Cyber Agony Aunts

Cyber Agony AuntsCyber Agony AuntsCyber Agony Aunts

Cyber Agony Aunts

Cyber Agony AuntsCyber Agony AuntsCyber Agony Aunts
  • Home
  • About Us
  • The Book
  • The Podcast
  • Media
  • Get in touch
  • More
    • Home
    • About Us
    • The Book
    • The Podcast
    • Media
    • Get in touch
  • Home
  • About Us
  • The Book
  • The Podcast
  • Media
  • Get in touch

Privacy Policy

Last Updated: 30/12/25


This Privacy Notice explains how The Cyber Agony Aunts (“we”, “us”, “our”) collects, uses, stores, and shares personal data in accordance with the UK GDPR, EU GDPR, the Privacy and Electronic Communications Regulations (PECR), and the e-Privacy Directive.


1. Who we are

Email: cyberagonyaunts@gmail.com

Web: cyberagonyaunts.co.uk


2. What personal data we collect

We may collect and process the following categories of personal data, depending on how you interact with us.

  • When you contact us (e.g. by email or contact form)
  • Full name
  • Email address
  • Phone number or other contact details
  • IP address
  • The content of your communication


3. How we collect your personal data

We collect personal data in the following ways:

  • Social media: when you follow, like, comment on, or interact with our social media content
  • Direct interactions: when you email us, complete forms, or provide information directly
  • Contracts: when entering into or performing a contract for services or training
  • Events and networking: when you engage with us at events, exhibitions, or training sessions
  • Public sources: where information is lawfully made public (e.g. professional profiles)
  • Website interactions: including comments, forms, and technical usage data


4. Why we collect your personal data

We process personal data for the following purposes:

  • To respond to enquiries and communicate with you
  • To provide consulting services and training courses
  • To manage contracts, payments, certifications, and memberships
  • To administer recruitment and employment processes
  • To operate, maintain, and improve our website and services
  • To meet legal and regulatory obligations
  • To send service-related communications
  • To send marketing communications in compliance with GDPR and PECR
  • Marketing communications are sent only:
  • Where you have provided consent; or
  • Where permitted under PECR (e.g. the “soft opt-in”), with a clear and easy opt-out in every message


5. Who we share your personal data with

We may share personal data with:

a. Government bodies and regulators

Where required by law (e.g. tax, employment, regulatory reporting).

b. Service providers and processors

Including:

Website and hosting providers (e.g. GoDaddy)

IT, communications, finance, and professional service providers

All processors act under written agreements requiring appropriate security, confidentiality, and GDPR compliance.

c. Corporate transactions

If we merge with, sell, or restructure the business, personal data may be transferred as part of that transaction. Where required, we will notify you.

We do not sell personal data for commercial gain.


6. Lawful bases for processing

We rely on one or more of the following lawful bases:

Legitimate interests – where processing is necessary for our legitimate business interests and your rights and freedoms are not overridden

Consent – where you have given clear and informed consent

Contract – where processing is necessary to enter into or perform a contract

Legal obligation – where required by law


7. Legitimate Interest Assessment (LIA) – Summary

Where we rely on legitimate interests as our lawful basis, we have carried out a Legitimate Interests Assessment (LIA) to ensure compliance with GDPR.

  • Our legitimate interests include:
  • Operating and managing our business effectively
  • Delivering and improving our services and training courses
  • Communicating with existing clients and professional contacts
  • Marketing our services to business contacts in a proportionate manner
  • Ensuring network, information, and website security
  • Preventing fraud and misuse of our services


Necessity test

The processing is necessary to achieve the purposes above and cannot reasonably be achieved by less intrusive means.


Balancing test

We have considered the impact on individuals and concluded that:

  • The processing is expected and proportionate
  • It does not involve sensitive personal data unless strictly necessary
  • Individuals’ rights and freedoms are not overridden
  • Appropriate safeguards are in place, including opt-out rights and data minimisation
  • You have the right to object to processing based on legitimate interests at any time.


8. International transfers of personal data

Personal data is primarily processed and stored within the UK and the European Economic Area (EEA).

However, in some circumstances, your personal data may be transferred to, or accessed from, countries outside the UK or EEA (for example where we use international service providers or cloud-based systems).

Where international transfers occur, we ensure appropriate safeguards are in place, including:

Transfers to countries recognised by the UK or EU as providing an adequate level of protection; or

Use of Standard Contractual Clauses (SCCs) approved by the UK Government or European Commission; and/or

Additional technical and organisational measures to protect personal data

We ensure that any international transfers comply with Articles 44–49 of the UK GDPR and EU GDPR.

You may request further information about the safeguards used by contacting us.


9. How we store and protect your personal data

Personal data is stored electronically on secure systems

Data is encrypted in transit and, where appropriate, at rest

Access is restricted to authorised personnel only


10. How long we retain your personal data

We retain personal data in line with our Data Retention Schedule, taking into account:

  • Legal and regulatory requirements
  • Contractual obligations
  • Business and operational needs
  • In general:
  • Financial and contractual data is retained as required by law
  • Recruitment data is retained only for a limited period
  • Marketing data is retained until consent is withdrawn or you opt out
  • Website data is retained for operational and security purposes


11. How do we destroy personal data

All personal data is held electronically. When no longer required:

  • Data is destroyed beyond recovery
  • Data is securely deleted from systems and backups
  • Devices are securely wiped before disposal


12. Your data protection rights

You have the right to:

  • Not be subject to automated decision-making, except where legally permitted
  • Be informed
  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure
  • Restrict processing
  • Object to processing (including marketing and legitimate interests)
  • Data portability


13. How to exercise your rights

You can exercise your rights by contacting us using the details at the top of this notice. Requests may be made via email, phone, or other reasonable means.


14. How we handle rights requests

Response time: within one month (extendable by up to two months for complex requests)

Identity verification: may be required

Fees: generally free; a reasonable fee may apply for excessive or unfounded requests


15. Complaints

If you are unhappy with how we handle your personal data, please contact us first.


You also have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113

Website: https://www.ico.org.uk


16. Changes to this notice

We may update this Privacy Notice from time to time. The latest version will always be available on our website.

Copyright © 2025 Cyber Agony Aunts - All Rights Reserved.

Powered by

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept