Privacy Policy

Last updated: 1 December 2025

1. Introduction

Cyber911 ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website or services.

We are a UK-based cybersecurity consultancy operating as a sole trader, and we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Asmaa Jacobson trading as Cyber911
Contact: info@cyber911.co.uk

2. Information We Collect

2.1 Information You Provide

When you contact us through our website, we collect:

  • Name
  • Email address
  • Phone number (optional)
  • Company name (optional)
  • Message content

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent on pages
  • Referring website

2.3 Client Engagement Information

When you engage our services, we collect:

  • Business contact information
  • Technical environment details
  • Security assessment findings
  • Communication records

3. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide penetration testing and security assessment services
  • Communication: To respond to your enquiries and provide updates
  • Contract Management: To manage client relationships and fulfil contractual obligations
  • Legal Compliance: To comply with legal and regulatory requirements
  • Business Operations: To improve our services and website functionality

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you submit the contact form or agree to receive communications
  • Contract: To fulfil our contractual obligations when you engage our services
  • Legitimate Interests: To improve our services and website, prevent fraud, and maintain security
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data with:

  • Service Providers: Email hosting providers (for contact form submissions) and website hosting services
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Professional Advisors: Legal and financial advisors bound by confidentiality obligations

All third-party service providers are carefully selected and required to maintain appropriate security measures.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted data transmission (SSL/TLS)
  • Secure email systems
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

While we take all reasonable steps to protect your data, no internet transmission is completely secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary:

  • Contact Form Submissions: Up to 2 years from last contact
  • Client Records: 7 years after project completion (for legal and tax purposes)
  • Website Analytics: Up to 26 months

After the retention period, we securely delete or anonymise your data.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)

To exercise any of these rights, please contact us at info@cyber911.co.uk.

9. Cookies and Tracking

Our website uses minimal cookies and tracking technologies:

  • Essential Cookies: Required for website functionality (e.g., session management)
  • hCaptcha: Used to prevent spam on the contact form (see hCaptcha Privacy Policy)

We do not use advertising cookies or third-party analytics that track you across websites.

10. International Data Transfers

Your data is primarily stored and processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses
  • Adequacy decisions by the UK government
  • Service providers with appropriate certifications

11. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by updating the "Last updated" date at the top of this page.

We encourage you to review this policy periodically.

13. Complaints

If you have concerns about how we handle your personal data, please contact us first at info@cyber911.co.uk. We will investigate and respond to your complaint.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: info@cyber911.co.uk
Website: Contact Form