Privacy Policy

Last Updated: February 2025

1. Introduction

TSUR Ltd (“TSUR”, “we”, “us”, or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website (tsursec.co.uk), engage with our services, or communicate with us.

TSUR Ltd is a cybersecurity company registered in England and Wales, with its principal office located in London, United Kingdom. We act as the data controller for the personal data we process.

2. Information We Collect

Information you provide directly

• Name, job title, and company name
• Email address, phone number, and postal address
• Information submitted through contact forms, consultation requests, or service enquiries
• Communication records when you correspond with us via email, phone, or other channels
• Billing and payment information when you engage our services

Information collected automatically

• IP address, browser type, and operating system
• Pages visited, time spent on pages, and navigation paths
• Referring website addresses
• Device identifiers and screen resolution
• Cookies and similar tracking technologies (see Section 8)

Information from third parties

• Publicly available business contact information
• Information provided by referral partners with your consent
• Data from analytics and advertising platforms

3. How We Use Your Information

We process your personal data for the following purposes:

• To respond to your enquiries and provide requested information about our services
• To deliver, manage, and improve our cybersecurity services
• To send you relevant communications about our services, industry insights, and events (where you have opted in or where we have a legitimate interest)
• To administer contracts and process payments
• To comply with legal and regulatory obligations
• To protect our website, systems, and services from misuse
• To analyse website usage and improve user experience
• To conduct business development and maintain client relationships

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the UK General Data Protection Regulation (UK GDPR):

• Consent — Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to our communications.
• Contract — Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legitimate Interest — Where processing is necessary for our legitimate business interests, such as improving our services, business development, and website analytics, provided these interests do not override your rights and freedoms.
• Legal Obligation — Where processing is necessary to comply with a legal or regulatory obligation.

5. How We Share Your Information

We do not sell, rent, or trade your personal data to third parties. We may share your information with:

• Service providers — Trusted third parties who assist us in operating our website, conducting business, or providing services to you (e.g., hosting providers, payment processors, email platforms). These providers are contractually bound to protect your data and use it only for the purposes we specify.
• Professional advisors — Lawyers, accountants, and insurers where necessary for professional advice or compliance.
• Legal and regulatory authorities — Where required by law, regulation, legal process, or enforceable governmental request.
• Business transfers — In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

• Client and contract data is retained for the duration of the engagement and for six years thereafter to comply with legal and contractual obligations.
• Marketing and communication preferences are retained until you withdraw your consent or opt out.
• Website analytics data is retained in anonymised or aggregated form.

When personal data is no longer required, we securely delete or anonymise it.

7. Data Security

As a cybersecurity company, we take the protection of your data seriously. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Staff training on data protection and information security
• Incident response procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining the highest standards of data protection.

8. Cookies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse website traffic, and understand where our visitors come from. Cookies are small text files stored on your device when you visit our website.

• Strictly necessary cookies — Essential for the website to function and cannot be switched off. They are usually set in response to actions you take, such as setting privacy preferences or filling in forms.
• Analytics cookies — Help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve our website and services.
• Functional cookies — Enable enhanced functionality and personalisation, such as remembering your preferences.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

9. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access — You can request a copy of the personal data we hold about you.
• Right to rectification — You can request correction of inaccurate or incomplete personal data.
• Right to erasure — You can request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to restrict processing — You can request that we limit how we use your data.
• Right to data portability — You can request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object — You can object to the processing of your personal data where we rely on legitimate interest as the legal basis.
• Right to withdraw consent — Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us using the details provided in Section 12. We will respond to your request within one month, as required by law.

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO), to protect your personal data in accordance with applicable data protection laws.

11. Third-Party Links

Our website may contain links to third-party websites, plugins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy policy of every website you visit.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

TSUR Ltd
London, United Kingdom
Email: info@tsursec.co.uk

13. Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically to stay informed about how we protect your information.