Privacy Policy

Last updated: 09/18/2023

Defentrix is firmly committed to protecting and handling the personal information of all External Individuals in a lawful and appropriate manner. This notice sets the minimum requirements that the information gathered is used, retained and disclosed in a secure and compliant manner.


Defentrix provides Third-Party Risk Management & IT security services and skill up services. This privacy notice aims to inform you

  • How we collect and use your Personal Information
  • Why we need to collect your Personal information 
  • To whom we give your personal information
  • International transfer or your personal information
  • How we monitor your activities
  • How long we retain your Personal Information
  • How we protect your Personal Information
  • What are your rights?
  • Contact US

How we collect and use your Personal Information

Defentrix will only collect personal information relating to external individuals to the extent that it is required for a particular purpose or purposes, in the context of its business. Read about the purposes in the next section “Why we need to collect your personal information” 

Defentrix may collect or Process, any or all of the following types of personal information about external individuals as part of its business activities 

Personal Information Category Examples of Personal Information we may collect within each category include:
Identity Information Title, Full name, photograph, gender, date of birth
Contact details Employer details, job title, work address, phone number(s) and email address(es), emergency contact details and number, social media handles
Personal details Languages and information that an external individual volunteers in their course of dealings with Defentrix, such as through networking events (which could involve the disclosure of data about religion to facilitate prayer room access, ethnicity or sexual orientation)
Marketing information Contact history, interactions and communications with Defentrix, events attended, Defentrix information and materials (e.g., whitepapers) provided, contact preferences
Online Personal information entered on the website (via form) and cookies that are enabled which further capture personal and confidential information of the user and their device. Additional information on the type of cookies, specific data attributes and other confidential information captured is available under section “To whom we give your personal information”
Relationship Management information Communication and meeting dates, education and qualifications, reference, professional experience, membership of professional bodies, information about complaints and feedback
Data related to use of and access to facilities and corporate assets Time in location of entry and exit to premises, access to restricted zones and security camera footage data related to access to and usage of office equipment and corporate assets including fixed and mobile phones, computer systems, email and the intranet/ internet, location identifiers, multifunctional devices, cost recovery systems, document management systems, car service pickup and drop of logs, contact management systems and online databases
Background screening information Criminal history, political exposure
We may collect personal information about you directly from our website (, at events, and through your usage of Defentrix systems.

Why we need to collect your Information


Defentrix uses External Individuals’ Personal Information for a variety of purposes. The most common uses of Personal Information are:

  • Managing Client request, projects and bidding for work
  • Marketing activities and market research
  • Investigating complaints and issues
  • Security and compliance with law, including health and safety requirements and

In list of the purposes for which we may collect your personal information is set out in the table below. Where Defentrix wishes to use first and information for a new purpose that has not been notified to the external individual, where required by law, Defentrix will notify the external individual of the new purpose. 

Legal basis for Processing 

Defentrix will Process Personal Information relating to External individuals where it is required by law, necessary for the performance or administration of a contract, or where it has a legitimate business interest in doing so. Defentrix will Process Sensitive Personal Information where it is necessary for the purpose of carrying out a legal obligation or exercising specific rights of Defentrix permitted by local law. Defentrix will obtain your consent to Process your Personal information where it is required to do so by local law, and where required, for any new or additional purpose. Under local law, to the extent that Processing is based on consent, External individuals may be entitled to withdraw consent to the Processing of their Personal Information. External individuals who wish to withdraw consent should follow the instructions received at the time of providing consent or contact us (see Contact Us section below) 

Purpose of use Legal Reason for processing
For compliance with legislation and policies
Managing, monitoring and investigating complaints with all relevant legal, regulatory and administrative obligations and responsibilities, whether in the jurisdiction where you are based or else were Necessary for Defentrix legal obligations as a business entity
Necessary for Defentrix legitimate interest for monitoring compliance with regulatory obligations
Monitoring and investigating complaints with Defentrix policies Necessary for Defentrix legitimate interests to ensure compliance with our policies
For organizing in maintaining our business structure
Development of Central data bases with respect to the personal information of all external individuals, including data bases used by subsidiaries or branch offices for client and vendor management Necessary for Defentrix legitimate interests (to run a successful and efficient business)
Business Development Depending on the situation, either with the consent of the data subject, or were necessary for Defentrix legitimate interests (to run a successful and efficient business)
For Security & Business Continuity
Management of access controls and usage of buildings and facilities (including CCTV and parking lots) Necessary for Defentrix legitimate interests (to comply with its responsibilities to run a safe, secure and efficient business)
Management of access to and usage of office equipment and resources including but not limited to telephone, mobile phones, laptops and portable devices, multifunctional devices and more generally the computer network and applications Necessary for Defentrix timid interests (to protect Defentrix financers and help prevent fraud)
Maintaining the security of Defentrix and client's networks and information intellectual property Necessary for Defentrix legitimate interests (to run a successful and efficient business)
Detecting, preventing or otherwise addressing security, fraud all technical issues Necessary for Defentrix legitimate interests (to run a successful and efficient business and health prevent fraud)

