Privacy Policy

Norton Consultancy Ltd

1. Introduction

Norton Consultancy Ltd ("we", "us", "our") is a strategic cyber consultancy serving clients across defence, security, and regulated industries. We are committed to protecting the privacy and confidentiality of our clients, partners, and website visitors. This Privacy Policy outlines how we collect, use, store, and protect personal data in accordance with the UK GDPR, Data Protection Act 2018, and other applicable regulations.

2. Scope

This policy applies to:

  • Visitors to our website
  • Clients and prospective clients
  • Partners, suppliers, and subcontractors
  • Individuals engaging with us via email, phone, or digital platforms

3. Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: Name, title, organisation, job role
  • Contact Data: Email address, phone number, postal address
  • Engagement Data: Communications, project briefs, proposal documents
  • Technical Data: IP address, browser type, device identifiers (via cookies)
  • Compliance Data: Due diligence records, NDAs, and regulatory disclosures

4. How We Use Your Data

We process personal data for the following purposes:

  • To respond to enquiries and deliver consulting services
  • To develop proposals, quotes, and strategic engagement models
  • To manage contracts, billing, and compliance obligations
  • To improve our digital presence and client experience
  • To meet legal, regulatory, and cybersecurity requirements

5. Legal Basis for Processing

We rely on the following lawful bases:

  • Contractual necessity: For delivering services and fulfilling agreements
  • Legitimate interests: For business development, analytics, and security
  • Legal obligation: For regulatory compliance and record-keeping
  • Consent: Where required for marketing or optional communications

6. Data Sharing and Disclosure

We do not sell personal data. We may share data with:

  • Trusted subcontractors and service providers under strict confidentiality
  • Legal or regulatory authorities where required by law
  • Secure cloud platforms for document management and communication
  • All third-party processors are vetted for compliance and data protection standards.

7. International Transfers

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

8. Data Retention

We retain personal data only as long as necessary for the purposes stated above, or as required by law. Strategic project records may be archived for audit and continuity purposes.

9. Your Rights

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Object to or restrict processing
  • Withdraw consent (where applicable)
  • Lodge a complaint with the ICO
  • To exercise these rights, contact us at: info@nortonconsultancy.uk

10. Security Measures

We implement robust technical and organisational controls to safeguard data, including:

  • Encrypted communications and secure file storage
  • Role-based access and audit trails
  • Cyber hygiene protocols aligned with NCSC guidance

11. Cookies and Analytics

Our website may use cookies and analytics tools to improve user experience. You can manage cookie preferences via your browser settings.

12. Updates to This Policy

We may update this policy periodically. The latest version will always be available on our website.

©Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.