Marcin PajdzikCISOADVISORY
Legal

Privacy Notice

Last updated: May 2025

Who I am

This website is operated by Marcin Pajdzik, an independent cybersecurity advisor based in the United Kingdom. For the purposes of UK GDPR, I am the data controller for personal information collected through this site.

You can contact me about data protection matters via the contact form.

What I collect and why

The only personal data I collect is what you choose to provide when you use the contact form: your name, email address, company name (optional), and the content of your message.

I use this information solely to read and respond to your enquiry. I do not use it for marketing, profiling, or any automated decision-making.

The legal basis for processing is legitimate interests (Article 6(1)(f) UK GDPR) — specifically, my legitimate interest in responding to business enquiries sent to me directly, which is balanced against the reasonable expectation of anyone who chooses to contact a professional adviser.

How your data is processed

When you submit the contact form, your message is transmitted to Amazon Web Services (AWS) and delivered to my inbox via Amazon Simple Email Service (SES). AWS acts as a data processor on my behalf. Data is processed within the AWS EU (Ireland) region. AWS is certified under the UK International Data Transfer Agreement (IDTA) and the EU–US Data Privacy Framework.

I do not share your personal data with any other third parties.

How long I keep your data

I keep enquiry correspondence for as long as it is reasonably necessary — typically for the duration of any engagement or conversation, and for up to 12 months thereafter. If nothing comes of an enquiry, I will delete it within 12 months of the last exchange.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data I hold about you
  • Have inaccurate data corrected
  • Request erasure of your data (the "right to be forgotten")
  • Restrict how I process your data
  • Object to processing based on legitimate interests
  • Receive your data in a portable format

To exercise any of these rights, use the contact form. I will respond within one month.

Cookies and analytics

This website uses Google Analytics 4 to collect anonymised information about how visitors use the site — for example, which pages are visited and how long is spent on each. This helps me understand whether the site is useful and where it can be improved.

Google Analytics sets cookies (including _ga and _ga_K52DPLTJRT) to distinguish visitors. IP addresses are anonymised before any data is sent to Google. No personally identifiable information is collected through analytics.

Data is processed by Google LLC under Google's own privacy policy. You can opt out of Google Analytics across all websites using the Google Analytics opt-out browser add-on.

How to complain

If you have a concern about how I handle your personal data, please contact me first and I will do my best to resolve it. You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
ico.org.uk/make-a-complaint

Changes to this notice

If I make material changes to this notice, I will update the date at the top of the page. This notice applies from May 2025.