Is your business exposed? Run a free domain security audit in 60 seconds
CyberBITS

Privacy

Privacy policy.

How CyberBITS Ltd collects, uses and protects the personal information you share with us, in line with UK GDPR and the Data Protection Act 2018.

Last updated:

1. About this policy

This privacy policy explains how CyberBITS Ltd ("we", "us", "our") collects, uses, shares and protects personal data when you visit cyberbits.co.uk, contact us through any of our forms, book a meeting with our team, or become a customer.

We are the data controller in respect of personal data we process about you. If you have any questions about this policy or how we handle your data, you can contact us at hello@cyberbits.co.uk or by post at the address at the bottom of this page.

2. What personal data we collect

We collect personal data in the following circumstances:

2.1 When you visit our website

We use a privacy-friendly analytics service, Plausible Analytics, to understand how the site is used. Plausible does not use cookies and does not collect or store personal data. It records aggregate, anonymous statistics — such as the number of visits to each page, the country a visit came from, the type of device and browser used, and the website or search engine that referred you. We use this purely to improve the site; we cannot identify individual visitors from this data. See section 8 for more on cookies.

2.2 When you submit a form

Our website forms (contact, lead capture, lead-magnet downloads) are processed by Keap (Infusionsoft) on our behalf. We collect the information you provide — typically your name, email address, telephone number, company name, and the content of any message you write.

2.3 When you book a meeting

Discovery calls are scheduled through AppointmentCore. When you book a slot, we receive your name, email address, telephone number (if provided), the meeting time, and any answers you give to pre-meeting questions.

2.4 When you become a customer

To deliver our services we may collect and process additional categories of data, including:

  • Contact and billing details for your business and authorised contacts;
  • Account credentials and configuration data needed to manage your IT systems on your behalf, held only with your prior authorisation;
  • Technical data including device identifiers, log data and security event data generated by the systems we manage;
  • Records of correspondence and support tickets between you and our team.

3. Why we use your data and our lawful basis

We process personal data on the following lawful bases under UK GDPR:

  • Performance of a contract — to deliver the services you have engaged us for, including IT support, security, hosting, communications and projects.
  • Legitimate interests — to operate and promote our business, respond to enquiries, prevent fraud and abuse, secure our systems and yours, improve our services, and keep accurate business records. Where we rely on this basis, we balance our interests against your rights.
  • Consent — for any direct marketing communications (such as our newsletter, where applicable) you have actively opted in to. You can withdraw consent at any time.
  • Legal obligations — to comply with applicable laws and regulatory obligations (including tax, accounting, employment and information-security laws).

4. Who we share your data with

We do not sell personal data. We share it only with carefully chosen service providers who help us deliver our services, and where required by law. Categories of recipients include:

  • Customer relationship and marketing platforms — Keap (Infusionsoft) for lead and customer management, AppointmentCore for meeting scheduling.
  • Website analytics — Plausible Analytics (EU-hosted) for cookieless, privacy-friendly site analytics.
  • Hosting and infrastructure providers — Netlify (website hosting), Sanity (content management), Microsoft (Microsoft 365 services we resell and manage).
  • Operational tools — remote-management, monitoring, ticketing and backup platforms used to deliver managed IT, cybersecurity and supporting services.
  • Professional advisers — accountants, auditors, lawyers and insurers, where reasonably required.
  • Authorities — law enforcement, regulators or courts, where we are legally obliged to disclose information.
  • Successors in business — in the event of a merger, acquisition, restructuring, or sale, your data may be transferred as part of the relevant transaction.

Each provider is bound by appropriate contractual obligations to protect your data and process it only on our instructions.

5. International data transfers

Some of the providers we use store or process personal data outside the United Kingdom (most commonly within the European Economic Area or the United States). Where this happens, we rely on appropriate safeguards under UK GDPR — including UK Adequacy Regulations, the UK International Data Transfer Agreement, or Standard Contractual Clauses — to make sure your data receives equivalent protection.

6. How long we keep your data

We retain personal data only for as long as we genuinely need it. Indicative retention periods are:

  • Enquiries that don't lead to a relationship — up to 24 months from your last contact with us.
  • Active customer records and supporting data — for the duration of our relationship and for a further 6 years thereafter, to comply with UK accounting and tax obligations.
  • Marketing contact lists — until you unsubscribe or your contact data has been inactive for 36 months.
  • Website analytics — anonymous, aggregated pageview statistics retained while we operate the website; no personal data is stored.
  • Security and audit logs — typically 12–24 months, depending on the system, to support incident investigation.

7. Your rights

Under UK GDPR you have the right to:

  • Be informed about how we use your personal data (this policy);
  • Ask for a copy of the personal data we hold about you (right of access);
  • Have inaccurate or incomplete data corrected (right to rectification);
  • Ask us to delete personal data in certain circumstances (right to erasure);
  • Ask us to restrict our processing of your data;
  • Object to processing based on our legitimate interests;
  • Receive a portable copy of certain data you've given us;
  • Withdraw consent for any processing we carry out on the basis of consent.

To exercise any of these rights, contact us at hello@cyberbits.co.uk. We will respond within one month of receiving a verifiable request.

8. Cookies

We have deliberately built this website to use as few cookies as possible. We do not use any analytics, advertising or tracking cookies — our analytics provider, Plausible, is cookieless by design.

A small number of strictly necessary cookies may be set by embedded third-party services when you actively use them:

  • Embedded forms (Keap) — to process your form submission and help prevent abuse.
  • Booking widget (AppointmentCore) — to manage your meeting booking.

These cookies are only set when you interact with the relevant feature and are considered strictly necessary, so they do not require your consent under UK GDPR / PECR. Because we do not set any non-essential cookies, we do not display a cookie consent banner.

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality.

9. Security

We apply technical and organisational measures appropriate to the risk associated with the data we process — including access controls, encryption in transit, multi-factor authentication on administrative accounts, secure software development practices, and ongoing security awareness training for our team. No system is perfectly secure, but we work hard to keep yours and ours as secure as practical.

10. Children

Our services are aimed at businesses, not individual consumers, and our website is not directed at children. We do not knowingly collect personal data from anyone under the age of 16.

11. Complaints

If you have a concern about how we handle your data, please raise it with us first — we'll do our best to put it right. You also have the right to make a complaint to the UK Information Commissioner's Office (ICO):

  • Online: ico.org.uk/make-a-complaint
  • Phone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of the page reflects the latest version. Material changes will be flagged on the website or notified to active customers by email.

13. How to contact us

For any privacy-related queries — including to exercise any of the rights above — write to us at:

CyberBITS Ltd
Falcon Point, Offiss Workspace, Park Plaza
Cannock, Staffordshire WS12 2DE
Email: hello@cyberbits.co.uk
Phone: 01543 548101