Home / Privacy Policy

Privacy Policy

Last updated: May 2026. This policy explains how Blue Stag Cyber collects, uses, and protects your personal data in accordance with UK GDPR and the Data Protection Act 2018.

1. Who we are

Blue Stag Cyber is a UK-based cybersecurity consulting firm. We are the data controller for personal data collected through this website and in the course of our business activities.

If you have any questions about this policy or how we handle your data, contact us at: info@bluestagcyber.com

2. What data we collect and why

We collect personal data only when you actively provide it to us. This website does not use analytics tracking, advertising cookies, or third-party tracking scripts.

The personal data we may collect includes:

  • Contact enquiries - when you email us directly, we receive your name, email address, and the contents of your message. We use this to respond to your enquiry and, where relevant, to provide the services you have requested.
  • Business communications - emails, call notes, and correspondence relating to a client engagement or prospective engagement.

3. Legal basis for processing

We process your personal data on the following legal bases under UK GDPR:

  • Legitimate interests (Article 6(1)(f)) - responding to enquiries and managing business relationships. Our legitimate interest is to communicate with people who have contacted us.
  • Contract performance (Article 6(1)(b)) - where processing is necessary to deliver services agreed with a client.
  • Legal obligation (Article 6(1)(c)) - where we are required to retain records by law (for example, for tax purposes).

4. How long we keep your data

We retain personal data only for as long as necessary for the purpose it was collected:

  • Enquiries that do not lead to an engagement - up to 12 months from last contact, unless you ask us to delete it sooner.
  • Client engagement records - up to 6 years after the end of an engagement, in line with our legal and contractual obligations.
  • Financial records - 6 years, as required by HMRC.

5. Who we share your data with

We do not sell, rent, or trade your personal data. We may share data with:

  • Our service providers - such as our email platform and cloud storage provider, who process data on our behalf under a data processing agreement.
  • Professional advisers - such as our accountants or legal advisers, where necessary and under obligations of confidentiality.
  • Regulatory or law enforcement bodies - where we are legally required to do so.

Any third-party processors we use are required to handle your data securely and only for the purposes we specify.

6. International transfers

We primarily process and store data within the UK and the European Economic Area (EEA). Where data is transferred outside these areas (for example, via a cloud platform with global infrastructure), we ensure appropriate safeguards are in place, such as standard contractual clauses or an adequacy decision.

7. Cookies and tracking

This website does not use cookies, analytics scripts, or any form of tracking. No personal data is collected simply by visiting this site.

If you follow the LinkedIn link on this site, LinkedIn's own privacy policy applies to any data they collect.

8. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access - you can request a copy of the personal data we hold about you.
  • Right to rectification - you can ask us to correct inaccurate or incomplete data.
  • Right to erasure - you can ask us to delete your data where there is no longer a legitimate reason to hold it.
  • Right to restriction - you can ask us to restrict processing in certain circumstances.
  • Right to data portability - where processing is based on consent or contract, you can request your data in a structured, machine-readable format.
  • Right to object - you can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds that override your interests.

To exercise any of these rights, contact us at info@bluestagcyber.com. We will respond within one calendar month.

9. How to complain

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
ico.org.uk
Helpline: 0303 123 1113

We would, however, always appreciate the opportunity to address any concern directly before you contact the ICO.

10. Changes to this policy

We may update this privacy policy from time to time. When we do, we will update the "last updated" date at the top of this page. We encourage you to review this policy periodically.