Legal

Privacy Policy

Last updated: March 2026

Certyn Ltd ("we", "our", "us") is committed to protecting and respecting your privacy. This policy explains how we collect, use, and safeguard your personal data when you use our website, services, or communicate with us. We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

01 Who We Are

Certyn Ltd is a cybersecurity compliance consultancy registered in England and Wales. We help businesses achieve and maintain Cyber Essentials certification. For the purposes of data protection law, we are the data controller responsible for your personal data.

Data Controller: Certyn Ltd

Email: privacy@certyn.co.uk

Address: [Your registered business address]

02 What Data We Collect

We may collect and process the following personal data:

Information you provide directly

Name, job title, and company name
Email address and phone number
Details about your IT environment provided during assessments
Correspondence and communications with us
Payment and billing information

Information collected automatically

IP address and browser type
Pages visited and time spent on our website
Referring website or source
Device and operating system information

03 How We Use Your Data

We use your personal data for the following purposes:

To provide our compliance assessment and certification services
To communicate with you about your project, including progress updates and recommendations
To send you relevant information about our services, where you have opted in to receive it
To process invoices and manage our business relationship with you
To improve our website, services, and client experience
To comply with legal obligations and regulatory requirements

04 Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR:

Contract: Processing necessary to perform our services as agreed with you
Legitimate interests: Improving our services, marketing our business to relevant audiences, and managing our operations
Consent: Where you have opted in to receive marketing communications
Legal obligation: Where processing is required to comply with UK law

05 Data Sharing

We do not sell your personal data to third parties. We may share your data with:

Certification bodies: such as IASME, where necessary to process your Cyber Essentials certification
Service providers: such as our hosting provider, email platform, and accounting software, all of whom are bound by data processing agreements
Professional advisors: such as our accountants or legal advisors, where necessary
Law enforcement or regulatory bodies: where required by law

06 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for. Specifically:

Client project data is retained for 6 years after the end of the engagement, in line with UK contractual limitation periods
Marketing consent records are retained until you withdraw consent
Website analytics data is retained for 26 months

07 Cookies

Our website uses cookies to improve your experience. These include:

Essential cookies: required for the website to function properly
Analytics cookies: to understand how visitors use our site, helping us improve it

You can control cookie preferences through your browser settings. Disabling cookies may affect your experience of our website.

08 Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Rectification: Request correction of inaccurate or incomplete data
Erasure: Request deletion of your data where there is no compelling reason for continued processing
Restriction: Request that we limit how we use your data
Portability: Request transfer of your data to another provider
Objection: Object to processing based on legitimate interests or for marketing purposes
Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@certyn.co.uk. We will respond within 30 days.

09 Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. As a cybersecurity compliance consultancy, we practise the same standards we advise our clients to adopt, including encryption, access controls, and regular security reviews.

10 International Transfers

We store and process your data within the United Kingdom. Where any data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

11 Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ICO: ico.org.uk

Helpline: 0303 123 1113

12 Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.