This policy explains how Northstar IT & Cyber Advisory Limited collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Northstar IT & Cyber Advisory Limited is a company registered in England and Wales (Company No. 17038464). We are the data controller for personal data collected through this website and in the course of our business activities.
Contact: Carl Spencer · [email protected] · 07938 027 000
2. What personal data we collect
We may collect and process the following categories of personal data:
- Contact information: name, email address, telephone number
- Business information: company name, job title, business needs
- Communications: messages you send us via the contact form or email
- Technical data: IP address, browser type, pages visited (via cookies — see our Cookie Policy)
We do not collect special category data (such as health, financial, or biometric information) through this website.
3. How and why we use your data
We use your personal data on the following lawful bases:
- Legitimate interests: to respond to enquiries, manage client relationships, and operate our business
- Contract performance: to deliver services where we have an agreement in place
- Legal obligation: where we are required to process data to comply with the law
- Consent: where you have explicitly opted in (e.g., marketing communications)
4. How long we keep your data
We retain personal data only for as long as necessary for the purposes it was collected:
- Enquiry data: up to 12 months if no engagement follows
- Client records: for the duration of the engagement and up to 6 years thereafter (in line with statutory requirements)
- Website analytics: typically 26 months
5. Who we share your data with
We do not sell, rent, or trade your personal data. We may share data with trusted third-party service providers who assist us in operating our business (such as email hosting or form processing services), subject to appropriate data processing agreements. We will not transfer your data outside the UK without appropriate safeguards in place.
6. Your rights
Under UK GDPR, you have the following rights regarding your personal data:
- The right to access your data
- The right to rectification (correction of inaccurate data)
- The right to erasure (“right to be forgotten”)
- The right to restrict processing
- The right to data portability
- The right to object to processing
- Rights relating to automated decision-making and profiling
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
7. Complaints
If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. Changes to this policy
We may update this policy from time to time. The date at the top of this page reflects the most recent revision. We recommend checking this page periodically.