Privacy Notice
Last updated: June 2026
Who we are
This website is operated by Pygic Ltd, a company registered in England and Wales, trading as Cyber Governance Partners. For the purposes of UK GDPR, Pygic Ltd is the data controller for personal information collected through this site.
You can contact us about data protection matters via the contact form.
What we collect and why
We collect personal data through four channels, each with a distinct purpose and legal basis.
Contact form
When you use the contact form, we collect your name, email address, company name (optional), and the content of your message. We use this to respond to your enquiry and may use it to contact you about relevant topics. The legal basis is legitimate interests (Article 6(1)(f) UK GDPR), specifically our interest in responding to business enquiries and maintaining relevant contact, balanced against the reasonable expectation of anyone who contacts a professional adviser.
Briefing subscription
When you subscribe to receive email communications, we collect your name, email address, and company name (optional). We send a confirmation email before adding you to the mailing list; your subscription is not active until you click the confirmation link. Every email contains an unsubscribe link. The legal basis is consent (Article 6(1)(a) UK GDPR). You may withdraw consent at any time by using the unsubscribe link or contacting us.
PDF downloads
When you request a PDF executive briefing, we collect your name, email address, and company name (optional). We use this to email you a download link and may use it to contact you about relevant topics. The legal basis is legitimate interests (Article 6(1)(f) UK GDPR).
CRA applicability tool
When you request an assessment summary from the CRA applicability tool, we collect your name, role, company name, and email address. We use this to send you the summary and may use it to contact you about relevant topics. The legal basis is legitimate interests (Article 6(1)(f) UK GDPR).
We do not use any of the above for automated decision-making or profiling.
How your data is processed
Form submissions and email delivery are handled by Amazon Web Services (AWS), acting as a data processor on our behalf. Data is processed within the AWS EU (Ireland) region. AWS is certified under the UK International Data Transfer Agreement (IDTA) and the EU–US Data Privacy Framework.
Contact records are stored in HubSpot, a CRM platform operated by HubSpot Inc. EU customer data is stored in HubSpot's EU data centre. HubSpot is certified under the EU–US Data Privacy Framework and acts as a data processor under a data processing agreement with us.
How long we keep your data
Enquiry correspondence is kept for up to 12 months from the last exchange, or for the duration of any engagement that results from the enquiry.
CRM contact records are kept while the contact relationship is active. If you subscribed to briefings, your record is kept until you unsubscribe or request erasure. You can request deletion at any time using the contact form.
Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Have inaccurate data corrected
- Request erasure of your data (the "right to be forgotten")
- Restrict how we process your data
- Object to processing based on legitimate interests
- Receive your data in a portable format
To exercise any of these rights, use the contact form. We will respond within one month.
Cookies and analytics
This website uses Google Analytics 4 to collect anonymised information about how visitors use the site — for example, which pages are visited and how long is spent on each. This helps us understand whether the site is useful and where it can be improved.
Google Analytics sets cookies (including _ga and _ga_K52DPLTJRT) to distinguish visitors. IP addresses are anonymised before any data is sent to Google. No personally identifiable information is collected through analytics.
Data is processed by Google LLC under Google's own privacy policy. You can opt out of Google Analytics across all websites using the Google Analytics opt-out browser add-on.
How to complain
If you have a concern about how we handle your personal data, please contact us first and we will do our best to resolve it. You also have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
ico.org.uk/make-a-complaint
Changes to this notice
If we make material changes to this notice, we will update the date at the top of the page. This notice applies from June 2026.