Privacy Policy

1. Introduction

Cyber Defence, Evaluation & Consultancy Ltd (“CDEC”, “we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store and protect personal data in accordance with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

CDEC is a company registered in England and Wales.

For the purposes of data protection law, CDEC acts as the Data Controller for personal data processed in connection with our services.

2. Contact Details

If you have any questions about this policy or your data, you may contact:

Cyber Defence, Evaluation & Consultancy Ltd
Email: enquiries@cyberdec.co.uk
Registered Office: 20-22 Wenlock Road, London N1 7GU

3. Personal Data We May Collect

Depending on how you engage with CDEC, we may collect and process the following types of personal data:

A. Website Visitors

  • Name (if submitted via contact form)

  • Email address

  • Business information

  • IP address

  • Browser information

  • Website usage data (via analytics)

B. Clients (Consultancy Services)

  • Name

  • Business name

  • Contact details

  • Payment information

  • Identifiers necessary to deliver contracted services

C. Creator Exposure Snapshot Clients

For the Creator Exposure Snapshot service, we may process:

  • Legal name

  • Public brand name

  • Email address (if provided)

  • Usernames

  • Public identifiers

  • Contact information

We do not access private accounts or bypass security controls.

4. How We Use Your Data

We process personal data for the following purposes:

  • To provide contracted services

  • To conduct digital exposure assessments

  • To communicate regarding services

  • To issue invoices and process payments

  • To comply with legal obligations

  • To improve website functionality

We do not sell personal data.

5. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

Contractual Necessity (Article 6(1)(b))

Where processing is required to deliver a service you have purchased or requested.

Legitimate Interests (Article 6(1)(f))

For website security, service improvement and fraud prevention.

Legal Obligation (Article 6(1)(c))

Where required to comply with applicable laws.

6. Creator Exposure Snapshot – Specific Data Use

For the Creator Exposure Snapshot service:

  • Data is processed solely to conduct a structured exposure assessment.

  • Assessments rely on publicly accessible information and client-supplied identifiers.

  • No intrusive surveillance or unlawful data access is conducted.

  • Data is not shared with third parties except service providers necessary for secure hosting or payment processing.

Snapshot-related data is retained for up to 90 days following delivery unless an ongoing service is agreed.

Clients may request deletion after service completion.

7. Payment Processing

Payments are processed securely via Stripe or direct bank transfer for invoicing.

CDEC does not store full card details. Payment data is handled directly by Stripe in accordance with their privacy and security standards.

8. Data Storage & Security

CDEC implements appropriate technical and organisational measures to protect personal data, including:

  • Encrypted storage systems

  • Access controls

  • Secure cloud infrastructure

  • Limited data access on a need-to-know basis

While we take reasonable steps to secure data, no system can guarantee absolute security.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil contractual obligations

  • Comply with legal and tax requirements

  • Resolve disputes

Where no ongoing relationship exists, personal data is deleted or anonymised in line with internal retention policies.

10. Sharing of Data

We may share limited personal data with:

  • Payment processors (e.g., Stripe)

  • Secure hosting providers

  • Professional advisers (where legally required)

We do not sell or trade personal data.

11. International Transfers

Where service providers are located outside the UK, appropriate safeguards are implemented in accordance with UK GDPR requirements.

12. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion (where legally permissible)

  • Restrict processing

  • Object to processing

  • Request data portability

To exercise your rights, contact us at [Insert Email].

13. Complaints

If you are dissatisfied with how we handle your data, you may lodge a complaint with the Information Commissioner’s Office (ICO):

https://www.ico.org.uk

14. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

Contact Us