1. Introduction

This Privacy Policy outlines the practices of Cybility Consulting Ltd ("we", "our" or "the Company") with respect to information collected from customers who access our website at https://www.cybilityconsulting.co.uk/ ("Site") or otherwise share personal data with us (collectively: "Customers"). 

Processing of your personal data (i.e., any information which may potentially allow your identification through reasonable means; hereinafter "Personal Data") is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and for compliance with legal and financial regulatory obligations to which we are subject.

When you use this Site, you consent to the collection, storage, use, disclosure, and other uses of your Personal Data as described in this Privacy Policy.

We encourage Customers to carefully read our Privacy Policy and use it to make informed decisions. 


2. What information do we collect?

We collect two types of data and information from Customers. 

  1. Un-identified and non-identifiable information pertaining to a Customer(s), which may be made available or gathered via your use of the Site (“Non-personal Data”).
    1. We are not aware of a person’s identity from which the Non-personal Data was collected.
    2. Non-personal Data which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g., the type of browser and operating system your device uses, language preference, access time, etc.) to enhance the functionality of our Site.
    3. We may also collect information about your activity on the Site (e.g., pages viewed, online browsing, clicks, actions, etc.).
  2. Individually identifiable information, i.e., information that identifies an individual or may, with reasonable effort, identify an individual (“Personal Data”). Such information includes:
    1. Device Information - We collect Personal Data from your device. Such information includes geolocation data, IP address, unique identifiers (e.g., MAC address and UUID) and other information which relates to your activity through the Site.
    2. Contact information - When you use the contact or bookings features on our Site you will be asked to provide us with certain details such as: full name; email or physical address, and other information.


3. Who provides the information we have about you?

The Personal Data and organisation information we hold are mostly provided by yourself:

  • When you use or access our Site in connection with your use of our services, such as;
    • Using our ‘contact us’ widget; data goes to our Customer Relationship Management (CRM) system;
    • Making a booking for a discovery call; data is recorded in our automatic bookings system and shared with our email for notifications and appointments booked in our calendars.
  • When you engage our services as a customer or guest speaker (paid and pro bono);
    • Your details are added to our cloud hosted Customer Relationship Management (CRM) system;
    • For some of our services we will create an account on our cloud hosted Cybility Support Portal;

We may also receive your Personal Data and organisation information from clients that have engaged us as sub-contractors, associate consultants, partners, third-party providers, services, and public registers.


4. What information do we collect?

Typically, we collect the following information at the point of initial contact, via the Site or otherwise:

  • First name
  • Last name
  • Job title
  • Job role
  • Company
  • Email address
  • Contact phone number (landline and/or mobile)
  • Reason for contacting us

In respect of our services, where additional confidential information is required for the purpose of scoping a proposal; we will sign a mutual non-disclosure agreement.

When a formal engagement is underway with a contract in place; we will request access to the minimum confidential information we consider necessary to deliver the service effectively.  Whilst not exhaustive, such documentation typically includes everything from technical network architecture diagrams to penetration test reports; from governance documents such as reports to audit committee to project plans and meetings minutes.


5. How do we use it?

We may use the information for the following:

  • To respond to requests for information, proposals, or any customer service concerns you may have;
  • To deliver our services in performance of a contract;
  • To communicate with you and to keep you informed about our latest updates and services;
  • To market our websites and products (see more under "Marketing"); 
  • To serve you advertisements when you use our Site (see more under "Advertisements"); 
  • For statistical and analytical purposes, intended to improve the Site.


6. Who do we share it with?

We do not rent, sell, or share Customers’ information with third parties, except as described in this Privacy Policy.

We may transfer or disclose Personal Data to affiliated companies and subcontractors.

In addition to the purposes listed in this Privacy Policy, we may share Personal Data with our trusted third-party providers, who may be in different jurisdictions across the world, for any of the following purposes: 

  • Hosting and operating our Site;
  • Providing you with our services, including providing a personalised display of our Site;
  • Storing and processing such information on our behalf; 
  • Serving you with selected advertisements and to assist us in evaluating the success of our advertising campaigns and help us retarget any of our customers;
  • Providing you with marketing offers and promotional materials related to our Site and services; 
  • Performing research, technical diagnostics, or analytics;

We may also disclose information if we have good reason to believe that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our customers, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.


