or property of MEMA Consultants or others
• With service providers who assist in operating our Service (under strict confidentiality agreements)

6. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing of your personal data

To exercise any of these rights, please contact us using the details below.

7. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Assessment data is retained in accordance with FCA record-keeping requirements and your organization's retention policies.

8. Cookies

We use essential cookies to maintain your session and provide core functionality. These cookies are necessary for the Service to operate and cannot be switched off.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: