top of page

Privacy Policy

CyberPrae Limited (“CyberPrae”, “we”, “us”, “our”)

 

Summary and scope

 

This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how we protect it, and how you can exercise your legal rights. It applies to data collected during and after any relationship with CyberPrae, including via our websites, products, services, communications, and business transactions. It is issued under the UK GDPR and the Data Protection Act 2018. By using our services or providing data to us you accept this policy.

 

Controller details

 

Data controller: CYBERPRAE LIMITED
Contact: dataprotection@cyberprae.com

Address: 2 Claremont Avenue, Stony Stratford, Milton Keynes, Buckinghamshire, MK11 1HH, United Kingdom

 

Data protection principles

 

We process personal data in line with legal requirements. Data will be:

 

  • processed lawfully, fairly and transparently;

  • collected for specified, explicit and legitimate purposes and not used incompatibly;

  • adequate, relevant and limited to what is necessary;

  • accurate and up to date;

  • retained only as long as necessary; and

  • protected with appropriate security.

 

Categories of personal data we process

 

We may collect, hold and use the following categories of personal data:

 

  • Identity: name, job title.

  • Contact: business address, email, telephone.

  • Account & profile: username, password, account settings, preferences.

  • Transaction: purchases, invoices, payment details (where provided).

  • Technical & device: IP address, device identifiers, browser, operating system, login timestamps, cookies.

  • Usage: pages visited, features used, error logs, support tickets.

  • Marketing & communications: preferences, consents, opt-out status.

  • Recruitment & HR (where applicable): CVs, employment history, references.

We may also process aggregated or anonymised data for analytics and business improvement.

 

Special-category and sensitive data

 

We do not normally collect special-category (sensitive) data (e.g., health, racial or ethnic origin, political opinions). If such data is required for a specific service, we will: (a) identify the lawful basis and any additional legal condition that permits processing; (b) obtain explicit consent where required; and (c) apply additional protections and minimum retention

 

How we obtain personal data

 

  • Directly from you: forms, registrations, emails, phone calls, contracts, service use.

  • From third parties: payment processors, partners, referrals, public sources (where lawful). We rely on third parties to have collected that data in compliance with applicable law.

  • Automatically: cookies and similar technologies when you use our website or services (see cookie policy).

 

How we will use your personal data

Purpose
Data we use
Lawful basis
Retention approach
In the event of a merger, acquisition or restructuring
Identity, Contact, Transaction
Legitimate interests / legal obligation
Retained until transfer completed or as required by law
For audits, regulatory reporting and compliance
Identity, Contact, Transaction
Legal obligation
Kept only as long as required under statutory rules
To manage recruitment or employment applications
Identity, Contact, CV, employment history
Performance of a contract / legal obligation / legitimate interests
Application records held for recruitment period; successful candidates follow HR schedules
To send updates, offers or newsletters
Contact, Marketing preferences
Consent or legitimate interests (depending on channel)
Until you opt out or withdraw consent
To improve our website, products and services
Usage, Technical, Aggregated
Legitimate interests / consent (if required for cookies/analytics)
Aggregated data may be kept; raw data retained short-term (e.g. months–2 years)
To maintain security, detect fraud and monitor compliance
Identity, Technical, Usage
Legitimate interests / legal obligation
Logs retained only as long as required for monitoring and investigation
To provide support and respond to enquiries
Identity, Contact, Usage, Technical
Performance of a contract / legitimate interests
Until the enquiry or case is closed, then archived for a defined period
To deliver our services and manage contracts
Identity, Contact, Account, Transaction, Usage
Performance of a contract
While you are a customer and for a limited period after to resolve issues
To process payments, billing and comply with tax obligations
Identity, Contact, Transaction
Legal obligation / performance of a contract
As required by law (e.g. tax and accounting retention periods)
Data Retention

 

We keep personal data only for as long as it is needed to meet the purposes for which it was collected. This includes fulfilling contracts, meeting legal, accounting, regulatory, and reporting obligations, and resolving disputes.

 

When setting retention periods, we consider:

 

  • the type and sensitivity of the data;

  • the potential risks of unauthorised access or disclosure;

  • the reasons we process the data and whether those purposes can be met in another way; and

  • legal and regulatory requirements that apply.

 

Once data is no longer required, it will be securely deleted or anonymised.

 

Consequences of not providing data

 

If you do not provide required data we may be unable to perform a contract, provide a service, verify identity, complete a purchase, or comply with a legal obligation. We will notify you if this applies.

 

Marketing and communications

 

You can opt out of marketing at any time via: (a) unsubscribe links in messages; (b) contacting dataprotection@cyberprae.com

 

Cookies and tracking

 

We use cookies and similar technologies for site functionality, analytics, and marketing. See our cookie policy for details and controls. You can control cookies via your browser settings; disabling cookies may affect site functionality.

 

Sharing and recipients

 

We share data only as necessary and with safeguards:

 

  • Service providers and processors (hosting, payment, analytics, support, professional advisers) under contractual obligations to process only on our instructions.

  • Regulators, tax authorities, courts or law enforcement where required by law.

  • Prospective buyers or partners in the event of a sale, merger or finance transaction (with standard confidentiality safeguards). We require contractual commitments from processors to implement appropriate technical and organisational measures.

 

International transfers

 

If personal data is transferred outside the UK, we will ensure adequate protection through one or more of: an adequacy decision, appropriate contractual clauses (SCCs), binding corporate rules, or other lawful safeguards. Contact dataprotection@cyberprae.com

 

Data breaches and notifications

 

We maintain breach-response procedures. If a notifiable personal data breach occurs we will notify the Information Commissioner’s Office and affected individuals as required by law, and take steps to contain and remediate the breach.

 

Retention policy

 

Retention is determined by purpose, legal/regulatory needs, and risk. Examples:

 

  • Customer account data: while account active, then archived/deleted within a fixed period unless needed for legal reasons.

  • Financial and tax records: retained to meet statutory requirements (typical range in business practice: several years).

  • Support logs and analytics: retained for operational needs (e.g., months to a few years).

  • Marketing preferences: retained until you opt out.

 

We will provide specific retention periods on request.

 

Automated decision-making and profiling

 

We do not carry out automated decision-making or profiling that produces a legal or similarly significant effect on individuals, unless we notify you and put suitable safeguards in place (including the right to human review), and have a lawful basis to do so.

 

Your rights and how to exercise them

 

Under data protection law you may have rights to:

 

  • access your personal data;

  • rectification of inaccurate or incomplete data;

  • erasure (in certain circumstances);

  • restriction of processing;

  • objection to processing (including for direct marketing);

  • data portability (in certain cases); and

  • withdraw consent where processing is based on consent.

 

To exercise any right, email dataprotection@cyberprae.com

 

For more information: ICO Individual Rights

 

Data subject access request (SAR)

 

  • Send SAR to dataprotection@cyberprae.com  with details of the information requested.

  • Provide proof of identity if requested (to avoid unauthorised disclosures).

  • We will acknowledge receipt and aim to provide the information or refusal explanation within one month (subject to verification/complexity rules).

 

If we require further information to locate the data, we will request it promptly.

 

Third-party websites and services

 

Our site may link to external websites or use third-party services. We are not responsible for those sites’ privacy practices. Review third-party privacy notices before submitting personal data.

 

Changes to this policy

 

We review and update this policy periodically. The current version (and last updated date) appears at the top of this document. Material changes will be communicated where appropriate.

 

Contact and complaints

 

For questions, rights requests, or complaints, please contact dataprotection@cyberprae.com

bottom of page