Active Cyber Resilience (ACR) is an independent cyber security consultancy. Our website address is www.activecyber.org. We can be contacted at enquiries@activecyber.org.
We take privacy seriously. It is, after all, a significant part of what we help our clients protect. This policy explains what data we collect when you visit this website, why we collect it, and what we do with it.
Contact form submissions. If you use the contact form on this site, we collect your name, email address, and the content of your message. We use this solely to respond to your enquiry. We do not add you to any mailing list without your explicit consent.
Analytics data. If you accept cookies, we use Google Analytics to collect anonymised data about how visitors use this site. This includes pages visited, time spent on site, approximate geographic location (country or region level), and the device and browser used. This data is aggregated and does not identify you personally. It helps us understand which content is useful and improve the site accordingly.
If you decline cookies, Google Analytics is not loaded and no analytics data is collected from your visit.
Server logs. Our hosting provider may collect standard server log data including IP addresses and request timestamps. This is standard practice for all web servers and is outside our direct control. Logs are retained for a limited period for security and operational purposes only.
We use one category of cookie: analytics cookies set by Google Analytics. These are only placed if you explicitly accept cookies via the banner shown on your first visit. Your preference is stored in your browser's local storage so we do not ask you again.
If you decline, no analytics cookies are set. You can change your preference at any time by clearing your browser's local storage for this site.
We do not use advertising cookies, tracking pixels, or any third-party marketing technology.
Contact form enquiries are retained for as long as necessary to manage the relationship or engagement they relate to, and no longer. Analytics data is retained in Google Analytics for 14 months, after which it is automatically deleted.
We do not sell, rent, or share your personal data with third parties for marketing purposes. The only third party with access to data collected on this site is Google (via Google Analytics), and only if you have accepted cookies. Google's privacy policy is available at policies.google.com/privacy.
Under UK GDPR you have the right to access the personal data we hold about you, request its correction or deletion, object to its processing, and request that we restrict processing in certain circumstances. To exercise any of these rights, contact us at the address below. We will respond within 30 days.
If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
This site may contain links to external websites. We are not responsible for the privacy practices of those sites and this policy does not apply to them.
We may update this policy from time to time. The date at the top of this page reflects when it was last revised. Continued use of the site after any changes constitutes acceptance of the updated policy.