Privacy Policy

Last updated: 13 June 2026

Before you publish: replace every [HIGHLIGHTED PLACEHOLDER] with your real company details, and have this policy reviewed by a qualified legal adviser. This template is a strong starting point, not legal advice.

This Privacy Policy explains how [YOUR FULL NAME] trading as CYBERVIS ("CYBERVIS", "we", "us", "our") collects, uses, shares, and protects your personal data when you visit our website, contact us, or use our client portal and services. We are committed to protecting your privacy and handling your data in an open and transparent manner, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are
What data we collect
How and why we use your data
Lawful bases for processing
Who we share data with
International transfers
How long we keep data
How we protect your data
Your rights
Cookies
Children's privacy
Changes to this policy
Contact and complaints

1. Who we are

The data controller responsible for your personal data is:

Sole trader: [YOUR FULL NAME], trading as CYBERVIS
Business address: [BUSINESS ADDRESS]
ICO registration number: [ICO REGISTRATION NO]
Email: privacy@cybervis.co.uk
Data Protection contact: [DPO / PRIVACY CONTACT NAME]

2. What data we collect

We collect and process the following categories of personal data:

Information you give us

Contact & enquiry data: name, email address, phone number, company name, and the content of messages you send via our contact form or by email.
Account data (client portal): name, email address, hashed password, company, role, and profile details.
Service & engagement data: documents, forms, invoices, timesheets, e-signatures, messages, tasks, and other content you upload or generate within the portal.
Security awareness data: results of phishing simulations and training (e.g. completion status, scores) where you participate in our training programmes.

Information we collect automatically

Technical & usage data: IP address, browser type, device information, pages visited, and timestamps, collected via server logs and essential cookies/local storage.

Where we deliver security testing or assessment services, we may process data contained in your systems strictly under a separate, signed engagement agreement and only as your data processor.

3. How and why we use your data

To respond to enquiries and provide quotes or proposals.
To create and administer your client portal account and provide our services.
To deliver, manage, and invoice for consultancy, security, cloud, and automation services.
To deliver security awareness training and phishing simulations you have agreed to.
To send service-related communications (e.g. account, billing, and security notices).
To maintain the security, integrity, and performance of our systems.
To comply with legal, regulatory, and accounting obligations.
With your consent, to send marketing communications (you can opt out at any time).

4. Lawful bases for processing

Under UK GDPR, we rely on the following lawful bases:

Contract — to provide services you have requested and administer your account.
Legitimate interests — to run and secure our business, respond to enquiries, and prevent fraud or misuse, balanced against your rights.
Consent — for optional marketing and non-essential cookies. You can withdraw consent at any time.
Legal obligation — to meet tax, accounting, and other statutory requirements.

We do not sell your personal data. We share it only with trusted third parties who help us operate, including:

Cloud hosting & storage: Microsoft Azure (data hosting, storage, email).
Email delivery: SendGrid (transactional and notification emails).
Professional advisers: accountants, auditors, and legal advisers where necessary.
Authorities: regulators or law enforcement where required by law.

All processors are bound by contracts requiring appropriate security and confidentiality measures.

6. International transfers

We aim to keep personal data within the UK or European Economic Area. Where a provider processes data outside these regions, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.

7. How long we keep data

We keep personal data only as long as necessary for the purposes set out above, including legal, accounting, and reporting requirements. Enquiry data is typically retained for up to [X MONTHS]; client account and engagement records are typically retained for [X YEARS] after the end of our relationship, in line with statutory retention periods. When no longer needed, data is securely deleted or anonymised.

8. How we protect your data

We apply technical and organisational measures appropriate to the risk, including encryption in transit (HTTPS/TLS), hashed passwords, access controls and role-based permissions, rate limiting, security headers, private storage for uploaded files, and regular review of our systems. No method of transmission or storage is completely secure, but we work to protect your data and continuously improve our controls.

9. Your rights

Under UK GDPR you have the right to:

Be informed about how your data is used.
Access a copy of your personal data.
Request correction of inaccurate or incomplete data.
Request erasure ("right to be forgotten") in certain circumstances.
Restrict or object to processing in certain circumstances.
Data portability for data you provided to us.
Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@cybervis.co.uk. We will respond within one month.

10. Cookies

We use essential cookies and local storage to operate the website and client portal, and (with your consent) optional cookies. See our Cookie Policy for full details.

11. Children's privacy

Our services are intended for businesses and are not directed at children under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date above reflects the latest version. Material changes will be communicated where appropriate.

13. Contact and complaints

Questions about this policy or your data? Email privacy@cybervis.co.uk or write to us at [BUSINESS ADDRESS].

If you are unhappy with how we handle your data, you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by calling 0303 123 1113. We would, however, appreciate the chance to address your concerns first.