Cyber Trust
Cyber Trust abstract background

Privacy matters

Privacy Policy

This page explains how PalisadeSECURE Technologies Ltd T/A Cyber Trust ("we", "us") collects, uses and protects personal data when you visit our website, contact us or use our cyber security services. We are based in the UK and follow UK data protection law, including the UK GDPR and the Data Protection Act 2018.

This policy is for general information only and does not constitute legal advice. If you have questions about how we use your data, please contact us using the details below.

Who we are and how to contact us

We are PalisadeSECURE Technologies Ltd T/A Cyber Trust, a UK-based cyber security services provider. For most of the activities described in this policy, we act as the data controller – this means we decide how and why your personal data is used.

You can contact us about privacy or data protection at:

  • Email: cyberteam@cybertrust.co.uk (or use the contact details shown on our website).
  • Telephone: our main office number shown in the footer.
  • Postal: you can write to our registered office or main office address shown on our site.

We primarily work with business clients, partners and professional contacts. We do not intentionally target children and ask that children do not provide personal data via our website.

What this policy covers

This Privacy Policy explains how we handle personal data when:

  • you browse or interact with our website;
  • you contact us, request information or make an enquiry;
  • you enter into, or we deliver, cyber security services to your organisation; and
  • we carry out B2B marketing, relationship management and partner activities.

It does not cover personal data we process purely on behalf of our clients as their data processor. In those cases, your organisation's own privacy notices will also apply.

The types of data we collect

The personal data we collect depends on how you interact with us. Typical categories include:

Identity and contact details

  • Name and contact details (work email, phone number)
  • Job title, role and team/department
  • Organisation name, industry and office locations

Website, technical and usage data

  • IP address and approximate location (country/city)
  • Browser type and device information
  • Pages viewed, time on page, navigation and clicks
  • Cookie identifiers and analytics data (see Cookies section)

Service and relationship data

  • Enquiry and proposal details, including notes from calls or meetings
  • Contract information, service configuration and billing contacts
  • Records of communications, feedback and support interactions

Marketing and preference data

  • Marketing preferences (e.g. email opt-ins or opt-outs)
  • Event registrations, webinar attendance and related data
  • Information you choose to give us in forms, surveys or feedback

We do not intentionally collect special category data (such as health information) through our website or standard service channels. If such data is ever required for a specific project, we will handle it with appropriate safeguards and only where strictly necessary.

How we collect your data

We collect personal data in several ways, including:

  • Directly from you when you fill in forms, send emails, call us, attend meetings or events, or otherwise contact us.
  • Through your organisation when your employer or client organisation shares contact details and user lists so we can deliver services.
  • Automatically from our website using cookies and similar technologies when you browse or interact with our site.
  • From publicly available sources such as company websites, professional networking platforms and industry directories, where this is appropriate and lawful for B2B relationship-building.
  • From trusted partners and suppliers where they introduce you to us or act on our behalf.

How we use your data and lawful bases

We only use personal data where we have a lawful basis under UK data protection law. Typical purposes and legal bases include:

  • Providing quotes, proposals and services (Contract): to respond to enquiries, prepare proposals, enter into contracts and deliver our cyber security services.
  • Managing our relationship (Contract / Legitimate interests): to manage projects, handle support, maintain records and keep you updated on service-related matters.
  • B2B marketing and business development (Legitimate interests / Consent): to send relevant updates, event invitations or insights to business contacts, where permitted by law and respecting any opt-outs.
  • Improving our website and services (Legitimate interests): to understand usage patterns, improve user experience and enhance our services and security.
  • Legal, regulatory and security purposes (Legal obligation / Legitimate interests): to comply with legal obligations, maintain audit trails, prevent fraud and support information security.
  • With your consent (Consent): where you actively sign up for a newsletter, event or optional communication and consent is the appropriate lawful basis. You can withdraw consent at any time.

Where we rely on legitimate interests, we balance our interests against your rights and expectations and only use personal data in ways that you would reasonably expect in a B2B context.

Cookies and website analytics

Our website uses cookies and similar technologies to make the site work and to help us understand how it is used.

  • Essential cookies – these are needed for basic site functionality (for example, security and load balancing) and are set automatically.
  • Analytics and performance cookies – we may use privacy-conscious analytics tools to measure usage, such as page views and navigation paths, so we can improve our content and services.

Where required by law, we will ask for your consent before setting non-essential cookies. You can also control cookies through your browser settings and, where provided, our cookie banner.

For more detailed information about the cookies we use, please refer to our separate Cookies Policy (linked from the website footer).

Data relating to our cyber security services

As a cyber security provider, we may process certain personal data as part of delivering our services. We do this strictly within the scope of our contracts and professional obligations.

