Vambrace Cybersecurity Ltd Privacy Policy
The purpose of this Privacy Notice is to provide you with an explanation about how your personal information is processed by us as well as your rights in relation to your data. This notice applies to “you” and “your” as a ‘data subject’ when you are a user of our websites, as a client or as someone making an enquiry or interacting with us (including by phone, email, in-person at events or on social media). There are separate privacy notices for employees, candidates and suppliers.
We are Vambrace Cybersecurity, Airebank House Business Centre 423 Kirkstall Road, Leeds, LS4 2EZ, United Kingdom. In this notice, when we refer to “Vambrace Cybersecurity”, “we”, “us” or “our” we mean Vambrace Cybersecurity Limited, Company number 11757996, registered in the UK.
We are registered with local Data Protection Authorities in each country where we are required to do so. If you are unsure which company or data protection authority applies then please feel free to contact us on [email protected]
Our notice is designed to meet or exceed the obligations required by applicable data protection laws in each country we operate in around the world. Where the law differs significantly from this notice within a specific country we have included an addendum specifically for that country.
Please read this notice carefully. By visiting our site, or by interacting with us, you confirm that you have read and understood this notice. Should you have any queries or concerns please contact [email protected]
Our data protection principles:
We will always endeavour to comply with applicable data protection laws wherever in the world we process your personal data. We will always apply the following principles:
- We will be fair, lawful and transparent about how we use your personal data
- We will only use your personal data for the purpose we collected it (or compatible purposes)
- We will only collect and process the minimum amount of personal data we need for that purpose
- We will always ensure your personal data is accurate
- We will only keep your personal data for as long as we need it
- We will always ensure that we keep your personal data secure
- We will uphold your rights to your data
- We will comply with applicable data protection laws wherever you are in the world
We may collect personal information directly from you, or relating to you, in several ways. This may include:
- Visiting one of our websites
- Interacting with us by phone, email, post, in-person or by webchat
- Via our social media channels
- At events
- Through surveys and reviews
- Via CCTV footage if you visit one of our offices
- Registering your interest for our services via webforms
The following table explains the personal information we may collect and the different ways we may use it.
Vambrace Cybersecurity needs to know basic personal information about you in order to respond to requests you make to us and to provide you with information relating to our services and to carry out our services for you.
| Source | Type of data | Lawful basis | Why we collect it |
| Emails and Webchat | Name, Email Address/es, Content of email, metadata (open rates, click-throughs, device type, delivery rates for marketing emails). | Legitimate interest. Occasionally for other lawful basis such as fulfilment of a contract with you. |
To allow you and us to interact and exchange information. To allow us to market our services and products.
|
| Phone | Name, phone number. | Legitimate interest. |
To allow you and us to interact and exchange information.
|
| Social Media |
Name, Social media handle, company, photographs, content of posts, metadata. |
Legitimate interest. | To allow you and us to interact and exchange information. |
| Website | IP Address, Location, Device type, URL, metadata, browsing details
Name, Contact details and content from forms and surveys |
Legitimate Interest for Strictly Necessary cookies Consent for performance, Functional, analytical and targeting cookies Please see our Cookie Policy for more details
|
To enable you to have a good experience on our website.
To help us improve our website. To complete forms and allow us to respond to you. |
| Events | Name, Company, job title, contact details, areas of interest | Consent |
Allows us to confirm attendance and provide further information if requested
|
| On our Premises | Name, Company, people you are visiting, arrival and departure times, CCTV images | Legitimate Interest or Contractual |
It allows us to keep you and others safe and comply with applicable laws.
|
| Surveys | Name, contact details, responses | Consent or Legitimate Interests | To understand your opinions and improve our services |
Personal Details for Specific Business Activities: When you engage Vambrace Cybersecurity, you may be required to supply further personal information about you or your staff in line with the requirements of that service, accreditation scheme regulator or other national regulator provisions under which Vambrace Cybersecurity operates. These activities will have a corresponding privacy notice specific to that activity if deemed necessary.
Client Training Services: we collect personal information about you such as name, email address, contact details (private or work-related), choice of course, attendance, completion level attained and any other information that you yourself provide through our designated course portal or other channels.
Marketing and Client Relationship Purposes: we use our legitimate business interests in processing your personal details in order to maintain and enhance existing and ongoing relationships we have, or would like to have, with you and your organisation. This may include approaching you for real-time feedback on our services, research, and surveys on our current business offering. Our marketing system allows you to configure your preferences and object to or opt-out of receiving marketing materials at any time.
Special Category Personal Data: We will never collect or process sensitive personal data unless required to do so for a specific and valid lawful purpose. In this case we will seek your prior explicit consent and provide you with a detailed explanation of how and why we process your data. Sensitive personal data will be processed in accordance with this policy and all applicable data protection laws including those related to international transfer of sensitive personal data.
