Privacy Policy
How Cyber Defence handles personal data and respects your privacy.
1. Introduction
This Privacy Policy explains how Cyber Defence (“we”, “us”, “our”) collects, uses, stores, and protects personal data. It applies to visitors to our website, individuals who contact us, prospective and existing clients, partner contacts, and other individuals whose data we process in the course of our business.
We act as a data controller for personal data relating to our own clients, prospects, and website visitors. Where we process data on behalf of a client as part of a managed service or consultancy engagement, we act as a data processor and follow the contractual terms and data protection instructions agreed with that client.
We are committed to complying with applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and, where relevant, the EU GDPR.
2. Data controller details
The data controller for personal data covered by this policy is:
Cyber Defence Ltd
If you have questions about this policy or our handling of personal data, please contact:
Email: hello@cyber-defence.io
3. Personal data we collect
The types of personal data we collect depend on your relationship with us. They may include:
• Contact details (name, job title, company, email address, telephone number).
• Account and access details (for client portal users, including usernames and access logs).
• Communication data (emails, enquiries submitted through our website, support tickets).
• Website usage data (IP address, browser type, device information, pages visited, and interaction with our website).
• Engagement data (information relating to proposals, contracts, and services we deliver).
• Security-related data (logs, alerts, and event data relating to security services, to the extent such data contains personal data).
4. How we obtain personal data
We may obtain personal data from:
• You directly, when you contact us, complete a form, or interact with our staff.
• Your employer or colleagues, when they list you as a contact or user for our services.
• Publicly available sources such as corporate websites and professional networking sites, where you have made information public.
• Our website and systems, which generate usage logs and security telemetry in the normal course of operation.
• Third-party providers, such as marketing or event platforms, where you have consented to your data being shared.
5. How we use personal data and legal bases
We use personal data for the following purposes and on the following legal bases:
Providing and managing our services
To deliver security services, respond to enquiries, manage contracts, and administer client relationships. The legal basis is performance of a contract or taking steps at your request prior to entering into a contract.
Communications
To respond to messages, send service-related communications, and provide information that you request. The legal basis is legitimate interests (effective communication with clients and prospects) or performance of a contract.
Marketing (business-to-business)
To send relevant information about our services, events, or publications to business contacts. The legal basis is legitimate interests, balanced against your rights and expectations. You can opt out of marketing at any time.
Security and monitoring
To operate and improve our website, protect systems from misuse, detect and prevent security incidents, and support investigations. The legal basis is legitimate interests in securing our systems and services.
Legal and regulatory obligations
To comply with legal requirements, respond to lawful requests, and maintain appropriate records. The legal basis is compliance with a legal obligation.
7. International transfers
We primarily process personal data within the UK and the European Economic Area (EEA). Where data is transferred outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms recognised under applicable law.
8. Data retention
We retain personal data only for as long as necessary for the purposes described in this policy, including to meet legal, regulatory, accounting, or reporting requirements.
Retention periods vary based on the nature of the data and our relationship with you. When data is no longer required, we securely delete or anonymise it.
9. How we protect personal data
We apply technical and organisational measures to protect personal data, including access controls, encryption where appropriate, monitoring, vulnerability management, security awareness training, and regular reviews of our security posture.
Further details of our approach to security are provided in our Security Policy.
10. Your rights
Subject to applicable law and certain limitations, individuals have rights in relation to their personal data, including:
• The right to access personal data we hold about you.
• The right to request correction of inaccurate or incomplete data.
• The right to request deletion of your data where there is no compelling reason for its continued processing.
• The right to object to or restrict processing in certain circumstances.
• The right to data portability, in some cases.
• The right to withdraw consent where processing is based on consent.
To exercise your rights, please contact us at hello@cyber-defence.io. We may need to verify your identity before acting on your request.
11. Complaints
If you have concerns about our use of your personal data, we encourage you to contact us first so we can address them. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.
12. Changes to this policy
We may update this Privacy Policy from time to time. The most current version will always be available on this page, and we will indicate the date of the latest update.
Last updated: 01/12/2025.