/ Legal & compliance
Privacy Notice
Clear information about how Secremedy operates, protects data, and works with customers.
Effective 14 July 2026
Who we are
Secremedy Ltd is the controller for personal data collected through this website. Our registered office is 12 Finsbury Square, London EC2A 1AS, United Kingdom. Contact our privacy team at [email protected].
What we collect and why
- Enquiries: name, work email, company, service interest and message, to respond and take steps requested before entering a contract.
- Assessment requests: name, work email, website URL and company size, to arrange and deliver the requested assessment.
- Customers and suppliers: business contact, contract, billing, service and security records, to perform contracts, meet legal obligations and run our business.
- Newsletter: email address and consent record, to send updates only where consent has been given.
- Technical records: limited server security logs and a short-lived pseudonymous rate-limit token, for security and abuse prevention.
Lawful bases
We use contract and pre-contract steps, legitimate interests in operating and securing a B2B cybersecurity service, consent for electronic marketing, and legal obligation where applicable. We balance legitimate interests against individual rights and do not use them where those rights override our interests.
Sharing and processors
We disclose data only as needed to authorised staff, professional advisers, hosting, email and other approved service providers, customers where we act on their instructions, or public authorities where law requires it. Current providers are listed in our Subprocessor List.
International transfers
If data is transferred outside the UK or EEA, we use an adequacy decision or another lawful safeguard such as the UK IDTA/Addendum or EU Standard Contractual Clauses, with any required risk assessment and supplementary measures.
Retention
Routine enquiries are normally retained for 24 months after the enquiry is closed. Customer, financial and contract records are normally kept for six years after the customer relationship ends, unless law or a claim requires longer. Security evidence may have a shorter or longer period according to risk, contract and legal need. We delete or anonymise data when no longer required.
Your rights
Depending on the law and circumstances, you may ask for access, correction, deletion, restriction, portability or objection, and may withdraw consent at any time without affecting earlier processing. Contact [email protected]. You may complain to the UK Information Commissioner at ico.org.uk. People in the EEA may also contact their local supervisory authority.
Required information and automated decisions
Required form fields are needed for us to respond or provide the requested service. We do not use website submissions for solely automated decisions with legal or similarly significant effects.
Changes
We will publish material changes here and update the effective date. We may contact affected people where a change materially affects their rights.