Privacy Policy

Last updated: 10th November 2025

This Privacy Policy explains how Noble Point Services (“we”, “us”, “our”) collects, uses, discloses and protects personal data in connection with our services and websites. It applies to data collected when you (a) visit our website, (b) request information or a proposal, (c) engage us to provide services (including managed security, DFIR, IT asset lifecycle, cloud and AI enabled services), or (d) otherwise interact with us.

Contact: [email protected]

 

  1. Scope and controller

When Noble Point Services processes personal data in the course of providing services, you (or the organisation you represent) are typically the controller of your own data and Noble Point Services is the processor acting under your instructions, unless otherwise agreed in writing in a Statement of Work (SOW) or Data Processing Addendum (DPA). For enquiries about how we process data as controller (for example website visitors, job applicants, marketing contacts), contact [email protected]

 

  1. Categories of personal data we collect

We collect personal data necessary to provide and operate our services and to manage business relationships. Typical categories include:

  • Contact and identification data: name, business email, business phone, job title, company name and address.
  • Account and billing data: invoicing and payment contact details (held per SOW; payment terms are commercial and confidential).
  • Service data and telemetry: logs, EDR/SIEM telemetry, endpoint identifiers, asset serial numbers, configuration snapshots and other technical data required to deliver monitoring, DFIR, ITAM and cloud services.
  • Forensic and evidence artifacts: copies of logs, memory dumps, forensic images and collection metadata when performing incident response (handled under strict custody controls).
  • Inspection images and refurbishment records: photos, serials and QC outputs for ITAD / refurbishment services.
  • Recruitment and HR data: CVs, interview notes and references for job applicants.
  • Marketing and web analytics: IP address, user agent, cookies and usage metrics when visiting our websites or using our public resources.
  • Other data: any additional information you provide when requesting services or support (for example, ticket content submitted to our helpdesk).

 

  1. Sources of data

We collect data directly from you, your authorised contacts, from systems and sensors you allow us to connect to (for example SIEM, endpoint telemetry, asset databases), from third party service providers (threat intel feeds, vendor platforms) and from public sources where permitted.

 

  1. Purposes and lawful bases for processing

We process personal data for legitimate business purposes including:

  • To provide services — to deliver managed security, DFIR, ITAD, cloud, AI assisted services, helpdesk and advisory services under the SOW.
  • Security & forensic analysis — to detect, investigate and remediate incidents, preserve evidence and produce audit ready reports.
  • Contract performance and billing — to manage service delivery, invoicing and collections when applicable.
  • Product & service improvement — to analyse telemetry for service optimisation and model training in anonymised or pseudonymised form when required.
  • Marketing and communications — to send updates, newsletters or event invitations if you consent or have a legitimate interest (opt out available).
  • Legal and regulatory compliance — to comply with laws, respond to lawful requests, and protect the rights, property and safety of Noble Point Services and its clients.
  • Recruitment and HR — to evaluate candidates for employment.

The lawful basis for processing depends on context (contract performance, legitimate interest, consent, or compliance with legal obligations). Where special categories of personal data might be processed (rare in our services), we will obtain explicit legal bases and where necessary client consent.

 

  1. AI, model training and forensic data

  • AI assisted services: We use AI and machine learning models to assist detection, triage, refurbishment QC and decision support. Models are trained on telemetry, labelled events and, where relevant, anonymised or synthetic datasets.
  • Explainability & governance: Model outputs that affect decisions are paired with explainability artifacts and human analyst review. We maintain model version logs and validation records. Governance artifacts are available to clients under confidentiality terms or in a DPA/AI governance annex.
  • Use of forensic data: Forensic artifacts collected during DFIR are retained only as required for the investigation, legal or regulatory obligations and evidence preservation per the SOW and DPA. Chain-of-custody records and cryptographic hashes are maintained to ensure integrity.

 

  1. Disclosure and recipients

We may disclose personal data to:

  • Accredited partners and subprocessors who deliver technical components (e.g., cloud providers, forensic labs, analytics providers) — all bound by confidentiality and appropriate data protection obligations.
  • Professional advisers such as legal counsel or auditors when necessary.
  • Law enforcement or regulators when required by law or to protect rights.
  • Purchasers or business partners in the event of a corporate transaction, subject to confidentiality and notice where permissible.
  • We do not sell personal data.

 

  1. International transfers

Our service model may involve transferring data across borders (for example to accredited global partners or cloud providers). Where personal data is transferred internationally we use appropriate safeguards, such as standard contractual clauses, encryption, or client controlled enclaves.

 

  1. Retention and deletion

We retain personal data only as long as necessary to fulfil the purpose it was collected for, to meet legal or regulatory obligations, and as specified in the SOW or DPA. Typical retention categories:

  • Service telemetry and monitoring logs: retained per SOW (configurable retention windows).
  • Forensic artifacts and evidence packages: retained per SOW or legal obligations; chain-of-custody records kept as required.
  • Contact and marketing data: retained until you unsubscribe or request deletion, subject to lawful retention requirements.
  • ITAD / refurbishment records and provenance: retained to support warranty and provenance claims as agreed.

To request deletion of data held by Noble Point Services contact: [email protected]

Deletion requests that would impede ongoing investigations, legal obligations, or SOW commitments will be handled in consultation with the client.

 

  1. Security measures

We implement reasonable technical and organisational measures to protect personal data, including but not limited to:

  • Access controls, role based permissions and least privilege.
  • Encryption in transit and at rest where applicable.
  • Logging, monitoring and alerting of access to sensitive systems.
  • Physical security for ITAD and refurbishment facilities and custody controls for collected evidence.
  • Regular security testing and third party assessments.
  • Incident response procedures and breach notification processes.

For particularly sensitive projects we offer client controlled enclaves or isolated model execution to reduce transfer and exposure risk.

 

  1. Data subject rights

Subject to applicable law, individuals may have rights including:

  • Right to access personal data we hold about them.
  • Right to rectification of inaccurate personal data.
  • Right to restriction or erasure in certain circumstances.
  • Right to object to certain processing, including direct marketing.
  • Right to data portability where applicable.

Requests should be submitted to [email protected]. We will verify requests and respond within applicable legal timelines. Requests that conflict with ongoing investigations, legal obligations or contractual commitments may be limited; we will explain any refusal.

 

  1. Cookies and web analytics

Our website may use cookies, analytics and tracking technologies to operate the site, understand usage patterns and provide marketing. You may configure your browser to block cookies; however some site features may not function properly. Detailed cookie settings and a cookie consent banner can be provided on request.

 

  1. Subprocessors and vendors

We use subprocessors (for example cloud hosting, analytics, email services, payment processors) to deliver services. Noble Point Services requires subprocessors to meet data protection obligations and to process data only as instructed. A list of subprocessors is available on request.

 

  1. Breach notification

In the event of a confirmed security incident affecting Client personal data, Noble Point Services will notify the client without undue delay and provide details of the incident, containment measures and remediation steps. Where required by law, we will also notify relevant authorities and affected data subjects as appropriate, in coordination with the client.

 

  1. Children

Our services and website are not intended for children under applicable age limits. We do not knowingly collect personal data from minors.

 

  1. Changes to this policy

We may update this Privacy Policy from time to time. When material changes are made that affect existing clients, we will provide notice by email or other means as appropriate.

 

  1. Contact

For privacy enquiries, data requests, DPA requests, or to request our AI governance annex under confidentiality, contact:

Email: [email protected]