We may process information from other joint venture partners, third parties, or service providers contracted to carry out work on our behalf. We may be required by law to collect certain information, require it to perform a contract or prior to entering into a contact with you. These include, but are not limited to:
- Application and System Vendors and sub-contractors who provide services to us to allow us to
- Conduct our business and services on your behalf
- Banks for facilitation of payments
- Credit reference agencies
- Debt recovery agencies
- Data providers to ensure our data is validated, accurate, complete and maintained
- Accreditation bodies
- Delivery services (document signing, postal services) in the course of business
- Government and law agencies where required to do so
- Audit and certification bodies
Vambrace Cybersecurity use your data for a number of purposes. Each will have its own lawful basis and be compliant with all applicable data protection laws. These purposes include, but aren’t limited to:
- Carrying out our business (including marketing)
- Conducting services on behalf of our clients (including the third parties we may use to achieve this)
- Complying with legal obligations
- To interact with, communicate with and respond to you
- To conduct surveys and research
Vambrace Cybersecurity will hold your personal information securely using appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we do not disclose your personal information to anyone outside our own group, except (i) when necessary for the purposes stated in this Privacy Notice; and (ii) where we have appropriate safeguards are in place to ensure such information will continue to be held and used in accordance with this notice and all applicable data protection laws.
Your personal information will be kept by Vambrace Cybersecurity for no longer required for the purpose it was collected for (unless required differently by law).
Vambrace Cybersecurity may collect personal data from you in the country in which you work or live. We, and those third parties that process data for us, store and otherwise process that personal data in various locations around the world including the UK, in the European Economic Area (EEA) and in any other country in which we operate.
We will make sure that any transfers of your personal data from one country to another comply with all applicable data protection and privacy laws which apply to us and you. We will not transfer personal data outside of a country where there are restrictions on doing so.
We will ensure that we:
- Include standard data protection contractual clauses or a transfer agreement
- Contracts and subcontractor contracts to protect the data being transferred or
- Ensure that the country in which your personal data will be handled has been deemed “adequate” by the relevant countries
- Ensure a data transfer risk assessment has been conducted
- Put in technical and operational measures to ensure that, where applicable, data is segregated and protected according to the applicable data protection laws
You have a number of legal rights relating to your personal information which you can find in the table below.
You can manage your rights and preferences through the following channels:
- Via a direct request to a team member
- An unsubscribe link on marketing communications
- Directly to our Data Protection Team at [email protected]
- Calling Vambrace Cybersecurity on 0330 460 4633
| Your right | Description | Examples |
| To be informed how we process your personal data |
You have the right to be informed about how we process your data. This is explained to you in this privacy notice and in any privacy statement when we collect your data
|
Our Privacy Notice (this notice) and privacy statements when we collect your data at an event or via the website. |
| Access your personal data |
You have the right to ask us what personal information we hold about you, how we process it and for a copy of any personal data related to you
|
A copy of the personal information we hold about you (or related to you) in a searchable system.
Please note that some data may be redacted. |
| Rectify your personal data | You have the right to ask us to correct inaccurate or incomplete personal information that we hold about you. |
Changes to your name, contact details such as email, or place of work. Please note that we may need to verify a requested change with you or another party.
|
| Erase your personal data | You have the right to request that we permanently erase your personal data |
Erasure of contact details if we are no longer interacting with you. Please note that in some cases we may refuse to erase data where there is a lawful basis to retain it (e.g. regulatory or other legal reason) or where we require your information to deliver a product or service. |
| Restrict the processing of your personal data | The right to request that we restrict the inclusion of your personal data within specific processes |
That we restrict the use of your personal data for marketing (withdraw consent)
|
| Object to your personal data being processed | The right to object, at any time, to the processing of your personal data |
That we stop processing your personal data. Please note that is some cases we continue processing where there is a lawful basis to retain the data (e.g. regulatory or other legal reason) or where we require your information to deliver a product or service. |
| Right to request human intervention | The right to request human intervention if we use any automated decision making or profiling |
To review or change a decision where it has been made by a computer or algorithm (e.g. a credit check). A human will review specific details that may have not been taken into consideration. |
| Portability of your Personal Data |
The right to have a copy of your personal data to be transferred securely and in a useable format to another data controller
|
This right only applies to personal data relating to you. |
| Right to Complain | You have the right to complain to a supervisory data authority if you feel we have not processed your personal data appropriately. | If you feel we are unlawfully processing your data or if there was a data breach and we haven’t adequately informed you. |
| Control over your Personal Data being sold or disclosed |
The right to know whether we sell or disclose your data, and to whom. You also have the right to say no to us doing so. |
We do not sell data. We would only disclose data where contractually agreed with you, or for other lawful processes where required.
|
| Not to be discriminated against |
The right not to be discriminated against for exercising your privacy rights. | You will not face any retribution or penalty for exercising your privacy rights with us |
If you have any questions regarding this Privacy Notice or our use of your personal information, or if you wish to exercise your legal rights regarding your personal data, please contact our Data Protection Officer by:
- Email: [email protected]
- Post: Data Protection Officer, Vambrace Cybersecurity, Airebank House Business Centre 423 Kirkstall Road, Leeds, LS4 2EZ, United Kingdom
If you have a complaint regarding how your personal information has been handled by Vambrace Cybersecurity, please contact our Data Protection Officer, using the details provided above.
You also have a legal right to lodge a complaint with the supervisory authority in the relevant country.
We may change the content of this Privacy Notice from time to time without notice to you. You should check this Privacy Notice occasionally to ensure that you are aware of the most recent version. This Privacy Notice was last updated: November 2025