+44.7904930686

CyberElevate Limited
CyberElevate Limited

Privacy Policy

Registered name: CYBERELEVATE LIMITED


We are the controller of your personal data. For more information on controllers and their responsibilities please see our guidance on data protection principles, definitions, and key terms.


This privacy notice tells you what to expect us to do with your personal information.


  • Contact Details
  • What information we collect, use, and why
  • Lawful bases and data protection rights
  • Where we get personal information from
  • How long we keep information
  • Who we share information with
  • How to complain



Contact details


Telephone:  07904930686

Email:  dataprotect@cyberelevate.co.uk



What information we collect, use, and why


We collect or use the following information to provide and improve products and services for clients:


  • Names and contact details
  • Addresses
  • Gender
  • Pronoun preferences
  • Occupation
  • Date of birth
  • Marital status
  • Third party information (such as family members or other relevant parties)
  • Payment details (including card or bank information for transfers and direct debits)
  • Financial data (including income and expenditure)
  • Transaction data (including details about payments to and from you and details of products and services you have purchased)
  • Usage data (including information about how you interact with and use our website, products and services)
  • Credit history and credit reference information
  • Information relating to compliments or complaints
  • Video recordings
  • Audio recordings (e.g. calls)
  • Records of meetings and decisions
  • Account access information
  • Website user information


We collect or use the following personal information for the operation of client or customer accounts:


  • Names and contact details
  • Addresses
  • Purchase or service history
  • Account information, including registration details
  • Information used for security purposes
  • Marketing preferences


We collect or use the following personal information for the prevention, detection, investigation or prosecution of crimes:


  • Names and contact information
  • Client accounts and records
  • Call recordings
  • Financial information e.g. for fraud prevention or detection


We collect or use the following personal information for information updates or marketing purposes:


  • Names and contact details
  • Addresses
  • Profile information
  • Marketing preferences
  • Purchase or account history
  • Website and app user journey information
  • IP addresses


We collect or use the following personal information to comply with legal requirements:


  • Name
  • Contact information
  • Identification documents
  • Client account information
  • Health and safety information
  • Any other personal information required to comply with legal obligations
  • Criminal offence data 
  • Disclosure Scotland Level 1



Lawful bases and data protection rights


Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.


Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:


  • Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
  • Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.
  • Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
  • Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.


If you make a request, we must respond to you without undue delay and in any event within one month.


To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.


Our lawful bases for the collection and use of your data


Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:


  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • To manage and maintain relationships with clients, including: Responding to enquiries and support requests. Communicating service updates and relevant information. Managing contracts and service delivery. Retaining records of interactions for continuity and quality assurance. Effective client relationship management is essential for business continuity, customer satisfaction, and service quality. It supports the company’s commercial interests and benefits clients by ensuring consistent and responsive service.


For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.


Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:


  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • To manage client or customer account information, including: Maintaining accurate records of contact details, service history, and preferences. Administering billing and payment processes. Providing ongoing support and service updates. Ensuring continuity and quality of service delivery. Managing account information is essential for delivering services, maintaining client satisfaction, and ensuring operational efficiency. It supports the company’s commercial interests and benefits clients by enabling responsive and personalised service.


For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.


Our lawful bases for collecting or using personal information for the prevention, detection, investigation or prosecution of crimes are:


  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • To process and, where necessary, share personal data for the purposes of: Preventing or detecting criminal activity. Investigating suspected offences. Cooperating with law enforcement authorities. Supporting the prosecution of criminal offences. There is a strong public and business interest in preventing and addressing criminal activity. Processing personal data for these purposes helps protect the company, its clients, and the wider public from harm, fraud, and unlawful acts. This aligns with the substantial public interest condition under Schedule 1, Paragraph 10 of the Data Protection Act 2018.


For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.


Our lawful bases for collecting or using personal information for information updates or marketing purposes are:


  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • To carry out marketing and business development activities, including: 
    • Sending service updates, newsletters, and promotional materials to existing and prospective clients.
    • Identifying potential clients and reaching out with relevant service offerings.
    • Maintaining a database of contacts for future marketing campaigns. 
    • Analysing engagement to improve marketing effectiveness. 
    • Marketing and business development are essential for the growth and sustainability of the business.


These activities support commercial interests and help inform clients and prospects about valuable services.


For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.


Our lawful bases for collecting or using personal information to comply with legal requirements:


  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • To process personal data in order to: Comply with non-statutory legal obligations (e.g. responding to legal claims, maintaining audit trails). Cooperate with regulatory investigations or professional standards. Maintain records for potential legal defence or dispute resolution. While some legal obligations fall under the “legal obligation” basis (Article 6(1)(c)), others—such as preparing for potential legal claims or maintaining compliance documentation—are not strictly required by law but are prudent and necessary for legal risk management. These activities support the company’s legitimate interest in protecting its legal position and ensuring accountability.


For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.



Where we get personal information from


  • Directly from you
  • Publicly available sources
  • Previous employment
  • Market research organisations
  • Providers of marketing lists and other personal information
  • Suppliers and service providers



How long we keep information


We only retain your personal information for as long as necessary to fulfil the purposes we collected it for. This includes the purposes of satisfying legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of our personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which it is being processed, and whether we can achieve those purposes through other means, and applicable legal requirements.


All personal data collected under contract will be held for a period of 6 years plus after the last completed project, engagement and/or service. 


Data collected under consent will be used until consent is withdrawn or if it is no longer useful for the purpose with which it was collected.


For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above.



Who we share information with


Data processors


Microsoft M365


This data processor does the following activities for us: They process our email, calendars, appointment scheduling, intranet, document management (cloud file storage & syncing), data lists, security (threat protection & compliance) and collaboration systems.

 

GoDaddy


This data processor does the following activities for us: They process our external website including a contact page for external parties.


Banking & Invoice Processing


This data processor does the following activities for us: They process our bank transactions (payments and receipts) and invoicing.


Finance


This data processor does the following activities for us: They process our financial accounts including review of invoice and expense information.


  • Others we share personal information with
  • Debt collection agencies
  • Professional or legal advisors
  • Organisations we’re legally obliged to share personal information with
  • Publicly on our website, social media or other marketing and information media
  • Suppliers and service providers
  • Professional consultants



How to complain


If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.


If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.


The ICO’s address:        


Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF


Helpline number: 0303 123 1113


Website: https://www.ico.org.uk/make-a-complaint


Copyright © 2025 CyberElevate Limited - All Rights Reserved.

Powered by

  • Privacy Policy

This website uses cookies.

We use cookies to enhance your site experience, analyse traffic, and assist in improving our website. You can choose to Accept or Decline the site cookie tracking below. Manage your cookie preferences anytime in your browser settings.

DeclineAccept