Privacy Policy.
External Privacy Policy · Last Updated: April 2026
1. Introduction
We ask that you read this Privacy Policy carefully as it contains important information on who we are, how and why we collect, store, use and share Personal Data, your rights in relation to your Personal Data and on how to contact us and supervisory authorities if you have a complaint.
This Privacy Policy does not cover any third-party websites which you may access from our website or by using our services. Such third-party websites will be governed by their own separate privacy policies.
If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.
2. Who we are and what we do
Who we are
We are LEVERAGE LTD (“LEVERAGE CYBER”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 16957460 and we have our registered office in the United Kingdom. We are registered with the UK supervisory authority, the Information Commissioner’s Office (“ICO”), in relation to our processing of Personal Data.
What we do
LEVERAGE CYBER is a specialist cybersecurity consultancy based in the UK. We are committed to protecting the privacy and security of the Personal Data we process about you.
Controller
Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.
3. Who this privacy notice applies to
This privacy notice applies to you if:
- You visit our website
- You purchase goods or services from us
- You enquire about our products and/or services
- You sign up to receive newsletters and/or other promotional communications from us
4. What Personal Data is
‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.
5. Personal Data we collect
The type of Personal Data we collect about you will depend on our relationship with you. For the type of Personal Data we collect see the table below in the section entitled ‘Purposes, lawful bases and retention periods’.
The personal information we collect about you may include (but is not limited to):
- your name, business address and contact details including telephone number, job title and email address;
- details of any feedback you give us by phone, email, post, submission of a form from our website or via social media;
- information about the services we provide to you; and
- technical data including Internet Protocol (IP) address details including your public browser type and version.
We use this personal information for various reasons including to:
- create and manage your engagement with us;
- verify your identity;
- communicate with you when providing our services to you;
- notify you of any changes to our services that may affect you;
- improve our services; and
- send you marketing material.
6. How we collect your Personal Data
We collect personal information about you when you access our website, contact us, send us feedback, purchase services from us or complete customer surveys. We collect this personal information from you either directly, such as when you contact us or purchase services, or indirectly, such as your browsing activity while on our website (see “Cookies” below).
7. Purposes, lawful bases and retention periods
We may process your information on the following lawful bases and for the following purposes (including but not limited to):
| Categories of individuals | Categories of Personal Data | Purpose of Processing | Lawful Basis | Retention Period |
|---|---|---|---|---|
| Clients’ personnel | Name, business address and contact details including telephone number, job title and email address. | To manage the services we deliver to your organisation. | Legitimate interest — to ensure we effectively deliver and manage the services we provide. | 6 years following the end of our relationship with your organisation. |
| Website visitors | Technical data including Internet Protocol (IP) address details including your public browser type and version. | Help us understand more about visitors to our website so we can serve you better. | Consent. | Cookie specific (please see our Cookies Policy). |
| Clients’ personnel | Name, business address and contact details including telephone number, job title and email address. | To contact you for marketing purposes. | Legitimate interest — it is in our legitimate interest to promote our services to existing clients. We will always make it easy for you to object. | Until you object or unsubscribe. |
| Prospects | Name, job title, work email address, work phone number, company you work for. | To contact you for marketing purposes. | Legitimate interest — it is in our legitimate interest to promote our services to potential clients. We will always make it easy for you to object. | Until you object or unsubscribe. |
| Clients’ personnel | Name, job title, work email address, work phone number, company you work for. | To comply with applicable law. | Legal obligation — compliance with applicable data protection and information security laws, accounting and taxation purposes and reporting requirements. | 6 years following the end of our relationship (unless another legal retention period applies). |
8. Sharing your Personal Data
We may share your Personal Data with our carefully selected third parties, for example, we may use a supplier to provide services which support the services which we provide to you. In this case, we remain responsible for your personal data and will ensure we have a written agreement in place with any third party provider. We currently use third-party suppliers:
- for invoice purposes
- to set up direct debits and payments
- for software for internal business purposes
- for marketing and business development purposes
We may also share your Personal Data with:
- law enforcement or other authorities if required by applicable law; and
- third parties if there is a change in the ownership of LEVERAGE LTD or any of our assets.
9. International Transfers
Your Personal Data may be processed outside of the UK/EEA. This is because some of the organisations we use to provide our service may be based outside the UK/EEA or their servers and/or support services may be based outside the UK/EEA.
We will only transfer your personal information from countries in the UK or EU/EEA to countries outside of the UK or EU/EEA where:
- the transfer is to a country that the UK government/European Commission has determined ensures an adequate level of protection (“Adequacy”);
- an International Data Transfer Agreement (IDTA) or Standard Contractual Clauses have been put in place;
- binding corporate rules have been implemented, where applicable; or
- the transfer is otherwise permitted by law.
If you would like further information, please contact us (see ‘How to contact us’ below).
10. Cookies
A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or another electronic device) when you use our website. Our website uses cookies. Please refer to our separate cookies policy to understand how we use cookies and how you can change your consent and preferences.
11. Your rights and how to complain
You have certain rights in relation to the processing of your Personal Data, including to:
- Right to be informed: You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it.
- Right of access (commonly known as a “Subject Access Request”): You have the right to receive a copy of the Personal Data we hold about you.
- Right to rectification: You have the right to have any incomplete or inaccurate information we hold about you corrected.
- Right to erasure (commonly known as the right to be forgotten): You have the right to ask us to delete your Personal Data.
- Right to object to processing: You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.
- Right to restrict processing: You have the right to restrict our use of your Personal Data.
- Right to portability: You have the right to ask us to transfer your Personal Data to another party.
- Automated decision-making: You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.
- Right to withdraw consent: If you have provided your consent to our processing of your personal data, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk if you are unhappy with how we use your Personal Data.
To exercise any of the above rights, please contact us (see ‘How to contact us’ below). We may need to verify your identity before responding to your request.
12. Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
13. How to contact us
Please contact us if you have any questions about this Privacy Policy or the information we hold about you.
If you wish to contact us, please write to our Data Protection Manager at: Data Protection Manager, LEVERAGE LTD, United Kingdom, or email hello@leveragecyber.io.