Privacy Policy

This Privacy Policy explains how SafeSide Cyber (a trading name of Magna Genus IT Ltd) collects, uses, and protects your personal data when you visit our website, submit a contact form, or complete a Cyber Security Healthcheck.

We've written this in plain English. If anything's unclear, please email privacy@safesidecyber.co.uk and we'll explain.

Who we are

SafeSide Cyber is a trading name of Magna Genus IT Ltd, a company registered in England and Wales (Company Registration No. 10500664). We are the "data controller" for the personal data described in this policy — meaning we decide how and why your data is processed.

Our ICO (Information Commissioner's Office) registration number is [YOUR ICO REGISTRATION NUMBER].

What we collect

We only collect personal data that you choose to give us. Specifically:

If you submit our contact form

• Your name
• Your email address
• Your company name and size
• Your phone number (only if you provide it)
• The services you're interested in
• Any message you choose to send us

If you complete a Cyber Security Healthcheck

• The contact details you submit (name, email, company)
• Your answers to the 30 assessment questions
• Your confidence ratings before and after the assessment
• Any optional comments you add to questions

Automatic data

When you visit our website, our hosting provider (Vercel) records basic technical data such as your IP address, browser type, and the pages you visit. This is used to keep the website running and detect abuse — not to track or profile you. We do not use Google Analytics or any other marketing-analytics tools.

How we use it

We use your personal data to:

• Respond to your enquiry and arrange any follow-up calls or meetings
• Issue secure access links for the Healthcheck assessment
• Generate your personalised Healthcheck report and deliver it to you
• Schedule and conduct your free post-assessment consultation
• Send you any documents or communications relating to a service you've requested
• Keep records for legitimate business and accounting purposes

We do not use your data for marketing, sell it to third parties, or use it to train AI models.

Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

Who we share data with

We share your data only with the small number of trusted service providers we need to run our business. We do not sell or rent your data to anyone.

Our sub-processors

All of these providers are bound by appropriate data protection agreements (including Standard Contractual Clauses where data is transferred outside the UK/EU) and process data only on our instructions.

We may also share data where required by law — for example, to comply with a court order or to respond to a regulator.

How long we keep it

We keep personal data only for as long as we need it. In practice:

• Contact-form enquiries — kept for up to 2 years, then deleted unless you've become a client.
• Healthcheck submissions and reports — kept for 2 years after delivery, then deleted unless you've engaged us for further work.
• Client records — kept for 6 years after the end of our engagement, to comply with UK accounting and tax requirements.
• Website technical logs — typically retained by our hosting provider for up to 30 days.

Your rights

Under UK GDPR you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct anything that's wrong
• Erasure — ask us to delete your data (subject to any legal retention requirements)
• Restriction — ask us to stop using your data while a query is resolved
• Objection — object to our use of your data where we rely on legitimate interest
• Portability — receive a copy of your data in a portable format
• Withdraw consent — at any time, where we rely on consent

To exercise any of these rights, email privacy@safesidecyber.co.uk. We'll respond within one month.

How we protect it

We take security seriously — it's our day job. In practice:

• Data in transit is encrypted using HTTPS (TLS 1.2 or higher).
• Access to Healthcheck submissions and contact-form enquiries is limited to the consultant working on your engagement.
• The Healthcheck assessment is protected by individually-issued access tokens — there is no public sign-up.
• We use strong authentication on all systems that hold client data, including multi-factor authentication.
• We review our sub-processors' security posture before working with them, and on an ongoing basis.

In the unlikely event of a personal data breach affecting your data, we'll notify you and the ICO within 72 hours, in line with UK GDPR.

Cookies and tracking

SafeSide Cyber does not use marketing or analytics cookies, and we do not track you across the web. The website uses only essential functionality, plus one third-party tool (Google reCAPTCHA) which may set cookies for security purposes on the Healthcheck submission.

See our Cookies page for full detail.

Children's data

SafeSide Cyber's services are designed for businesses, not individuals, and certainly not children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact privacy@safesidecyber.co.uk and we'll delete it.

Changes to this policy

We may update this policy from time to time — for example, if we adopt new tools or our processes change. When we do, we'll update the "Last updated" date at the top of this page. For material changes, we'll do our best to notify clients directly.

How to contact us

How to complain

We hope you'll never need to, but if you're unhappy with how we've handled your personal data, please first email privacy@safesidecyber.co.uk so we can put things right.

If you're still unhappy, you have the right to complain to the UK Information Commissioner's Office: