CyberDyn Security understand that we have a responsibility to protect and respect your privacy and look after your personal data.
This Privacy Statements accords with our Privacy Notice and explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.
For clarity, CyberDyn Security may be both data controller and data processor for your personal data under certain circumstances.
We must advise that our Privacy Policy is subject to change so please check our website on a regular basis for any further changes.
This Privacy Statement sets out your rights under the new laws.
1. Who are we?
CyberDyn Security Limited (“CyberDyn”, “we”, “us”, “our”) provides cyber security software and managed services to help organisations secure, manage, monitor, and maintain their IT environments.
Registered Address:
CyberDyn Security Limited
3 Cranwell Close
St. Albans
Hertfordshire
AL4 0SH
United Kingdom
Data Protection Officer (DPO): Steve Martin
Email: dpo@cyberdyn.co.uk
Phone: 01727 324210
CyberDyn Security may act as a Data Controller, Data Processor, or Joint Controller, depending on the service provided and the nature of the processing. This will be defined contractually where required.
2. The Personal Data We Collect
We may collect and process the following categories of personal data:
• Identity data (name, job title, organisation)
• Contact data (email address, telephone number, postal address)
• Account and billing data
• Technical data (IP address, device identifiers, logs, audit records)
• User activity and security event data (where services require this)
• Recruitment data (CVs, applications)
• Communications data (emails, support tickets, call records)
We do not intentionally collect special category data unless required by law or explicitly instructed by a client under a lawful basis.
3. Lawful Bases for Processing
Under UK GDPR, we process personal data on the following lawful bases:
• Contractual necessity – to deliver products and services you have requested
• Legal obligation – to meet regulatory, tax, and statutory duties
• Legitimate interests – to operate, secure, and improve our services, prevent fraud, and ensure network security
• Consent – where required for marketing or optional communications
Where consent is used, you may withdraw it at any time.
4. How We Use Your Personal Data
We use personal data to:
• Provide and manage cyber security software and services
• Administer accounts, contracts, billing, and payments
• Deliver customer support and service communications
• Monitor, secure, and report on IT environments (as contracted)
• Meet compliance, audit, and insurance obligations
• Improve our products and services
• Recruit and assess job applicants
• Communicate service updates and changes
• Send marketing communications only where consent has been given
5. Sharing Your Personal Data
We do not sell personal data.
We may share data with trusted third parties where necessary, including:
• Cloud hosting and infrastructure providers
• Software and security technology partners
• Payment processors
• Professional advisers (legal, financial, insurance)
• Regulators, law enforcement, or courts where legally required
All third parties are subject to contractual confidentiality and data protection obligations.
6. International Data Transfers
Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including:
• UK International Data Transfer Agreements (IDTA)
• UK Addendum to EU Standard Contractual Clauses
• Transfer Risk Assessments
We do not rely on Privacy Shield, which is no longer valid.
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including:
• Contractual and service requirements
• Legal, regulatory, and tax obligations
• Security, audit, and dispute resolution
Retention periods are defined in our internal data retention schedule. When data is no longer required, it is securely deleted or anonymised.
8. Your Rights Under UK GDPR
You have the right to:
• Access your personal data
• Rectify inaccurate or incomplete data
• Request erasure (right to be forgotten)
• Restrict processing
• Object to processing, including direct marketing
• Data portability
• Withdraw consent at any time
• Not be subject to solely automated decision‑making
Requests can be made by emailing dpo@cyberdyn.co.uk.
9. Right to Complain
If you are unhappy with how we handle your personal data, you have the right to complain to the UK supervisory authority:
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: https://www.ico.org.uk
10. Cookies and Website Analytics
Our website uses cookies and similar technologies. Details of how we use cookies and how to manage your preferences are available in our Cookie Policy, published on our website.
11. Links to Third‑Party Websites
Our website may contain links to external websites. We are not responsible for the privacy practices or content of third‑party sites and encourage you to review their privacy notices.
12. Changes to This Privacy Notice
We keep this Privacy Notice under regular review and may update it to reflect legal, regulatory, or operational changes. The latest version will always be available on our website.
13. Document Control
The Data Protection Officer/GDPR Owner is the owner of this document and is responsible for ensuring that this record is reviewed in line with the review requirements of the GDPR.
A current version of this document is available to all members of staff on the Company intranet and is published on our website.
Date:04.03.2026
14. Change History Record
Issue Description of Change Approval Date of Issue
1 Initial Issue S.Martin 04.03.2021
2 2026 Update S.Martin 04.03.2026