Cybersecurity Risk & Compliance Experts

Privacy Policy

Cyber Veritas Limited

Last updated: 20 June 2026


Cyber Veritas Limited (“Cyber Veritas”, “we”, “us”, or “our”) is a cybersecurity risk, governance and compliance consultancy. We are a company registered in England and Wales under company number 16049436, with our registered office at 4 Hertshill Gardens, Borehamwood, England, WD6 1JQ. We also operate from offices in London, United Kingdom and Delhi, India.

This Privacy Policy explains how we collect, use, store, share and protect personal data when you visit our website at https://cyberveritas.co.uk/ (the “Website”), get in touch with us, request a consultation, or otherwise interact with us. It also explains your rights under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

For the purposes of UK data protection law, Cyber Veritas Limited is the “data controller” of the personal data described in this Policy.

1. Personal Data We Collect

We only collect personal data that you choose to give us. We do not require website visitors to register an account, and we do not collect personal data from passive browsing beyond what is described in Section 4 (Cookies).

We collect personal data primarily through:

  • Our “Contact Us” page and general enquiry channels (e.g. emailing info@cyberveritas.co.uk);
  • Our “Book Your Consultation” form; and
  • Direct correspondence with you by email, phone, or via our LinkedIn page.

The table below sets out the categories of personal data we may collect through these channels:

Category Examples
Identity and contact data First name, last name, email address, phone number
Organisation data Company name, company size
Enquiry and engagement data Preferred timeline, priority level, and the details of your enquiry or the message you send us
Correspondence data The content of emails, calls, or LinkedIn messages you send us, and records of our communications with you

We do not knowingly seek to collect special category data (such as health information, biometric data, or data revealing racial or ethnic origin) through the Website, and we ask that you avoid including such information when contacting us. If you choose to share it anyway, we will only use it for the purpose you provided it and will handle it in accordance with applicable law.

2. How and Why We Use Your Personal Data

We use personal data only where we have a valid legal basis to do so under the UK GDPR. The table below sets out our main purposes for processing:

Purpose Data used Legal basis
Responding to your enquiry or preparing a quote/proposal Identity, contact, organisation, enquiry data Legitimate interests; steps necessary to enter into a contract with you
Delivering our consultancy and compliance services to clients Identity, contact, organisation, correspondence data Performance of a contract
Keeping business, accounting and invoicing records Identity, contact, organisation data Legal obligation; legitimate interests
Sending you relevant updates about our services (B2B marketing) Identity, contact, organisation data Legitimate interests, or your consent where required
Maintaining the security and proper functioning of our Website Technical data described in Section 4 Legitimate interests
Complying with legal and regulatory obligations Any of the above, as required Legal obligation

We will never use your personal data for purposes that are incompatible with those set out above without telling you and, where required, obtaining your consent.

3. Who We Share Your Personal Data With

We do not sell your personal data. We only share personal data with third parties in the following circumstances:

  • Our own personnel and consultants, on a need-to-know basis, to respond to your enquiry or deliver services to you;
  • Service providers who process data on our behalf (as “processors”), such as our website hosting provider and our CRM/email platform, HubSpot, under contracts that require them to protect your data and use it only as we instruct;
  • Professional advisers such as our accountants, auditors, or lawyers, where reasonably necessary;
  • Our technology partners (VIPRE, Sec1, OneTrust, and Semperis) only where you have specifically asked us to put you in touch with them, or where necessary to facilitate a product trial or licence you have requested;
  • Regulators, law enforcement, or other authorities, where we are required to do so by law or to protect our legal rights;
  • A buyer or successor entity, if we sell, merge, or restructure our business, subject to the same protections described in this Policy.

4. Cookies and Similar Technologies

Our Website currently does not use Google Analytics, advertising or social media tracking pixels, or other non-essential cookies.

The Website may set strictly necessary cookies required for it to function correctly — for example, technical cookies set by our caching and performance plugin. These cookies do not track you across other websites and do not require consent under UK law.

If we introduce analytics, marketing cookies, or similar tracking technologies in the future, we will update this Policy and present a cookie consent banner allowing you to accept or reject non-essential cookies before they are set.

5. International Data Transfers

Cyber Veritas operates from the UK and India. Where personal data is accessed from, or transferred to, our Delhi, India office, or to any service provider located outside the UK, we put appropriate safeguards in place. These may include the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or reliance on an applicable adequacy decision. You can ask us for more information about the safeguards we use by contacting us as set out in Section 11.

6. How Long We Keep Your Data

We keep personal data only for as long as necessary for the purposes described in this Policy, including to meet legal, accounting, or reporting requirements. As a general guide:

  • Enquiry or contact form data that does not progress into a client relationship: retained for up to 24 months from your last contact with us, then deleted or anonymised.
  • Client and engagement records: retained for the duration of our engagement, plus a further period (typically 6 years) to meet contractual, tax, and professional liability obligations.
  • Marketing contact data: retained until you ask us to stop, or unsubscribe.

Where we no longer need personal data, we securely delete or anonymise it.

7. How We Protect Your Data

As a cybersecurity consultancy, we take the security of personal data seriously. We maintain appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction, including access controls, encryption of data in transit, staff confidentiality obligations, and regular review of our own security practices. No method of transmission or storage is completely secure, but we work to use commercially reasonable means to protect your personal data.

8. Your Rights

Under the UK GDPR, you have the right to:

  • Access the personal data we hold about you;
  • Have inaccurate personal data corrected;
  • Ask us to erase your personal data in certain circumstances;
  • Restrict our processing of your personal data in certain circumstances;
  • Receive a copy of personal data you have provided to us in a structured, machine-readable format (data portability);
  • Object to our processing of your personal data, including for direct marketing;
  • Withdraw consent at any time, where we rely on consent as our legal basis; and
  • Not be subject to a decision based solely on automated processing, including profiling, that has a legal or similarly significant effect on you.

To exercise any of these rights, please contact us using the details in Section 11. We may need to verify your identity before responding, and we will respond within one month, as required by law.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or by calling 0303 123 1113, although we would welcome the opportunity to address your concerns directly first.

9. Children's Privacy

Our Website and services are directed at businesses and professionals. We do not knowingly collect personal data from children, and our services are not intended for use by individuals under the age of 18.

10. Links to Other Websites

Our Website contains links to third-party websites, including the websites of our technology partners (VIPRE, Sec1, OneTrust, and Semperis) and our LinkedIn page. We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policy of any website you visit.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, or you would like to exercise any of your rights, please contact us:

Cyber Veritas Limited

Email: info@cyberveritas.co.uk

Registered office: 4 Hertshill Gardens, Borehamwood, England, WD6 1JQ

Company number: 16049436

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will post any changes on this page and update the “Last updated” date at the top of this Policy. We encourage you to review this Policy periodically.