Privacy Policy

1. Who We Are

Cyber Ask Ltd ("we", "us", "our") is the data controller responsible for personal data collected through this website (cyberask.co.uk) and its associated services. We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

We collect personal data in the following ways:

• Contact enquiries: When you email us or submit an enquiry, we collect your name, email address, phone number (if provided), and the content of your message.
• Telephone contact: When you call us, we may retain a record of your name and number for the purpose of responding to your enquiry.
• Client portal: If you are a client with portal access, we hold login credentials (email address and hashed password) and engagement-related records.
• Cookies and analytics: We use cookies to understand how visitors use our website. See Section 7 for full details.

We do not use website contact forms — all direct communication is via email or telephone. We do not collect payment card data through this website.

3. How We Use Your Personal Data

We use personal data for the following purposes and on the following lawful bases:

• Responding to enquiries — Lawful basis: Legitimate interests (responding to pre-contractual communications).
• Delivering contracted services — Lawful basis: Performance of a contract.
• Maintaining client records — Lawful basis: Legal obligation and legitimate interests.
• Improving our website — Lawful basis: Legitimate interests (ensuring the site works correctly and is useful).
• Compliance with legal obligations — Lawful basis: Legal obligation.

We do not use your personal data for automated decision-making or profiling.

4. Data Retention

We retain personal data only for as long as necessary:

• Enquiry data (where no contract follows): Deleted after 12 months.
• Client engagement records: Retained for 6 years following conclusion of the engagement, in line with UK company record-keeping requirements.
• Financial records: Retained for 7 years in line with HMRC requirements.
• Marketing communications (if applicable): Until you unsubscribe or ask us to stop.

5. Sharing Your Personal Data

We do not sell, rent, or trade your personal data. We may share it with:

• IT service providers used to operate our website or email (e.g. hosting providers), acting as data processors under contract.
• Professional advisers (e.g. accountants, legal advisers) under obligations of confidentiality.
• Certification Bodies or delivery partners where you have engaged us to support a CE/CE+ assessment and data sharing is necessary to deliver the service — you will be informed of this in advance.
• Regulatory authorities or law enforcement where we are legally required to do so.

Where any third party processes your data on our behalf, we ensure appropriate data processing agreements and safeguards are in place.

6. International Data Transfers

We are a UK-based business and primarily process data within the UK and EEA. Where data is transferred outside the UK (for example, to a cloud provider with infrastructure in other regions), we ensure appropriate safeguarding mechanisms are in place in line with UK GDPR requirements, such as UK Standard Contractual Clauses or adequacy decisions.

7. Cookies

Our website uses cookies — small text files stored in your browser. We use the following types:

• Strictly necessary cookies: Required for the website to function (e.g. remembering your cookie preference). These cannot be opted out of.
• Analytics cookies: Used to understand how visitors interact with our website (pages visited, time on site, errors encountered). This data is anonymised and aggregated. We do not use third-party advertising cookies.
• Preference cookies: Store your acceptance of this cookie notice.

You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the website. Our cookie preference is stored in your browser's localStorage under the key ca_cookies_accepted.

8. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access (Article 15): Request a copy of the personal data we hold about you.
• Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Article 17): Request deletion of your data where there is no compelling reason for us to continue processing it.
• Right to restrict processing (Article 18): Ask us to limit how we use your data in certain circumstances.
• Right to data portability (Article 20): Receive your data in a structured, machine-readable format where processing is based on consent or contract.
• Right to object (Article 21): Object to processing based on legitimate interests.
• Rights related to automated decision-making (Article 22): We do not carry out automated decision-making with legal effects.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. We will not charge a fee except in cases of manifestly unfounded or excessive requests.

9. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK's data protection supervisory authority:

We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO. Please contact us first at [email protected].

10. Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, alteration, or disclosure. Our website is served over HTTPS. Client portal sessions are encrypted and access-logged.

11. Other Privacy Policies

We also operate a mobile application for CE+ validation purposes. That application has a separate privacy policy:

• CE+ Validation App — Privacy Policy

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will update the "last updated" date at the top of this page. Where changes are material, we will take reasonable steps to notify affected individuals. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: