Cyberfortify Privacy Notice
Last updated: November 17th, 2025
Who We Are
We are Cyberfortify, a cybersecurity consulting firm helping organisations strengthen their information security, cybersecurity and privacy posture. We offer the following services:
We act as a Data Controller when we collect and use your personal data through our website.
What Personal Data We Collect
We collect the following information when you use our website or engage with us:
Information you provide directly
- First name, Last name, email address, phone number (e.g., through contact forms)
- Any information you include in messages sent through our contact form
Information collected automatically
- IP address
- Browser characteristics
- Device characteristics
- Network information
This information is collected through cookies and similar technologies. See our Cookie Notice for more details.
How We Use Your Personal Data
We use your information for the following purposes:
- To respond to inquiries or service requests
- To send you information about our services (only with your consent)
- To maintain and improve our website
- To ensure the security of our website and systems
- To comply with legal obligations
We do not sell your personal data.
Legal Bases for Processing
We process your personal data based on:
- Consent – for marketing communications or non-essential cookies (where applicable)
- Contract – when processing personal data is necessary to deliver services requested by our clients
- Legitimate interests – such as improving our website, ensuring security, responding to your inquiries or delivering services requested by our clients
- Legal obligations – when we are required to maintain records or respond to lawful requests
How Long We Keep Your Data
We keep your personal data only for as long as necessary for the purposes we collected it for:
- Inquiry and contact form data: up to 12 months
- Marketing data: until you withdraw your consent
- Technical logs: up to 12 months, unless we need them for security investigations
- Legal or contractual data: as required by applicable law
After these periods, your data is securely deleted or anonymised.
Who We Share Your Data With
We may share your personal data with:
- Trusted service providers such as website hosting or analytics tools (if applicable)
- Legal or regulatory authorities when required
- Cybersecurity partners strictly for service delivery (if applicable)
All third parties are required to protect your data and process it only according to our instructions.
We do not transfer your data outside the EU unless adequate safeguards such as Standard Contractual Clauses or ISO/IEC 27701 certifications are in place.
Your Rights under the GDPR
You have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Delete your data ("right to be forgotten")
- Restrict processing
- Object to processing based on legitimate interests
- Withdraw consent at any time
- Data portability (receive a copy of your data in a structured format)
Security of Your Personal Data
We apply appropriate technical and organisational security measures to protect your personal data, including encryption, access controls, monitoring, and regular testing of our systems.
However, no online transmission is 100% secure, so we encourage you to take your own precautions when sharing information online.
Cookies and Tracking Technologies
As at the time of this update, our website uses only necessary cookies.
For more information about the types of cookies we use and how to manage your preferences, please see our Cookie Notice.
Links to External Websites
Our website may contain links to other sites. We are not responsible for their privacy practices, so we encourage you to read their privacy notices.
Changes to This Privacy Notice
We may update this notice from time to time. The updated version will always be posted on this page with a revised "Last updated" date.
Contact Us
If you have questions or concerns about this Privacy Notice or how we handle your data or to exercise your rights, contact us at: