Legal
Solusec Ltd is a UK-based cyber security consultancy registered in England and Wales.
Solusec Ltd is the data controller for personal data collected through this website and in the course of providing our services. The director is responsible for data protection compliance within the organisation.
When you use the contact form on our website, we collect your name, email address, organisation name, phone number (if provided), service interest, and message content. This is used solely to respond to your enquiry.
If you contact us by email, we collect your email address, name, and any personal information you include in your message.
When you engage Solusec Ltd for services, we collect contact details for relevant personnel, information necessary to scope and deliver the engagement, and information needed to fulfil our contractual and legal obligations. The nature of this data varies by service.
We may collect anonymised data about how visitors use our website, such as pages visited and browser type, to understand how the site is used and improve it. This data does not identify you personally.
We do not routinely collect special category data (such as health information, ethnicity, or political views) and have no reason to do so in the course of our normal business activities.
We rely on the following lawful bases under UK GDPR:
| Processing activity | Lawful basis |
|---|---|
| Responding to enquiries submitted via the contact form or email | Legitimate interests (responding to a request you initiated) |
| Delivering contracted services to clients | Contract performance |
| Retaining client contact details for ongoing business communications | Legitimate interests |
| Complying with legal obligations (e.g. financial records) | Legal obligation |
| Website analytics | Legitimate interests |
Where we rely on legitimate interests, we have completed a Legitimate Interests Assessment confirming that our interests are genuine, the processing is necessary and proportionate, and that it does not override your rights and reasonable expectations.
We use the personal data we collect to:
We do not use your data for automated decision-making or profiling. We do not sell your data to third parties. We do not send marketing communications without your explicit consent.
We share personal data only where necessary and with appropriate safeguards in place.
| Recipient | Purpose | Safeguard |
|---|---|---|
| Microsoft (Microsoft 365) | Email, document storage, and business operations | Microsoft Online Services DPA incorporating SCCs and UK Addendum |
| Contractors engaged on specific engagements | Service delivery where specialist support is required | Contractual confidentiality and data processing obligations |
| Legal or regulatory authorities | Where required by law | Legal obligation |
We do not share your personal data with any other third parties without your knowledge and a clear lawful basis for doing so.
Our Microsoft 365 tenant is provisioned in the UK/EU region, meaning data at rest is stored within the EEA. Where any processing by Microsoft occurs outside the EEA, it is governed by Microsoft's Online Services Data Processing Agreement, which incorporates Standard Contractual Clauses and the UK Addendum, providing a lawful transfer mechanism under UK GDPR.
We do not transfer your personal data outside the UK or EEA through any other means without an appropriate safeguard in place.
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.
Data is securely deleted or anonymised when it is no longer required.
Under UK GDPR, you have the following rights in relation to your personal data:
To exercise any of these rights, contact us at info@solusec.co.uk. We will respond within one month. We may need to verify your identity before processing your request.
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Our website uses only essential cookies necessary for the site to function. We do not use advertising, tracking, or third-party analytics cookies. No cookie consent banner is required as we do not place non-essential cookies.
If this changes, we will update this policy and implement appropriate consent mechanisms.
As a cyber security consultancy, we apply rigorous technical and organisational controls to protect your personal data. These include encryption at rest and in transit, access controls on a least-privilege basis, audit logging, and regular vulnerability assessments of our own systems. In the event of a personal data breach that meets the reporting threshold, we will notify the ICO within 72 hours and affected individuals without undue delay.
Our services are directed at businesses and professionals. We do not knowingly collect personal data from children under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
We review this privacy policy at least annually and update it when our practices change or when required by law. The date of the most recent review is shown at the top of this page. We will not reduce your rights under this policy without providing notice.
For any questions about this privacy policy, to exercise your rights, or to raise a concern about how we handle your data, please contact us: