Privacy Notice

Last updated: January 2026

Who We Are

ProofGrid Security Ltd ("we", "us", "our") is a cybersecurity consultancy based in the United Kingdom. We are the data controller for the personal data described in this notice.

Contact: enquiries@proofgridsecurity.com

What Data We Collect

We collect personal data when you interact with us, primarily through our contact form and direct communications.

Contact form submissions:

  • Name and email address (required)
  • Organisation, role, sector, service interest, and timeline (optional)
  • Message content describing your enquiry

Direct communications:

  • Email correspondence and any information you choose to share

Website analytics (if enabled):

  • Anonymised usage data such as pages visited, time on site, and general geographic region
  • We do not use analytics that track individual users across sites

How We Use Your Data

We use your personal data for the following purposes:

  • Responding to your enquiries and providing information about our services
  • Understanding your requirements to determine how we can help
  • Following up on conversations where you have expressed interest
  • Improving our website and services based on aggregated, anonymised feedback

We do not use your data for marketing purposes without your explicit consent. We do not sell or share your data with third parties for their marketing purposes.

Legal Basis for Processing

We process your personal data on the following lawful bases under UK GDPR:

  • Legitimate interests: Responding to business enquiries, providing requested information, and following up on potential engagements. We have assessed that these interests do not override your fundamental rights and freedoms.
  • Contractual necessity: Where processing is necessary to perform a contract with you or take pre-contractual steps at your request.
  • Consent: Where you have given clear consent for specific processing activities, such as receiving marketing communications.

Data Processors

We use the following third-party services to process data on our behalf:

  • Form processing: Formspree (or similar service) to receive contact form submissions
  • Website hosting: Our hosting provider stores and serves website content
  • Email: Our email provider processes correspondence

These processors are contractually bound to handle your data securely and only for the purposes we specify.

Data Retention

We retain personal data only as long as necessary for the purposes described:

  • Enquiries that do not proceed: Deleted within 12 months of last contact
  • Client engagement data: Retained for 7 years after engagement completion for legal and professional obligations
  • Anonymised analytics: Retained indefinitely in aggregated form

You can request earlier deletion at any time (see Your Rights below).

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS)
  • Secure access controls for systems containing personal data
  • Regular review of data handling practices

Your Rights

Under UK data protection law, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request we limit how we use your data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at enquiries@proofgridsecurity.com. We will respond within one month.

To request deletion of your data: Email us at enquiries@proofgridsecurity.com with "Data Deletion Request" in the subject line. Please provide enough information for us to identify your data (such as the email address you used to contact us). We will confirm deletion within 30 days.

International Transfers

Your data is primarily processed within the United Kingdom and European Economic Area. Where data is transferred to countries outside these regions (for example, if a processor uses infrastructure in the United States), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner.

Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. Visit ico.org.uk or call 0303 123 1113.

Changes to This Notice

We may update this privacy notice from time to time. The "last updated" date at the top of this page indicates when it was last revised. We encourage you to review this notice periodically.