Fully Compliant

GDPR Compliance Statement

Cipher Knights is committed to protecting personal data and upholding data subject rights

Our Commitment to GDPR

At Cipher Knights, we take data protection and privacy seriously. We are fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). This statement outlines our approach to GDPR compliance.

ISO 27001 Certified

Our information security management system is certified to ISO 27001 standards.

Cyber Essentials Plus

We maintain Cyber Essentials Plus certification for robust cybersecurity practices.

GDPR Principles We Uphold

Lawfulness, Fairness & Transparency

We process personal data lawfully, fairly, and transparently.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes only.

Data Minimisation

We only collect data that is adequate, relevant, and limited to what's necessary.

Accuracy

We keep personal data accurate and up to date.

Storage Limitation

We retain personal data only as long as necessary.

Integrity & Confidentiality

We process data securely with appropriate measures.

Accountability

We demonstrate compliance with all principles.

How We Process Personal Data

As a provider of cybersecurity services, we process personal data in the following capacities:

  • Data Controller: When you interact with our website, book consultations, or contact us directly, we act as the data controller.
  • Data Processor: When providing cybersecurity services to our clients, we may process personal data on their behalf as a data processor.

Data Subject Rights

Your Rights Under GDPR

  • Right to be informed - We provide clear information about how we use your data.
  • Right of access - You can request a copy of your personal data.
  • Right to rectification - You can correct inaccurate or incomplete data.
  • Right to erasure - You can request deletion of your data ("right to be forgotten").
  • Right to restrict processing - You can limit how we use your data.
  • Right to data portability - You can receive your data in a machine-readable format.
  • Right to object - You can object to processing based on legitimate interests.
  • Rights related to automated decision-making - We do not use automated decision-making.

Data Protection Measures

We implement robust technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256).
  • Multi-factor authentication and strict access controls.
  • Regular security assessments and penetration testing.
  • Data Processing Agreements (DPAs) with all third-party processors.
  • Data Protection Impact Assessments (DPIAs) for high-risk processing.
  • Breach notification procedures (72-hour notification to ICO).
  • Staff training on data protection and GDPR compliance.

International Data Transfers

When we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Transfers to countries with an adequacy decision.
  • Binding Corporate Rules for intra-group transfers.

Data Breach Response

We have established procedures to detect, investigate, and report personal data breaches. In the event of a breach, we will:

  • Notify the ICO within 72 hours of becoming aware (where required).
  • Notify affected individuals without undue delay (where required).
  • Document the breach and remedial actions taken.

Contact Our Data Protection Officer

Sarah Mitchell, Data Protection Officer

dpo@cipherknights.com

+44 7424 967568

20 Calais Hill, Leicester, UK

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Last updated: January 15, 2025 | ICO Registration: ZA123456

Questions About GDPR Compliance?

Contact our Data Protection Officer for more information.

Contact DPO