Privacy Policy

Introduction

Cyber Ascent Consultancy is committed to protecting the privacy and security of personal data we collect in the course of providing Cybersecurity consultancy. This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Cyber Ascent Consultancy is a sole consultancy based in the United Kingdom. For the purposes of data protection law, Jason Kelly, Principal Consultant, is the data controller responsible for your personal data.

Contact Details:

  • Email: info@cybersecurityconsultancy.com

2. Personal Data We Collect

We may collect and process the following types of personal data:

  • Identity and Contact Data: Name, job title, email address, phone number, and postal address when you engage our services or contact us.

  • Business-Related Data: Information provided in the course of our consulting services, such as project details or professional correspondence.

  • Website Data: If you visit our website www.cyberascentconsultancy.com , we may collect data such as IP addresses, browser type, and usage data via cookies or analytics tools (see Section 7).

  • Marketing Data: Preferences for receiving marketing communications, if you opt in.

We do not collect special categories of personal data (e.g., health, race, or religion) unless explicitly required for a specific project and with your consent.

3. How We Collect Personal Data

We collect personal data:

  • Directly from you when you contact us, engage our services, or provide information during projects.

  • Via our website, through forms, cookies, or analytics tools.

  • From third parties, such as clients or professional contacts, where you have consented to the sharing of your data.

4. How We Use Your Personal Data

We process personal data for the following purposes, based on the legal bases outlined:

  • To Provide Services: To deliver our consulting services, manage client relationships, and fulfill contracts (Legal basis: Contract).

  • To Communicate: To respond to inquiries, provide updates, or send project-related information (Legal basis: Legitimate Interests).

  • For Marketing : To send promotional materials or newsletters, where you have opted in (Legal basis: Consent).

  • To Improve Our Services: To analyze website usage or client feedback to enhance our offerings (Legal basis: Legitimate Interests).

  • To Comply with Legal Obligations: To meet regulatory requirements, such as tax or accounting obligations (Legal basis: Legal Obligation).

5. Sharing Your Personal Data

As a sole consultancy, we minimize data sharing. We may share your personal data with:

  • Service Providers: Trusted third parties (e.g., accounting software, email platforms, or IT support) who process data on our behalf, under strict data protection agreements.

  • Legal Authorities: If required by law or to protect our legal rights.

  • Business Partners: Only with your consent, for collaborative projects.

We do not sell or rent your personal data. Any third parties we engage are based in the UK or jurisdictions with adequate data protection standards (e.g., the EU).

6. Data Security

We take appropriate technical and organizational measures to protect your personal data, including:

  • Secure storage of physical and digital records (e.g., encrypted devices and password-protected systems).

  • Use of reputable, secure third-party platforms for data processing.

  • Regular review of security practices to prevent unauthorized access, loss, or disclosure.

7. Cookies and Website Analytics (if applicable)

If you visit our website www.cyberascentconsultancy.com , we may use cookies or analytics tools (e.g., Google Analytics) to collect anonymized data about your browsing behavior. You can manage cookie preferences through your browser settings or our website’s cookie banner. For details, see our [Cookie Policy, if applicable, or link to section].

8. Data Retention

We retain personal data only for as long as necessary:

  • Client data: For the duration of our contract and up to [e.g., 7 years] to comply with tax or legal obligations.

  • Inquiry data: For [e.g., 12 months] unless further engagement occurs.

  • Marketing data: Until you unsubscribe or withdraw consent.

Data is securely deleted or anonymized when no longer needed.

9. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of your data.

  • Rectification: Correct inaccurate data.

  • Erasure: Request deletion of your data, where applicable.

  • Restriction: Limit how we process your data.

  • Objection: Object to processing based on legitimate interests or for marketing.

  • Portability: Obtain your data in a transferable format.

  • Withdraw Consent: Where processing is based on consent.

To exercise these rights, contact us at [Insert Contact Email]. We will respond within one month, free of charge, unless the request is complex or excessive.

10. International Data Transfers

If we transfer personal data outside the UK (e.g., to EU-based service providers), we ensure adequate safeguards are in place, such as Standard Contractual Clauses or reliance on UK adequacy decisions.

11. Complaints

If you have concerns about our data practices, please contact us at info@cyberascentconsultancy.com. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: www.ico.org.uk

  • Phone: 0303 123 1113

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

  • https://ico.org.uk/make-a-complaint/

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Updates will be posted on our website www.cyberascentconsultancy.com with the revised date.

Contact Us

For questions or to exercise your data protection rights, contact:
Email: info(at)cyberascentconsultancy.com