Skip to main content
Scroll to top
Book a Discovery Call

Privacy Policy

  • Home
  • Privacy Policy

Last updated: May 2026  Â·  Cyber Threat Defense Consulting Ltd

This policy explains how Cyber Threat Defense Consulting Ltd (“CTDC”, “we”, “us”) collects, uses, and protects personal data when you use our websites or contact us directly. It applies to data subjects in the United Kingdom, the European Union, and Romania.

Data Controllers

UK entity: Cyber Threat Defense Consulting Ltd, registered in England and Wales. Registered with the Information Commissioner’s Office (ICO) - registration number: ZA913980.
Address: 1 Kings Avenue, London N21 3NA, United Kingdom.
Contact: contact@ctdc.io

Romanian entity: Cyber Threat Defense Consulting S.R.L., registered in Romania, operating the Romanian-language section of this website at ctdc.io/ro/.
Contact: contact@ctdc.ro

Both entities are hosted under the single domain ctdc.io (UK content at the root; Romanian content at /ro/). Each entity acts as an independent data controller for data collected via its respective locale and services.

Data Protection Officer (DPO)

We have designated a Data Protection Officer responsible for overseeing compliance with applicable data protection law.

You may contact the DPO directly for any privacy-related matter, including to exercise your rights.

What we collect

When you submit an enquiry or book a call we collect your name, email address, phone number (if provided), and the content of your message. We also collect standard web server logs (IP address, browser type, pages visited) for security and performance monitoring. We use analytics cookies to understand how visitors interact with our site; these are set only after you give consent via our cookie banner (see Cookies section below).

How we use your data

We use your contact details to respond to your enquiry and, where you have requested it, to provide our services. We may retain correspondence as part of our engagement records. We do not use your data for marketing without separate consent.

Lawful bases (UK GDPR / EU GDPR)

  • Responding to enquiries - legitimate interests (Article 6(1)(f))
  • Providing contracted services - performance of a contract (Article 6(1)(b))
  • Legal obligations - compliance with applicable law (Article 6(1)(c))
  • Analytics cookies and optional marketing communications - consent (Article 6(1)(a))

Retention

Enquiry records are kept for up to 2 years from last contact unless an engagement follows. Engagement and contract records are retained for 7 years in accordance with UK and Romanian accounting and regulatory requirements. Security assessment reports are retained in accordance with the terms agreed in each engagement.

Data sharing and sub-processors

We do not sell personal data. We may share data with the following vetted sub-processors under data processing agreements:

  • Amazon Web Services (AWS) - cloud hosting and content delivery (eu-west-1, EU region)
  • Atlassian (Jira Service Management) - support ticket management
  • Calendly - appointment booking
  • Cookiebot (Cybot A/S) - cookie consent management and consent record storage

We may disclose data where required by law or a competent authority. Sub-processor list is reviewed annually.

Security measures

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (TLS), access controls, regular security assessments, and staff awareness training. As a cybersecurity firm, security is central to how we operate.

International transfers

Our primary hosting is within the EU/EEA (AWS eu-west-1). Where data is processed outside the UK or EEA, we ensure appropriate safeguards are in place (UK adequacy decisions or Standard Contractual Clauses).

Your rights

Depending on your jurisdiction, you have the right to access, correct, erase, restrict processing of, and port your personal data. You may also object to processing based on legitimate interests. Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal (Article 7(3)). These rights apply under UK GDPR (UK residents) and EU GDPR (EU/Romanian residents). To exercise any right, contact dpo@ctdc.io (UK) or dpo@ctdc.ro (Romania/EU). We will respond within one calendar month.

Cookies

This site uses cookies in two categories:

  • Strictly essential cookies - required for the site to function (session management, security). No consent is required for these under UK PECR and EU ePrivacy rules.
  • Analytics cookies - we use analytics to understand how visitors use our site (pages visited, traffic sources). These cookies are only set after you give explicit consent via our cookie banner. You may withdraw consent at any time by revisiting the banner.

Cookie consent is managed by Cookiebot (Cybot A/S) via a single implementation on the ctdc.io domain. This covers both the UK locale (ctdc.io) and the Romanian locale (ctdc.io/ro/) - one consent banner, one consent record, one domain. Cookiebot acts as a sub-processor for consent records and operates in auto-blocking mode, which prevents non-essential scripts from running until you give consent. Service processors Calendly (appointment booking) and Atlassian Jira Service Management (support) set functional cookies as part of their services; these fall under the preferences/functionality category and are blocked by Cookiebot until you consent. You can review and change your preferences at any time by clicking the cookie settings link in our site footer.

Supervisory authorities

UK residents may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Romanian / EU residents may lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at dataprotection.ro, or with the supervisory authority in their EU member state of residence.

This policy will be reviewed annually and updated as our processing activities change. Material changes will be communicated by email to active clients and notified prominently on this page.