How NeedSec handles personal data

This policy applies to visitors to the NeedSec website, people who submit contact or quote forms, clients, suppliers, and people who communicate with NeedSec about cyber security services.

NeedSec provides cyber security services including penetration testing, Cyber Essentials certification assessment, secure web development, cloud security assessment, API testing, and related advisory work.

We collect information you choose to provide and technical information generated when the website is used. This may include contact details, business details, service requirements, message content, and limited website security logs.

Where an enquiry relates to security testing, you may choose to provide asset names, system types, URLs, compliance requirements, testing windows, or other scoping information. Please only provide information that is necessary at the enquiry stage.

We use personal data to respond to enquiries, prepare quotes, deliver requested services, manage client relationships, protect the website, maintain records, and meet legal or contractual duties.

We do not sell personal data. We do not use enquiry information for unrelated third-party advertising.

Depending on the context, we may process personal data because it is necessary to take steps before entering into a contract, to perform a contract, to comply with legal obligations, or because NeedSec has a legitimate interest in responding to enquiries, operating securely, and improving services.

Where consent is required, you may withdraw consent at any time by contacting NeedSec.

Cyber security enquiries can contain sensitive details. NeedSec treats scoping information, vulnerability details, reports, credentials provided for authorised testing, and client system information as confidential.

Do not submit passwords, private keys, seed phrases, production secrets, payment card data, patient data, or other highly sensitive information through public website forms. Safer transfer methods can be agreed when needed for a project.

The website may use necessary cookies or similar technologies to support core functionality, security, admin access, abuse prevention, and basic site operation.

If analytics or optional tools are used, they should be configured to collect only proportionate information for understanding website performance and improving content.

We may share information with trusted service providers who help operate the website, email, hosting, security, administration, or client delivery processes. They should only process information for agreed purposes.

We may also share information if required by law, regulation, court order, professional advisers, insurers, or where necessary to protect rights, safety, systems, or services.

Some technology providers may process data outside the UK. Where this happens, NeedSec expects appropriate safeguards to be used, such as adequacy regulations, standard contractual clauses, or equivalent protections.

We keep personal data only for as long as needed for the purpose it was collected, including enquiry handling, project delivery, reporting, legal, accounting, compliance, dispute, and security requirements.

Enquiry data that does not become a client relationship is normally retained only for a reasonable business period unless there is a need to keep it longer.

You may have data protection rights under UK data protection law, including access, correction, deletion, restriction, objection, and portability. These rights are not absolute and may depend on the context.

To make a request, contact NeedSec using the details below. We may need to verify your identity before acting on a request.

NeedSec may update this policy to reflect service, legal, operational, or website changes. The latest version will be published on this page with an updated date.