Privacy Policy

1. Introduction

Cipher Knights ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, or interact with us.

We are registered with the Information Commissioner's Office (ICO) under registration number ZA123456 and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

• Create an account or register for our services.
• Book a consultation or request information.
• Submit a support ticket or contact us.
• Subscribe to our newsletter or download resources.
• Participate in surveys, webinars, or events.

This may include: name, email address, phone number, company name, job title, billing information, and any other information you choose to provide.

2.2 Information We Collect Automatically

When you use our website or services, we automatically collect:

• IP address, browser type, device information, and operating system.
• Pages visited, time spent, referral sources, and navigation patterns.
• Log data, error reports, and performance metrics.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Service providers and business partners.
• Publicly available sources and databases.
• Social media platforms (if you interact with us there).

3. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our cybersecurity services.
• Communication: To respond to inquiries, send service updates, and provide support.
• Billing: To process payments and manage accounts.
• Marketing: To send newsletters, promotions, and information about our services (with your consent).
• Security: To detect, prevent, and investigate security incidents and fraud.
• Legal Compliance: To comply with legal obligations and regulatory requirements.
• Analytics: To analyze usage patterns and improve our website and services.

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases for processing your personal data:

• Contract: Processing necessary for the performance of a contract with you.
• Consent: You have given clear consent for specific purposes (e.g., marketing).
• Legal Obligation: Processing necessary to comply with legal requirements.
• Legitimate Interests: Processing necessary for our legitimate business interests, provided they do not override your rights.

5. Data Sharing

We may share your personal data with:

• Service Providers: Third-party vendors who assist in providing our services (e.g., hosting, email, payment processing).
• Professional Advisers: Lawyers, auditors, and insurers as necessary.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• Legal Requirements: When required by law, court order, or government authority.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

6. International Transfers

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission.
• Transfers to countries with an adequacy decision from the European Commission.
• Binding Corporate Rules for intra-group transfers.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest.
• Multi-factor authentication and access controls.
• Regular security assessments and penetration testing.
• Employee training and confidentiality agreements.
• Incident response and breach notification procedures.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary based on:

• The nature and sensitivity of the data.
• The potential risk of harm from unauthorized use or disclosure.
• Applicable legal and regulatory requirements.

When personal data is no longer needed, we securely delete or anonymize it.

9. Your Data Rights

Under UK GDPR, you have the following rights regarding your personal data:

To exercise your rights, please contact us using the details in Section 13. We will respond within one month.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content. For detailed information, please review our Cookie Policy.

You can control cookie preferences through your browser settings and our cookie consent banner.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our website. The "Last Updated" date at the top of this policy indicates when it was last revised.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact our Data Protection Officer:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.