GDPR Compliance Statement

Last Updated: May 10, 2026

Our Commitment to GDPR

cyber-helix is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize the importance of protecting personal data and have implemented comprehensive measures to ensure compliance.

Data Controller Information

cyber-helix acts as the data controller for personal information collected through this website and during service delivery. We determine the purposes and means of processing your personal data.

Data Controller:
cyber-helix
127 Kensington High Street
London, W8 5SF
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a valid legal basis:

Consent

When you provide explicit consent by submitting forms, subscribing to communications, or agreeing to specific processing activities. You may withdraw consent at any time.

Contract Performance

Processing necessary to fulfill service agreements, deliver consulting engagements, and manage client relationships.

Legitimate Interests

Processing necessary for our legitimate business interests, including:

• Website operation and security
• Service improvement and development
• Fraud prevention
• Internal administration

Legal Obligation

Processing required to comply with legal and regulatory requirements, including tax, accounting, and professional standards.

Your GDPR Rights

Right to Access

You can request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw consent and no other legal basis exists
• You object to processing and no overriding legitimate grounds exist
• The data was unlawfully processed

Right to Restriction

You can request that we limit processing of your personal data in certain circumstances.

Right to Data Portability

You can receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not engage in automated decision-making or profiling.

How to Exercise Your Rights

To exercise any GDPR rights, submit a request to [email protected]. Include:

• Your full name and contact information
• Description of the right you wish to exercise
• Relevant details to help us locate your data

We will respond within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of any delay.

Data Protection Measures

Technical Safeguards

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Firewall and intrusion detection systems

Organizational Safeguards

• Staff training on data protection principles
• Confidentiality agreements with employees and contractors
• Data protection impact assessments for high-risk processing
• Incident response procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and inform affected individuals without undue delay.

International Transfers

Personal data is primarily stored and processed within the United Kingdom. Any international transfers comply with UK GDPR requirements through appropriate safeguards such as standard contractual clauses or adequacy decisions.

Data Retention

We retain personal data only for as long as necessary:

• Inquiry data: 2 years from last contact
• Client project data: 7 years from project completion
• Financial records: 7 years as required by law
• Marketing consent: Until withdrawn or 3 years of inactivity

Third-Party Processing

We engage carefully vetted third-party processors for specific functions. All processors:

• Are bound by data processing agreements
• Process data only on our instructions
• Implement appropriate security measures
• Assist with data subject requests
• Delete or return data upon termination

Children's Data

Our services target businesses and professional audiences. We do not knowingly process personal data of individuals under 18 years of age.

Updates to This Statement

We review and update this GDPR compliance statement regularly to reflect changes in our practices or legal requirements. Material changes will be communicated through our website.

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you may:

1. Contact us directly at [email protected] to resolve the matter
2. Lodge a complaint with the Information Commissioner's Office (ICO)

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Phone: 0303 123 1113
Website: ico.org.uk

Contact for GDPR Matters

For questions about our GDPR compliance or to exercise your data protection rights:

Email: [email protected]
Subject Line: GDPR Request