Cyber Essentials, IASME Cyber Baseline and other certifications

When we help you achieve or maintain certifications such as Cyber Essentials or IASME Cyber Baseline, we may process:

  • Contact details for key staff involved in the process
  • Evidence documentation provided by your organisation (for example, policies, screenshots or configuration details)
  • Assessment records, reports and outcomes needed to demonstrate compliance and maintain an audit trail

We use this information only for assessment, certification and related support, and retain it for as long as needed to demonstrate compliance and manage renewals.

Cyber Security Audits, vCISO and advisory services

For Cyber Security Audits, vCISO programmes and other advisory work, we may process:

  • Contact details for stakeholders and decision-makers
  • Information about your systems, processes, suppliers and organisational structure
  • Notes, analysis and recommendations needed to prepare reports and roadmaps

We use this data to understand your current posture, provide tailored advice and track progress against agreed plans.

Penetration testing, vulnerability scanning and phishing simulations

For technical testing and awareness activities, we may process limited personal data such as:

  • User identifiers (for example, work email addresses or usernames) required to run tests or simulations
  • Technical data generated during testing, such as logs, findings and result metrics
  • Aggregated outcomes (for example, click-through rates in phishing simulations) to support reporting and training

We do not use this data for unrelated purposes. It is used only to deliver the agreed services, provide results to your organisation and help improve security awareness and resilience.

Sharing your data with third parties

We do not sell your personal data. We may share it with:

  • Service providers such as cloud hosting, email, CRM, analytics and IT support providers who help us run our business and deliver services.
  • Certification bodies and industry partners where needed to deliver Cyber Essentials, IASME Cyber Baseline or similar schemes.
  • Professional advisers such as lawyers, accountants and auditors where necessary for legitimate business purposes.
  • Your organisation and authorised contacts, when we are working with you as a client or partner and need to share results and reports.
  • Regulators, law enforcement or other authorities where we are required to do so by law, or to protect our rights or the rights of others.

Where we use third-party providers, we ensure they are subject to appropriate contractual and security obligations.

International transfers

Some of our trusted suppliers or their systems may be located outside the UK or the European Economic Area (EEA). If personal data is transferred internationally, we will ensure that appropriate safeguards are in place, such as:

  • using countries that have been recognised as providing adequate protection for personal data; and/or
  • using approved contractual protections, such as the UK International Data Transfer Agreement or standard contractual clauses, where required.

You can contact us if you would like more information about the safeguards we use for international transfers.

How we keep your data secure

As a cyber security provider, protecting information is core to what we do. We use a combination of technical and organisational measures to help keep personal data secure, including:

  • Access controls and role-based permissions
  • Encryption in transit and at rest where appropriate
  • Secure configuration and hardening of systems and cloud services
  • Backups and continuity planning
  • Internal policies, training and governance for staff and contractors

No system can be guaranteed 100% secure, but we take sensible and proportionate steps to reduce risks and respond quickly to issues.

How long we keep your data

We keep personal data only for as long as necessary for the purposes described in this policy, including:

  • for as long as we have an ongoing relationship with you or your organisation;
  • for a period afterwards, where reasonably necessary to respond to queries, maintain records, demonstrate compliance or meet legal, tax and regulatory requirements; and
  • for shorter periods where we hold data solely based on your consent and you withdraw that consent.

When data is no longer needed, we will delete it or anonymise it in a secure and irretrievable way.

Your rights under data protection law

Under the UK GDPR and related laws, you have a number of rights in relation to your personal data. These rights may be subject to conditions and exemptions, especially in a B2B and cyber security context, but typically include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to have inaccurate or incomplete data corrected.
  • Right to erasure – to ask us to delete your data in certain circumstances.
  • Right to restriction – to ask us to pause certain processing.
  • Right to object – to object to processing based on legitimate interests, including direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format and/or have it transmitted to another organisation.
  • Rights in relation to automated decision-making – where we carry out decisions based solely on automated processing (we do not typically do this for our B2B services).

How to exercise your rights or raise a concern

If you would like to exercise any of these rights, or have questions about how we use your personal data, please contact us using the details in the "Who we are and how to contact us" section. We may need to verify your identity before responding.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), which is the supervisory authority for data protection in the UK. You can find details on how to contact the ICO on their website.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, how we process personal data, or legal requirements. When we make significant changes, we will take reasonable steps to bring them to your attention (for example, by updating the effective date at the top of the page or displaying a notice on our website).

Please review this page periodically to make sure you are happy with any updates. If you continue to use our website or work with us after changes are published, we will treat this as your acknowledgement of the updated policy.