Privacy Policy

1. Who We Are

NEXUS Cyber Security Ltd ("NEXUS", "we", "us", "our") is registered in England and Wales. Company number: 14717863. Registered office: 4 The Pulse, Slough, SL3 0FB, United Kingdom.

We are the data controller for personal data collected through this website and our service engagements.

Contact: info@nexuscybersecurity.co.uk

2. What Personal Data We Collect

We may collect the following categories of personal data:

• Contact enquiry data: name, company name, email address, phone number, and the nature of your enquiry — submitted via our contact form.
• Communication data: records of email or phone correspondence between you and NEXUS.
• Technical data: IP address, browser type, pages visited, and time of visit — collected automatically when you visit this website via server logs.

We do not collect sensitive personal data (special category data) through this website.

3. How We Use Your Data

We use your personal data for the following purposes:

• To respond to your enquiry and provide the services you request — lawful basis: contract / pre-contractual steps (Article 6(1)(b) UK GDPR).
• To maintain records of our client and prospective client relationships — lawful basis: legitimate interests (Article 6(1)(f) UK GDPR).
• To comply with legal obligations — lawful basis: legal obligation (Article 6(1)(c) UK GDPR).
• To improve and secure our website — lawful basis: legitimate interests.

We do not use your data for automated decision-making or profiling.

4. How We Share Your Data

We do not sell, rent, or trade your personal data. We may share it with:

• Hosting provider — our website host processes contact form submissions and may process technical log data incidentally as part of service delivery. Form data is transmitted directly to our server and forwarded to our email — no third-party form processor is used.
• Legal or regulatory bodies — where required by law.

We take reasonable steps to ensure all sub-processors provide adequate data protection.

5. International Data Transfers

We do not currently transfer personal data outside the UK or EEA. Our hosting and contact form processing are handled within the UK/EEA. We will update this section if our arrangements change.

6. How Long We Keep Your Data

• Contact enquiry data: retained for up to 3 years from last contact, or as required for an ongoing engagement.
• Client engagement records: retained for 7 years in line with standard accounting and legal obligations.
• Server log / technical data: typically retained for up to 90 days.

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erasure of your data ("right to be forgotten"), where applicable
• Restrict or object to processing
• Data portability
• Withdraw consent (where processing is based on consent)

To exercise any of these rights, email: info@nexuscybersecurity.co.uk. We will respond within one calendar month.

8. Cookies

This website uses essential technical cookies only. See our Cookies Notice for full details.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data in transit is protected by TLS encryption.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

We would appreciate the opportunity to address any concern directly before you contact the ICO.

11. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Material changes will be communicated where required by law.

12. ICO Registration

NEXUS Cyber Security Ltd is registered with the Information Commissioner's Office. [ICO registration number to be inserted — confirm at ico.org.uk]