About us
PureCyber provides information security assurance services and consultancy. We are based in the UK (Cardiff, South Wales). PureCyber is committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws. This notice sets out how any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. The data controller of the personal data referred to in this policy is Data Controller, PureCyber Limited, Suite A2, 5th Floor, One Central Square, Cardiff, CF10 1FS.
PureCyber is responsible for the data we collect and process for our own purposes. We’re committed to maintaining the security and privacy of the personal data we process, both through our website and through our interactions with clients, prospects, or industry partners.
Whether we are supporting our clients or managing our own data, privacy and security are at the heart of our operations. Whilst we take appropriate measures in our own practices, security and privacy are at the core of our business operations, so it is imperative we operate in accordance with and, where possible, above, industry and regulatory requirements.
Collection of personal data
Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
PureCyber may collect and/or create or otherwise obtain and process the following data about you:
Information about you that you provide by filling in forms while registering for downloads, service or product sales applications or requests for information through our website PureCyber.com.
We may also ask you for information when you contact us through our support desk, make a complaint, or when you contact us, we may keep a record of that correspondence.
We may also ask you to complete optional surveys that will be used to provide you with a more relevant customer experience, service reviews/feedback, or, in some cases, to answer research questions. The type, purpose and use of this data will be clearly laid out at the time of request.
Details of when you digitally interact with PureCyber via our websites and other digital channels and the resources that you access, which may include the use of cookies (subject to our Cookie Policy).
Information about emails and other communications we have sent to you and your interaction with them.
Uses made of your information and the basis of processing
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example, to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law).
Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example, if you subscribe to an email newsletter.
Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example, to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law).
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time, and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information).
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
| Purpose/Use | Type of Data | Legal Basis |
|---|---|---|
| To register you as a new customer. | (a) Identity (b) Contact |
Performance of a contract with you or in preparation to entering into a contract with you. |
|
To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with you in providing our services (b) Necessary for our legitimate interests (to recover debts due to us and providing you with our services) (c) Necessary to comply with a legal obligation such as specific financial reporting obligations. |
|
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Dealing with your requests, complaints and queries |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (b) Necessary to comply with a legal obligation |
| To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing |
(a) Technical (b) Usage |
Necessary for our legitimate interests |
| To send you relevant marketing communications and make personalised suggestions and recommendations |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
Necessary for our legitimate interests |
| To handle website enquiries including responding effectively to correspondence sent via our Contact Us page. |
(a) Identity (b) Contact (c) Technical |
Necessary for our legitimate interests in responding to enquiries. |
Automated Decision Making
PureCyber will not use any of the personal information we collect from you to make automated business decisions.
Recipients of personal data
We will share information about you with some of our suppliers who process data on our behalf to help us to provide services to you. We undertake this data sharing on the basis of our legitimate interests.
Categories of organisation and purpose
PureCyber registered event organisers – to enable event organisers to manage PureCyber registered activities and communicate with participants.
International transfer of personal data
We do not envisage transferring any information about or relating to individuals to anyone outside of PureCyber who is located outside of the European Economic Area.
Information security
At PureCyber we take the security of personal data extremely seriously. We have implemented a mixture of cyber security and privacy controls that align to our ISO27001:2022, ISO9001:2015, Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assured (Level 1 and Level 2) Certifications.
PureCyber are a National Cyber Security Centre (NCSC) Assured Service Provider and a registered member of the Council for Registered Ethical Security Testers (CREST), which ensures our methodologies used for delivery of our Services meet the expectations of the UK Governments Technical security arm.
We assess security for Confidentiality, Integrity, and Availability to ensure that data remains protected, accurate and available for its intended purposes. Some of the core controls we have implemented as part of these certifications are:
Multi-Factor Authentication (MFA) on internet-based systems that hold sensitive personal data
Encryption of data at rest and in transit
Technical assessments of our systems for vulnerabilities and configuration weaknesses
Controlled access to only approved individuals
Screening of all employees to a minimum of the Baseline Personnel Security Standard (BPSS)
Policies and procedures on secure operations and configuration of systems
Data retention period
We will hold information about you in our data systems only for as long as we need it for the purpose for which we collected it, which is as follows:
As long as you continue to be an active customer in use of our services (including purchasing services/products, engaging with emails and downloading content) we will retain and process information about you. In such cases, you will be considered to be an ‘active’ customer. If you have not been ‘active’ as a customer for a period of three years, PureCyber will annually delete/anonymise any personal data held relating to you.
Personal data gathered as part of the delivery of professional or managed services about you, employees or customers will be maintained for the minimum document period as defined by regulation and/or legislation. If this is not defined then it will be held for a maximum of 3 years.
Personal data linked to the processing of insurance claims, subject access requests, disputes, disciplinary or police matters will only be kept for as long as necessary for those purposes, as each is applicable.
IP addresses and cookies
We may obtain information about your general internet usage by using a cookie file that is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
In addition to the above, we use third-party cookies and pixels to advertise PureCyber and our products across the internet (for example via Google AdWords Remarketing and other services). Remarketing will display relevant adverts tailored to you based on what parts of the PureCyber website you have viewed by placing a cookie on your machine. This does not in any way identify you or give access to your computer. Remarketing allows us to tailor our marketing to better suit your needs and only display adverts that are relevant to you.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the Site. You can see a full list of cookies used on our websites here.
In addition to cookies, PureCyber records the activity of users of our website for marketing purposes detailing the pages you visit on the website. We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration purposes. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Your rights as a data subject
Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below:
Right to be informed – A right to be informed about the personal data we hold about you.
Right of access – A right to access the personal data we hold about you.
Right to rectification – A right to require us to rectify any inaccurate personal data we hold about you.
Right to erasure – You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to restrict processing – You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
Right to Data Portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
Right to Object – You have a right to object to our processing your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
Right to Withdraw Consent – A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with brochures and newsletters). You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below.
If you wish to exercise any of the rights set out above, please contact info@purecyber.com or write to Data Controller, PureCyber Limited, Suite A2, 5th Floor, One Central Square, Cardiff, CF10 1FS.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your right to complain to the supervisory authority
You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). However, before doing so, please make sure you have first made your complaint to us or asked us for clarification if there is something you do not understand. The ICO will expect you to have done this before reviewing your complaint. You can find our complaints form here.
Changes to our privacy policy
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by date-stamped communication.
This version was last updated on 04/2026. Historic versions can be obtained by contacting us.
Marketing Communications
If you would like to opt out of our marketing communications, please email us at info@purecyber.com from the email you wish to unsubscribe.
How to contact us
If you wish to contact us about your personal data or exercise any of the rights described above, please email: info@purecyber.com or write to Data Controller, PureCyber Limited, Suite A2, 5th Floor, One Central Square, Cardiff, CF10 1FS.