Privacy Policy

Surrey Cyber Security Cluster Ltd is committed to ensuring that your privacy is protected when you visit our website. This privacy policy explains what information is collected about you, how we use this information, how you can instruct us if you prefer to limit the use of the information and the procedures that we have in place to safeguard your privacy. Whenever you give us personal data, you consent to its collection and use under our privacy policy. We will not share your personal information for any other purposes without your consent unless required by law.


When we say ‘we’, ‘us’ or ‘our’, we are referring to Surrey Cyber Security Cluster Ltd also trading as “Surrey Cyber Security Cluster”. The purpose of this policy is to explain what information we collect, how we collect it and why we collect the information when you visit our website. This privacy policy has been compiled to better serve those who are concerned with how their’ Personally Identifiable Information’ (PII) is being used online. PII, as described in UK privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from the people that visit our blog, website or app?

We collect personal information from visitors to our site or other details to help you with your experience (e.g. form functionality and future site improvement), and for analytics and marketing purposes.

When do we collect information?

We collect general use and IP Address data when you use and navigate the site. We also collect the personal information submitted when you place an order, fill out a form or enter information on our site.

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To allow us to better service you in responding to your customer service requests.
  • To quickly process transactions.
  • To provide bespoke site features for a more personalised experience.
  • To send periodic emails regarding your order or other products and services.

How do we protect your information?

Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. Robust password and security features are in place, including user access restriction and multifactor authentication where your submitted data is passed to additional systems such as our business CRM. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.


Information you voluntarily provide – When you complete a form on our website, consult with our staff or send us an email you are voluntarily providing us information. This information may include your name, company name, company address, email address, telephone number(s) and your position in your company. We respect your privacy and will never disclose your personal information to a third party unless: a) it is necessary in relation to work we are doing for you and your company b) our company is acquired by another company and would therefore require it to continue working for you c) we are requested to do so by lawful authority in relation to the GDPR (General Data Protection Regulation). This data may be stored in the following locations:

  • FreeAgent and other accounting software
  • Our company CRM and other communication tools
  • Company telephones and systems
  • Relevant Third parties with a current or previous active involvement with the customer



Surrey Cyber Security Cluster Ltd adheres to the following policy in relation to the deployment of email communications:

  • All emails sent to you by Surrey Cyber Security Cluster Ltd will clearly identify Surrey Cyber Security Cluster Ltd or ” Surrey Cyber Security Cluster” as the sender.
  • The subject line of any email sent by Surrey Cyber Security Cluster Ltd will always accurately describe the subject matter of the email.
  • All emails sent to you by Surrey Cyber Security Cluster Ltd will include an option to unsubscribe from future email messages.
  • You may unsubscribe from ALL Surrey Cyber Security Cluster Ltd mailing lists, with the exception of any emails regarding product / service updates or renewals.
  • All promotional emails sent to you by Surrey Cyber Security Cluster Ltd will include information that the email is an advertisement within either the body or the footer.
  • All emails sent to you by Surrey Cyber Security Cluster Ltd, other than replies, will include our physical postal address.
  • Surrey Cyber Security Cluster Ltd sends emails to customers and prospects in both plain text and HTML email formats. Emails are sent using sender email address domain *
  • Surrey Cyber Security Cluster Ltd may occasionally use third-party companies and tools to send emails on its behalf (e.g. Mailchimp, SendGrid, SocialOptic etc.).

If you receive an email that claims to come from Surrey Cyber Security Cluster Ltd which does not use this domain, or if you are suspicious that an email may not be an approved Surrey Cyber Security Cluster Ltd email communication, then please send a copy of the email to so we can investigate.


Surrey Cyber Security Cluster Ltd uses web beacons to track whether recipients of its marketing communications have opened the HTML email. When the email is opened a part of the code that makes up the HTML page calls a web server to load the web beacon which then generates a record showing that the email has been viewed. Web beacons can also be used to record anonymous user information such as IP address, email software, browser type, time/date stamp in addition to personally identifiable information such as the recipient’s email address. If you do not wish to receive web beacons you will need to set your email client to disable HTML images or refuse HTML emails. You can learn more about web beacons at


In general, you can visit Surrey Cyber Security Cluster Ltd on the internet without telling us who you are or giving any personal information about yourself. However, when you contact us (either online, in person, by telephone, or letter) to enquire about, order, or start using our products or services, or to enter a competition, you may be required to provide personal data such as your name, company position, address, telephone number, mobile number, fax number, email address, and credit card details. We will collect that information and use it for the purposes for which you have provided it. We will never collect sensitive information about you without your explicit consent, and we will not pass any of your personal details on to third parties unless it is necessary to facilitate your enquiry.

Analytics Tracking

Every time you connect to our website, we store a log of your visit that shows the unique number your machine uses when it is connected to the internet – its IP address. This tells us what your machine has looked at, whether the page request was successful or not and which browser your machine used to view the pages. This data is used primarily for statistical purposes – to help us to understand which areas of the site are of particular interest and also which pages are not being requested. It also tells how many people are visiting the site. If necessary, we may attempt to contact you through these, including, without limitation, when you are using the wrong paths to access the site or are breaching restrictions on the use of the site. We may also use this information to block IP addresses where there is a breach of the Terms and Conditions for the use of the site.