7. Your Rights

You may request to: 

  1. Receive confirmation as to whether personal data concerning you is being processed and access your stored personal information, together with supplementary information. 
  2. Receive a copy of personal data you directly volunteer to us in a structured, commonly used, and machine-readable format. 
  3. Request rectification of your personal data that is in our control.
  4. Request erasure of your personal information. 
  5. Object to the processing of personal data by us. 
  6. Request to restrict processing of your personal data by us.
  7. Lodge a complaint with the Information Commissioner’s Office or relevant supervisory authority.

However, please note that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements. 

If you wish to exercise any of the above rights or receive more information, please email our Data Protection Officer (“DPO”) at dpo@cybilityconsulting.co.uk.


8. Data Retention

We will keep your personal data for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes and enforce our policies.

We will keep records containing client personal data, account opening documents, communications, and anything else as required by applicable laws and regulations. 

Retention periods will be determined considering the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable opportunity.

We may rectify, replenish, or remove incomplete or inaccurate information, at any time and at our own discretion.


9. Cookies

We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services. 

A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various purposes. These purposes include allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences, and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

The Site uses the following types of cookies:

  1. 'session cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed; 
  2. 'persistent cookies ' which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in; 
  3. 'third-party cookies' which are set by other online services who run content on the page you are viewing, for example by third-party analytics companies who monitor and analyse our web access.

Cookies do not contain any information that personally identifies you, but Personal Data that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly, and your online experience may be limited.

Website Analytics

We also use an open-source tool called “Matomo” (formerly known as Piwik) to collect information about your use of the Site. Matomo collects information such as how often customers access the Site, which pages they visit, when they do so, etc. We use the information we obtain from Matomo only to improve our Site and services. Matomo collects the IP address assigned to you on the date you visit sites, rather than your name or other identifying information. We do not combine the information collected with Matomo with personally identifiable information.


10. Third-party collection of information

Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to. 

This Privacy Policy does not apply to the practices of companies that we do not own or control, nor to individuals whom we do not employ or manage, including any of the third parties which we may disclose information to as set out in this Privacy Policy. 


11. How do we safeguard your information?

During an engagement we encourage Customer’s to keep their Confidential information stored within their own information systems, providing us with access to it as is necessary.  We recognise that this is not always practical.

Therefore, we take great care in implementing and maintaining the security of the Site and our information systems to protect your data.  As a cybersecurity consultancy, we use industry good practices with due care to ensure the safety of the information we collect and retain, and prevent unauthorised use of any such information, and we require any third party to comply with similar security requirements, in accordance with this Privacy Policy. 

Although we take reasonable steps to protect information, it is impossible to be 100% secure.  We cannot be responsible for the acts of those who gain unauthorised access or abuse our Site, and we make no warranty, express, implied, or otherwise, that we will prevent such access.

  1. Transfer of data outside the UK 

Please note that some data recipients may be located outside the UK. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection or enter into legal agreements ensuring an adequate level of data protection.

  1. Marketing

We may use your Personal Data such as your name, email address, telephone number, etc., ourselves or by using our third-party subcontractors, for the purpose of providing you with promotional materials concerning our services which we believe may interest you. 

To respect your right to privacy, within such marketing materials we provide you with the means to opt out of receiving further marketing offers from us. If you unsubscribe, we will remove your email address or telephone number from our marketing distribution lists. 

Please note that even if you have unsubscribed from receiving marketing emails from us, we may send you other types of important email communications without offering you the opportunity to opt out of receiving them. These may include customer service announcements or administrative notices.

  1. Corporate transaction

We may share information in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Policy.

  1. Minors

We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow the use of our services by minors without prior consent or authorisation by a parent or legal guardian. We do not knowingly collect Personal Data from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without their consent, he or she should contact us at dpo@cybilityconsulting.co.uk.

  1. Updates or amendments to this Privacy Policy

We reserve the right to periodically amend or revise the Privacy Policy; material changes will be effective immediately upon the display of the revised Privacy policy. The last revision will be reflected in the "Last modified" section. Your continued use of our websites and our services, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

  1. How to contact us

If you have any general questions about the Site or the information, we collect about you and how we use it, please contact our Data Protection Officer at dpo@cybilityconsulting.co.uk.

Like this? Share it