Privacy Policy

Cyphral is committed to protecting your privacy and handling personal data lawfully, fairly and transparently. This notice explains what personal data we collect, why, and your rights in relation to it.

Who we are and how to contact us

Aisha, trading as Cyphral, is a UK sole trader providing Cyber Essentials readiness consulting to small and medium-sized businesses. Cyphral is the data controller responsible for your personal data.

Aisha, trading as Cyphral
4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London W1T 6EB
Email: hello@cyphral.co.uk
ICO registration number: ZC179468

The personal data we collect

The only personal data we collect is information you choose to provide when you contact us, whether through the contact form on this website or by email: your name, your email address, and the content of your message.

We do not collect this data by any other means. We do not buy or obtain personal data from third parties.

Cookies and analytics

This website uses no cookies. Our analytics provider, Cloudflare Web Analytics, is cookieless: it does not set cookies, does not fingerprint visitors, and does not track individuals across websites. It provides only aggregate, anonymous usage statistics.

Further detail is set out in our Cookie Policy.

How we use your data and our lawful basis

Purpose

To read, consider and respond to the enquiry you have sent us, and to carry out any work that follows if you choose to engage us.

Lawful basis under UK GDPR

Legitimate interests, namely responding to a communication you have deliberately initiated. Where we go on to provide services to you, processing is also necessary for the performance of a contract.

Who we share your data with

We do not sell your data and we do not share it for marketing. We operate no marketing list.

We rely on a small number of service providers who process data on our behalf, strictly under our instructions and under written terms: Cloudflare, for website hosting, email routing, and cookieless analytics, and Resend, for delivery of email. These act as our data processors.

International transfers

Some of our providers may process data outside the UK. Where they do, the transfer is protected by appropriate safeguards recognised under UK data protection law.

How long we keep your data

We keep enquiry correspondence only for as long as necessary for the purpose for which it was provided. Where an enquiry does not lead to an engagement, we delete it within a reasonable period. Where an engagement follows, we retain records for as long as needed to deliver the work and to meet any legal or regulatory obligation, after which they are deleted.

Keeping your data secure

We apply appropriate technical and organisational measures to protect personal data, including access control, encryption in transit, and data minimisation: we collect only what we need. No method of transmission or storage is entirely without risk, but we take reasonable steps to keep your information safe.

Your rights

Under UK GDPR you have the following rights in relation to your personal data:

• the right to be informed about how your data is used;
• the right of access to the data we hold about you;
• the right to rectification of inaccurate data;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object to processing.

These rights may be subject to legal limits in some cases. To exercise any of them, please email hello@cyphral.co.uk. We aim to respond within one month.

Complaints

You have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk. We ask that you raise any concern with us first so we have the opportunity to resolve it.

Changes to this notice

We may update this notice from time to time. The "last updated" date above indicates the current version.