Legal

Privacy Policy

Solusec Ltd · Company No. 13352754 · ICO Ref ZC103067 · Last reviewed: June 2026

Plain English summary: We collect only what we need to provide our services and respond to enquiries. We do not sell your data, send marketing without your permission, or share your information with anyone who does not need it. You are in control.

Contents

  1. Who we are
  2. What data we collect and why
  3. Lawful basis for processing
  4. How we use your data
  5. Data sharing and third parties
  6. International transfers
  7. How long we keep your data
  8. Your rights
  9. Cookies
  10. Security
  11. Children
  12. Changes to this policy
  13. How to contact us

1  Who we are

Solusec Ltd is a UK-based cyber security consultancy registered in England and Wales.

Solusec Ltd is the data controller for personal data collected through this website and in the course of providing our services. The director is responsible for data protection compliance within the organisation.

2  What data we collect and why

Website contact form

When you use the contact form on our website, we collect your name, email address, organisation name, phone number (if provided), service interest, and message content. This is used solely to respond to your enquiry.

Email and direct correspondence

If you contact us by email, we collect your email address, name, and any personal information you include in your message.

Client and engagement data

When you engage Solusec Ltd for services, we collect contact details for relevant personnel, information necessary to scope and deliver the engagement, and information needed to fulfil our contractual and legal obligations. The nature of this data varies by service.

Website analytics

We may collect anonymised data about how visitors use our website, such as pages visited and browser type, to understand how the site is used and improve it. This data does not identify you personally.

Data we do not collect

We do not routinely collect special category data (such as health information, ethnicity, or political views) and have no reason to do so in the course of our normal business activities.

3  Lawful basis for processing

We rely on the following lawful bases under UK GDPR:

Processing activity Lawful basis
Responding to enquiries submitted via the contact form or email Legitimate interests (responding to a request you initiated)
Delivering contracted services to clients Contract performance
Retaining client contact details for ongoing business communications Legitimate interests
Complying with legal obligations (e.g. financial records) Legal obligation
Website analytics Legitimate interests

Where we rely on legitimate interests, we have completed a Legitimate Interests Assessment confirming that our interests are genuine, the processing is necessary and proportionate, and that it does not override your rights and reasonable expectations.

4  How we use your data

We use the personal data we collect to:

We do not use your data for automated decision-making or profiling. We do not sell your data to third parties. We do not send marketing communications without your explicit consent.

5  Data sharing and third parties

We share personal data only where necessary and with appropriate safeguards in place.

Recipient Purpose Safeguard
Microsoft (Microsoft 365) Email, document storage, and business operations Microsoft Online Services DPA incorporating SCCs and UK Addendum
Contractors engaged on specific engagements Service delivery where specialist support is required Contractual confidentiality and data processing obligations
Legal or regulatory authorities Where required by law Legal obligation

We do not share your personal data with any other third parties without your knowledge and a clear lawful basis for doing so.

6  International transfers

Our Microsoft 365 tenant is provisioned in the UK/EU region, meaning data at rest is stored within the EEA. Where any processing by Microsoft occurs outside the EEA, it is governed by Microsoft's Online Services Data Processing Agreement, which incorporates Standard Contractual Clauses and the UK Addendum, providing a lawful transfer mechanism under UK GDPR.

We do not transfer your personal data outside the UK or EEA through any other means without an appropriate safeguard in place.

7  How long we keep your data

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.

Data is securely deleted or anonymised when it is no longer required.

8  Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

To exercise any of these rights, contact us at info@solusec.co.uk. We will respond within one month. We may need to verify your identity before processing your request.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

9  Cookies

Our website uses only essential cookies necessary for the site to function. We do not use advertising, tracking, or third-party analytics cookies. No cookie consent banner is required as we do not place non-essential cookies.

If this changes, we will update this policy and implement appropriate consent mechanisms.

10  Security

As a cyber security consultancy, we apply rigorous technical and organisational controls to protect your personal data. These include encryption at rest and in transit, access controls on a least-privilege basis, audit logging, and regular vulnerability assessments of our own systems. In the event of a personal data breach that meets the reporting threshold, we will notify the ICO within 72 hours and affected individuals without undue delay.

11  Children

Our services are directed at businesses and professionals. We do not knowingly collect personal data from children under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12  Changes to this policy

We review this privacy policy at least annually and update it when our practices change or when required by law. The date of the most recent review is shown at the top of this page. We will not reduce your rights under this policy without providing notice.

13  How to contact us

For any questions about this privacy policy, to exercise your rights, or to raise a concern about how we handle your data, please contact us: