Privacy Policy

Draig Stack Cyber Security is a product/service brand of Draig Stack Limited. We provide practical cyber security surveys, email security checks, website and app security reviews, device and network reviews, backup reviews, cyber risk reporting and related business protection services.

For privacy questions, data protection requests, or concerns about how your information is handled, contact us at cyber@draigstack.com.

We may collect and process the following types of information:

• ●Contact details, such as your name, business name, email address, phone number and role.
• ●Business enquiry details, such as the services you are interested in and information you provide through email or forms.
• ●Cyber security survey information, such as details about your website, email provider, devices, network, backups, business systems, staff access and risk areas.
• ●Technical website information, such as IP address, browser type, approximate location, device type, pages visited and referral source.
• ●Communication records, such as emails, messages, notes from calls and records of support or service discussions.
• ●Billing or commercial information, where relevant, such as quote, invoice, payment status, service package and project records.

We collect information when you:

• ●Visit or browse this website.
• ●Email us or contact us about a cyber security service.
• ●Request a cyber security survey, website review or monthly protection package.
• ●Provide information during a survey, consultation, onboarding process or support request.
• ●Use services, systems, forms or documents provided by Draig Stack Cyber Security or Draig Stack Limited.

We use personal information to:

• ●Respond to enquiries and provide information about our services.
• ●Prepare cyber security surveys, risk reviews, quotes, proposals and service recommendations.
• ●Deliver agreed services, including website checks, email security checks, access reviews, backup reviews and monthly protection reports.
• ●Manage customer relationships, records, support requests, internal administration and service delivery.
• ●Improve our website, services, security processes and customer experience.
• ●Meet legal, accounting, tax, contractual, regulatory and security obligations.
• ●Protect our systems, customers, data, services and business from fraud, abuse, cyber threats or unauthorised access.

Depending on the situation, we may rely on one or more lawful bases under UK data protection law:

• ●Contract: where processing is needed to provide a service, quote, proposal, survey or support requested by you.
• ●Legitimate interests: where we need to run, secure and improve our business, website, systems and services in a proportionate way.
• ●Legal obligation: where we need to keep records for tax, accounting, regulatory or legal purposes.
• ●Consent: where we ask for permission, for example for certain marketing or non-essential cookies.

Because we provide cyber security services, you may choose to share technical or business security information with us. This may include website URLs, domain names, email provider details, DNS information, hosting details, software details, account access structures, network details, backup arrangements, device information and known security concerns.

We use this information only for the purpose of assessing risk, preparing recommendations, delivering agreed services, supporting your business, and protecting systems and data. We treat this information as confidential business information.

We may contact business customers or enquirers about relevant Draig Stack Cyber Security services where there is a legitimate business interest or where consent has been given. You can ask us to stop marketing communications at any time by contacting cyber@draigstack.com.

We do not sell personal data. We may share information only where reasonably necessary, such as with:

• ●Service providers that help us operate websites, hosting, email, CRM, documents, analytics, security, backups or business systems.
• ●Professional advisers, accountants, legal advisers or insurers where needed.
• ●Law enforcement, regulators, courts or public authorities where legally required.
• ●A customer’s authorised representatives, where the customer has asked us to work with them.
• ●Draig Stack Limited systems and internal departments where necessary for service delivery, administration, reporting or security.

Some service providers may process data outside the United Kingdom. Where this happens, we aim to use appropriate safeguards and reputable providers with suitable data protection arrangements.

We keep information only for as long as necessary for the purpose it was collected, including service delivery, support, legal, accounting, tax, dispute, security and business record requirements.

• ●General enquiries may be kept for a reasonable period so we can follow up and maintain business records.
• ●Customer, quote, invoice and contract records may be kept for legal, tax and accounting purposes.
• ●Cyber security survey records may be kept while services are active and for a reasonable period afterwards for support, audit, continuity and dispute purposes.
• ●Technical logs may be kept for security, troubleshooting and system protection for a limited period unless needed for investigation.

We take reasonable technical and organisational steps to protect information from unauthorised access, loss, misuse, alteration or disclosure. These may include access controls, secure accounts, password protection, two-factor authentication where appropriate, restricted internal access, secure hosting, backups and security monitoring.

No website, email system or internet-based service can be guaranteed to be completely secure. However, we aim to handle information responsibly and reduce risk wherever practical.

Under UK data protection law, you may have rights including:

• ●The right to access personal data we hold about you.
• ●The right to ask us to correct inaccurate or incomplete information.
• ●The right to ask us to erase information in certain circumstances.
• ●The right to restrict processing in certain circumstances.
• ●The right to object to processing in certain circumstances.
• ●The right to data portability in certain circumstances.
• ●The right to withdraw consent where consent is the lawful basis.

To make a request, email cyber@draigstack.com. We may need to verify your identity before responding.

Please contact us first if you have concerns about how we handle your information. You also have the right to complain to the UK Information Commissioner’s Office if you are unhappy with how your personal data is used.

We may update this Privacy Policy from time to time. The latest version will be published on this page with the updated date shown above.