// Legal

PRIVACY
POLICY

How Vincent Cyber Defence Ltd collects, uses, and protects your personal data. Last updated: May 2026.

Vincent Cyber Defence Ltd ("we", "us", "our") is committed to protecting and respecting your privacy. As a cyber security firm, data protection and confidentiality are core to how we operate. This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit our website, enquire about our services, or engage us for certification and testing.

1. WHO WE ARE

Vincent Cyber Defence Ltd is a UK-registered company providing cyber security certification, assessment, and testing services. We act as the "data controller" for the personal data collected through this website and during the delivery of our services.

  • Company Registration Number: 16335932
  • Contact Email: privacy@vincentcyberdefence.co.uk
  • Postal Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

2. WHAT DATA WE COLLECT

We may collect, use, and store the following categories of personal data:

  • Identity & Contact Data: Name, job title, email address, telephone number, and company name.
  • Enquiry & Transaction Data: Information you provide when requesting a quote, filling out contact forms, or engaging us for services.
  • Technical Data: IP address, browser type, operating system, and data about how you use our website (collected via strictly necessary security cookies, local storage, and opt-in analytical tools).
  • Assessment Data: Technical configuration data, scoping details, or contact information provided strictly for executing certifications (e.g. Cyber Essentials) or penetration testing.

3. HOW WE USE YOUR DATA

We process your personal data for the following purposes:

  • To respond to your enquiries, provide quotes, and manage client onboarding.
  • To deliver cyber security assessments, manage certifications, and execute penetration tests.
  • To improve our website functionality, security, and user experience using anonymised analytics.
  • To comply with our legal, regulatory, and professional obligations.

4. LEGAL BASIS FOR PROCESSING

Under the UK GDPR, we only process your data when we have a valid lawful basis to do so:

  • Contractual Necessity: Processing is required to deliver the services you have engaged us for, or to take steps at your request before entering into a contract.
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as responding to B2B enquiries, managing our client relationships, and maintaining website security (including the deployment of essential security cookies to prevent malicious bot traffic).
  • Legal Obligation: Processing is required to comply with UK financial, tax, or regulatory laws.
  • Consent: Where you have given explicit consent, such as opting-in to receive marketing insights or newsletter communications (which you can withdraw at any time).

5. DATA SHARING

We do not sell, rent, or trade your personal data. To deliver our services effectively, we may share your information with:

  • Certification Bodies: Specifically, IASME Governance Ltd, as required to process, assess, and award your cyber security certifications.
  • Third-Party Service Providers: Trusted cloud infrastructure, CRM, and administrative tool providers operating as data processors on our behalf under strict confidentiality agreements.
  • Professional & Regulatory Bodies: Regulators, legal advisors, or law enforcement agencies if we are legally obliged to do so.

6. DATA STORAGE AND INTERNATIONAL TRANSFERS

We prioritise data security and sovereignty. The personal data we collect is hosted and processed securely within the United Kingdom (UK) and the European Economic Area (EEA).

We do not transfer your personal data to countries outside of the UK/EEA unless they are recognised as providing an adequate level of data protection under UK GDPR, or appropriate legal safeguards are firmly in place.

7. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes we collected it for. This includes satisfying any legal, accounting, or regulatory reporting requirements.

To determine the appropriate retention period, we consider the volume, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, and the applicable statutory limitation periods under UK law. Generally:

  • Enquiry Data: Retained for the duration of the standard business-to-business sales and follow-up cycle, and securely deleted if no contract is formed.
  • Client & Assessment Data: Retained for the duration of our active contractual relationship and for a subsequent period strictly aligned with UK statutory limitation periods for legal, tax, and financial liability defence.

8. YOUR LEGAL RIGHTS

Under the UK GDPR, you have specific rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request that we correct inaccurate or incomplete data.
  • Right to Erasure: Request that we delete your data under certain circumstances (the "right to be forgotten").
  • Right to Restrict or Object: Object to or restrict the processing of your data under specific conditions.
  • Right to Data Portability: Request the transfer of your data to another organisation.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please email us at privacy@vincentcyberdefence.co.uk. If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. AUTOMATED DECISION-MAKING

We do not use your personal data for automated decision-making or profiling that produces legal or significantly relevant effects concerning you.

10. COOKIES AND STORAGE TECHNOLOGIES

Our website uses strictly necessary cookies and local storage to ensure the security, integrity, and core functionality of our site, as well as optional analytical tools — specifically Google Analytics and Microsoft Clarity — to help us understand how visitors interact with our website and optimise user experience. Non-essential cookies are blocked by default and are only deployed if you explicitly consent via our cookie banner. Microsoft Clarity provides session replay and heatmap analytics; all data collected is anonymised and used solely for website improvement purposes. For a full, itemised breakdown of the specific cookies, storage keys, data retention periods, and third-party providers we use, please refer to our dedicated Cookie Policy.

11. SECURITY

As a cyber security firm, data protection is native to how we operate. We implement robust technical, physical, and organisational security measures (including encryption, strict access controls, and vulnerability management) to protect your personal data from unauthorised access, accidental loss, alteration, or disclosure.

12. CHANGES TO THIS PRIVACY POLICY

We may update this policy from time to time to reflect updates in our operational practices or legal requirements. Material changes will be highlighted with a notice on our website or communicated to you directly if appropriate.

// Blog & Guides

LATEST INSIGHTS

View All Articles →
New Cyber Essentials · 8 min

CYBER ESSENTIALS DANZELL 2026: WHAT HAS CHANGED

New auto-fail MFA rules and cloud scoping changes are now live. Complete guide from an IASME Approved Body.

 Cyber Essentials · 5 min

WHAT IS CYBER ESSENTIALS? A PLAIN-ENGLISH GUIDE

Everything UK businesses need to know about the Government-backed Cyber Essentials scheme.

 DCC Level 0 · 7 min

DCC LEVEL 0 EXPLAINED: WHAT MOD SUPPLIERS NEED TO KNOW

A clear breakdown of Defence Cyber Certification Level 0 and how to get certified.

 Pen Testing · 6 min

VULNERABILITY SCAN VS PENETRATION TEST: THE DIFFERENCE

Automated scanning and manual pen testing are not the same. Here is why it matters.
// Get In Touch

GET CERTIFIED TODAY

Fill in the form and we'll be in touch shortly. No jargon, no hard sell.