1. Introduction
This Privacy Policy explains how BlackTalon (“we”, “us”, “our”) collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection laws where relevant. We operate from the United Kingdom and may provide services to clients globally.
2. Data Controller
BlackTalon acts as the data controller for personal data collected through this website and during service engagements unless otherwise agreed in writing.
3. Information We Collect
We may collect personal data including name, company details, role/title, contact information, incident information submitted via enquiry forms, and any additional information voluntarily provided. We may also collect limited technical data such as IP address and browser type for security and operational purposes.
4. Lawful Basis for Processing
We process personal data under lawful bases including legitimate interests, contractual necessity, legal obligation, and consent where required. Legitimate interests include responding to enquiries, delivering professional services, and maintaining security and governance standards.
5. How We Use Personal Data
Personal data is used to respond to enquiries, provide services, conduct due diligence, fulfil contractual obligations, maintain compliance, and protect legal rights. We do not use personal data for consumer marketing or unrelated promotional activities.
6. Data Retention
Personal data is retained only for as long as necessary to fulfil its purpose, meet contractual requirements, or comply with legal and regulatory obligations. Retention periods vary depending on the nature of the engagement and applicable laws.
7. Data Sharing
We do not sell personal data. Information may be shared with legal advisers, insurers, regulatory authorities, or professional partners where necessary and lawful. International transfers will be subject to appropriate safeguards in accordance with UK GDPR requirements.
8. Security Measures
We implement appropriate technical and organisational measures to protect data, including encrypted communications, restricted access controls, and secure hosting environments.
9. Your Rights
Individuals have rights under UK GDPR including access, rectification, erasure, restriction, objection, and data portability where applicable. Requests may be made in writing to our designated contact point.
10. Complaints
If you are dissatisfied with how we handle personal data, you may contact us directly or lodge a complaint with the Information Commissioner’s Office (ICO) in the United Kingdom.