“Cookies” are small pieces of text that get entered into the memory of your browser by a website. They allow the website to store information on a user’s machine and later retrieve it. Surrey Cyber Security Cluster Ltd uses cookies so that we can better serve you when you return to the site. Cookies also enable us to track and target the interests of our users to enhance the onsite experience. Cookies are in no way linked to any personally identifiable information. If a user rejects the cookie, they may still use the site, although some areas may be functionally limited. Most internet browsers allow the use of cookies to be enabled or disabled. Please refer to the documentation for your browser software for specific instructions on how to enable or disable cookies on your computer.

Third Party Cookies

  • Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). These cookies are used to collect information about how visitors use our website so we can see what content is popular to help us improve our website. The information is anonymised and displayed as numbers that cannot be tracked back to individuals. You can view Google Analytics’ Privacy Policy, and Opt out of their service if you wish to do so using the following link: Privacy Policy, Opt Out

  • Facebook Advertising

We use Facebook advertising conversion tracking and re-targeting pixels, which allows us to collect or receive information from our website and elsewhere on the internet and use that information to provide measurement services and target advertising. This information is generalised and can’t be tracked back to individuals.

  • Google Ads and Google Tag Manager

We use Google Ads and Tag Manager advertising conversion tracking and re-targeting pixels, which allows us to collect or receive information from our website and elsewhere on the internet and use that information to provide measurement services and target advertising. This information is generalised and can’t be tracked back to individuals.

  • MailChimp

We use Mailchimp landing pages, CRM, email distribution and other tools which allow us to collect or receive information from our website and elsewhere on the internet and use that information to provide measurement services and target advertising. We use Mailchimp to acquire user emails for the purposes of opt-in marketing. Opt in is performed via the website, and occasionally through express telephone permission, confirmed via email.


We use your personal data to provide goods and services to you, and to let you know about other goods and services in which you may be interested, including alerting you to product upgrades, offers, and contract renewal information. If you are making a job application or enquiry, you may provide us with a copy of your CV or other relevant information. We may use this information throughout the company for the purpose of considering your application or enquiry. Except when you explicitly request otherwise, we may keep this information on file for future reference. We may also use your personal data to carry out research. Your personal data may be aggregated with data received from other survey submissions. This research is conducted for our internal business and training purposes and will improve our understanding of our user’s demographics, interests and behaviour. This research is compiled and analysed on an aggregate basis and therefore does not individually identify any user.

External Links

Our website contains links to other sites. Please be aware that we are not responsible for the content or for the privacy practices of those sites that we link to. We encourage our users to be aware when they leave our site, and to read the privacy policy of other sites that collect personal data. This privacy policy applies to personal data collected by Surrey Cyber Security Cluster Ltd and our associated companies.

Data Controller and Ownership

Surrey Cyber Security Cluster Ltd (“We”, “Us”) is the entity responsible for the management and protection of your personal data. We are committed to upholding the confidentiality and security of your information, ensuring it is handled in compliance with legal requirements and best practices.

Retention of Data

Your personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected. This includes satisfying any legal, accounting, or reporting requirements. To determine our retention periods, we consider factors such as the duration of our ongoing relationship with you and any legal obligations to which we are subject.

Specifically, personal data submitted through our contact forms on the website is automatically deleted every 6 months. This policy ensures we do not retain your information longer than necessary, respecting your privacy and aligning with data protection practices.

For other types of data, retention periods may vary based on the data’s nature and the purpose for its collection. However, we strictly adhere to applicable legal requirements and aim to optimise our data retention practices to respect your privacy rights fully.

Basis for Processing

We process your personal data on various lawful bases, including:

  • Consent: Where you have given clear consent for us to process your personal data for a specified purpose.
  • Contract: Necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.
  • Legal Obligation: Necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: Necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

Rights of Data Subjects

As a data subject, you are afforded several rights under data protection laws, which include:

  • Right to Access: The right to request access to your personal data and information about how we process it.
  • Right to Rectification: The right to have inaccurate or incomplete personal data about you corrected.
  • Right to Erasure: The right to request the deletion of your personal data where there is no good reason for us continuing its processing.
  • Right to Restrict Processing: The right to request that we suspend the processing of your personal data under certain conditions.
  • Right to Data Portability: The right to request the transfer of your personal data to another party in certain situations.
  • Right to Object: The right to object to the processing of your personal data, under certain conditions, including for direct marketing purposes.

Should you wish to exercise any of these rights, please contact us. Our aim is to respond to all legitimate requests within one month, though more complex or numerous requests may extend this timeframe.


Unfortunately, no data transmission over the internet or any other network can be guaranteed 100% secure. While we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us, and this information is transmitted at your own risk. We endeavour to hold all personal information securely in accordance with our internal security procedures and English law.


This is the website of Surrey Cyber Security Cluster Ltd a company registered in England and Wales under company number 14137647 whose registered office is at:

  • Woodhatch Place 11 Cockshot Hill Reigate, Surrey United Kingdom RH2 8EF

If you would like to request any information about your personal data or believe that we are holding incorrect personal data on you, please contact It is possible to obtain a copy of the information that we hold on you. A nominal charge of £10 is made to cover the administrative costs involved.


This privacy policy was last updated on 20/03/2024. We reserve the right to amend or vary this policy at any time and the revised policy will apply from the date posted on the site. You accept that by doing this, Surrey Cyber Security Cluster Ltd has provided you with sufficient notice of the amendment or variation.