At Cybercy (“Cybercy,” “we” or “us”) we routinely collect and use personal data about individuals, including clients and potential clients(“you”).  We are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data protection laws.

The purpose of this Policy is to provide a clear explanation of when, why and how we collect and use information which may identify you (“personal data”).

We have designed this Policy to be as user friendly as possible. Click on a topic in the list below to find out more, or explore individual topics in more detail by following the various links. We have labelled sections of the Policy to make it easy for you to navigate to the information that may be most relevant to you.

We may update this policy periodically so please check back to this page from time to time to ensure that you have the latest information. We will signpost any material changes to this policy prominently on our website.

  1. Who is responsible for your data?

Our details:

Registered office address:
Office 31 Zenith House Highlands Road, Shirley, Solihull, England, B90 4PD
Company number: 10988996
ICO registration number: ZB014816

2. What personal data do we collect?

When you interact with our website, make an enquiry with us or become a client we may collect some or all of the following sets of personal data:

  • Name.
  • E-mail address.
  • Device Internet Protocol (“IP”) address.
  • Other relevant information, such as telephone number, postal address and job title.

When you use our website we collect certain information related to your device, such as your device’s IP address and what pages your device visited. We do this using cookies and other tracking technologies – please see our Cookie Policy for further information.

Some of the data we collect is derived from information about your activities on our website provided to us by Google Analytics. Due to the nature of the Google Analytics service, the information we are provided by Google is also used by that company to inform its services to us and other business users.  Please visit the Google Analytics privacy policy for full details of what they may do with your personal data. 

3. How do we use your personal data?

We process your personal data in order to provide you with the services and information that you have requested, to fulfil our contractual obligations to you and to operate our business.

4. How do we protect your personal data?

We use appropriate technical, organizational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and
destruction.

We will make sure that we only use your personal data for the purposes detailed above and where we are satisfied that either:

  • you have provided your consent to us using the data in that way
  • our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you
  • our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have or
  • our use of your personal data is necessary to support ‘legitimate interests’ that we have as a business (for example, to improve our products), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights.

5. Who may we share your personal data with?

We make use of third parties, such as IT service providers, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data.

We may be under legal or regulatory obligations to share your personal data with courts, regulators, law enforcement.

We may also need to share personal data with our professional advisers, such as solicitors.

In all cases we will only disclose your personal data where there is a lawful basis to do so and then only the minimum amount of personal data required. We do not sell, distribute or lease your personal data to third parties without your explicit consent.

6. Direct Marketing

We may use your personal data to send you direct marketing communications about our services.

In most cases our processing of your personal data for marketing purposes is based on our legitimate interests to provide information about our services that might of interest to you. In some cases (such as where required by law) it may be based on your consent. You have a right to prevent direct marketing of any form at any time – this can be exercised by following the opt-out links in electronic communications.

We take steps to limit direct marketing to a reasonable and proportionate level, and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you.

7. International Transfers

We process your data on servers in the UK. If, in the course providing our services, it becomes necessary to transfer your data outside of the UK/EEA we will only do so to countries which are recognised by the EU and/or UK as providing an adequate level of legal protection or where we can be satisfied that appropriate legal safeguards are in place to protect your privacy rights.

8. How long do we keep your personal data

We will only keep your personal data for as long as it is required in order to achieve the purpose for which we collected it, after which it will be deleted. Retention periods can vary depending upon purpose and any legal, tax or regulatory requirements.

Where you make an enquiry with us but we do not enter in to a contractual relationship with you, we will delete your data 6 months after our last contact with you. In cases where you where we contract with you as a client, we will retain your data for 6 years after the conclusion of the contract.

9. Your rights

You have certain rights in relation to your personal data, which we have summarised in the table below.

RightWhat this means
AccessYou can ask us to: confirm whether we are processing your personal data; give you a copy of that data; provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any automated decision-making or profiling, to the extent that information has not already been provided to you in this Policy.
RectificationYou can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.
ErasureYou can ask us to erase your personal data, but only where: It is no longer needed for the purposes for which it was collected; or You have withdrawn your consent (where the data processing was based on consent); or Following a successful right to object (see “Objection” below); or It has been processed unlawfully; or To comply with a legal obligation to which Chubb is subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: For compliance with a legal obligation; or For the establishment, exercise or defence of legal claims; There may be other circumstances in which we are not required to comply with your erasure request and we will explain if that is the case.
RestrictionYou can ask us to restrict (i.e. keep but not use) your personal data, but only where: Its accuracy is contested (see “Rectification”), to allow us to verify its accuracy; or The processing is unlawful, but you do not want it erased; or it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or You have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction, where: we have your consent; or to establish, exercise or defend legal claims; or To protect the rights of another natural or legal person.
PortabilityYou can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller but in each case only where: The processing is based on your consent or on the performance of a contract with you; and The processing is carried out by automated means.
ObjectionYou can object to any processing of your personal data which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Automated Decision MakingYou can ask not to be subject to a decision which is based solely on automated processing, but only where that decision: produces legal effects concerning you (such as the rejection of a claim); or otherwise significantly affects you. In such situations, you can also obtain human intervention in the decision making, and we will ensure measures are in place to allow you to express your point of view, and/or contest the automated decision.
 
Your right not to be subject to automated decision making does not apply where the decision which is made: Is necessary for entering into or performing a contract with you; Is authorised by law and there are suitable safeguards for your rights and freedoms; or Is based on your explicit consent. However, in these situations you can still obtain human intervention in the decision making, and we will ensure measures are in place to allow you to express your point of view, and/or contest the automated decision.
International TransfersYou can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Economic Area. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.
Supervisory AuthorityYou have a right to lodge a complaint with your local supervisory authority about our processing of your personal data. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/).

We ask that you please attempt to resolve any issues with us first although you have a right to contact your supervisory authority at any time.
Identity
We take the confidentiality of all records containing personal data seriously, and reserve the right to ask you for proof of your identity if you make a request in respect of such records.
Fees
We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, respective or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
Timescales
We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can tell us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
Third Party Rights
We do not have to comply with a request where it would adversely affect the rights and freedoms of other data subjects. 

10. Contact and Complaints

If you wish to exercise any of the rights above or have any questions or complaints, then please contact us at privacy@cybercy.co.uk

If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with Information Commissioner’s Office (“ICO”) but we ask that you contact us in the first instance to see if we can resolve your query.