To whom we give your personal information

Disclosure within the Defentrix. Defentrix is a global company and your Personal Information may be shared with or accessed by authorized individuals within company

Disclosure to third parties. Defentrix may also share your Personal Information:


How Google uses information from sites or apps that use Google services –

Cookies and other technologies used by Google –

Turn cookies on or off –

Turn off Ad Personalization –

Disclosure without notification. There may be circumstances where Defentrix discloses Personal Information to third parties without notifying External Individuals. These circumstances could include:

  • where the information is publicly available
  • where Defentrix is required to do so by law or by order of a court or Tribunal, or where Defentrix has a good faith belief that such disclosure is reasonably a legal obligation, process or request
  • where it is a legend by a law enforcement authority that an External Individual is guilty of a criminal offence, or is civil liable in a legal action, and Defentrix has a good faith belief that any disclosure necessary to comply with a legal process or request
  • Where Defentrix is required to or has a good faith belief that such disclosure is reasonably necessary to protect the rights, property or safety of Defentrix, its employees, contractors, job applicants, vendors, clients, customers of clients, third parties hot the public as required and permitted by law

International transfer of your personal information 

Due to the Global nature of Defentrix business, personal information may be shared, disclosed or transferred where such transfers are required for legitimate business reasons. Where Defentrix transfers your personal information internationally, which may include transferring personal information outside your country of domicile, Defentrix will comply with applicable legal requirements. Where required we will sign a data transfer agreement with the recipient of the personal information, which in the case of personal information originating from the European Economic Area, Switzerland and the United Kingdom, main include the Standard Contractual Clauses 

How we monitor your activities 

Where permitted by local law, Defentrix may monitor its company assets, including computers, telephones, fax machines, websites and its networks, including in intranet/internet access, email, applications, etc., and the activities of external individuals while accessing or using such office equipment or networks or websites. If you have for the questions, please contact us (see “Contact Us” section below) 

Where permitted by local law, Defentrix may monitor the activities of external individuals at Defentrix all client facilities using CCTV. Well required, signage will indicate which areas are subject to such monitoring, recorded images are destroyed in accordance with our retention policy, unless they required for criminal or other investigations (including circumstances were we are required to provide such information to clients for the purposes of their investigations).  

How long we retain your Personal Information 

Defentrix will retain Personal information for as long as necessary for fulfilling the purpose or purposes for which it was collected. This generally means that Personal Information will be deleted at the latest 6 years after collection unless longer retention is required for other valid reasons such as compliance with legal obligation, to resolve disputes or enforce contracts. 

How we protect your Personal Information 

Defentrix Implements appropriate security measures designed to prevent unlawful or unauthorized Processing of Personal Information and accidental loss of or damaged to Personal Information. Defentrix maintains written security management policies and procedures designed to prevent, detect, contain, and correct violations of measures taken to protect the confidentiality, integrity, availability, or security of your Personal Information. Policies and procedures assign specific data security responsibility and account abilities to specific individuals, include a risk management program that includes periodic risk assessment and provide an adequate framework of controls that safeguard your Personal Information 

What are your rights? 

Certain Defentrix systems may allow external individuals to check and update certain personal information. Where applicable. It is the responsibility of all external individuals to ensure that their personal information is kept up to date. Where permitted under applicable laws. External individuals have the right to access their personal information. Including to know the specific pieces of personal information collect, use and disclose, verify and challenge the accuracy and completeness of their personal information, and have it corrected, amended for deleted if inaccurate and, in Limited circumstances, object to processing of their personal information or ask for processing to be restricted. Defentrix may require external individuals to provide reasons or evidence to justify the amendment of personal information held by Defentrix. In addition, where applicable, can ask for their data to be moved to another controller or be provided in a portable format. Where Defentrix is processing personal information on the basis of consent, external individuals can withdraw that consent at any time. However, please note that if you withdraw your consent. You might not be able to use services all features that require collection or use of such person information. External individuals can exercise these rights by contacting as per the contact us section below. External individuals can also unsubscribe from marketing sent by Defentrix at any time by following the instructions received in the relevant Marketing Communication. We will not discriminate against your decision for exercising these rights.  

If an archive copy of your personal information is required to be retained by applicable law after receiving a request for deletion or closure of your account, we will follow the statutory term for such a retention. 


Defentrix may update this notice from time to time with a new version on Frequent visit to privacy policy is recommended to ensure you are aligned to the changes.

Contact Us

Any questions, concerns or complaints about the operation of this notice should be addressed to your main or usual Defentrix contact in the first instance (e.g., your relevant client partner, accounting executive, business Development contact or procurement contact) or, if you do not have a Defentrix contact, write to