Privacy Policy

Privacy Notice

Last updated: 28 December 2025

1. Who we are

This website is operated by IAS Ltd (“we”, “us”, “our”), a company established in the United Kingdom. We provide strategic advisory services, specialist technical support, research, and education in the fields of cyber security, resilience, and secure infrastructure.

For the purposes of UK data protection law, IAS Ltd is the data controller of personal data collected through this website.

Email: privacy@iasltd.biz
Postal address: Unit 5B, Valley Industries, Cuckoo Lane, Tonbridge, Kent, TN11 0AG

2. Personal data we collect

We may collect and process the following categories of personal data when you use this website:

  • Contact details: such as your name, email address, organisation, and any information you choose to provide when contacting us via forms or email.
  • Usage data: information about how you use the website, such as pages visited, time and date of visits, and referring websites. This may be collected via cookies or similar technologies.
  • Technical data: such as IP address, browser type and version, device type, and operating system, as provided by your browser or device.

If, in future, we provide subscriber-only content, publications, or client portals, we may process registration details and account-related information. Any such processing will be covered by this notice or by a specific supplementary privacy statement.

3. How we use personal data and our legal bases

We use personal data collected via this website for the following purposes:

  • Responding to enquiries: to respond to messages submitted via contact forms or email. The legal basis is our legitimate interests in operating our business, or contract where we are taking steps at your request prior to entering into an agreement.
  • Operating and securing the website: to maintain functionality, performance, and security, including monitoring for misuse or technical issues. The legal basis is our legitimate interests.
  • Website analytics (where used): to understand how visitors use the site and to inform improvements. Where required by law, analytics are used only with your consent, obtained via the cookie banner.
  • Legal and compliance purposes: where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

4. Cookies and similar technologies

We use cookies and similar technologies to ensure the website functions correctly and, where enabled, to understand how it is used.

Essential cookies are required for core site functionality and are set automatically. Non-essential cookies, such as analytics cookies, are used only where you have provided consent via the cookie banner.

Further information about cookies, including how to manage your preferences, is available in our Cookie Policy.

5. How long we keep personal data

We retain personal data only for as long as reasonably necessary for the purposes described in this notice, unless a longer retention period is required or permitted by law.

  • Enquiry-related data: typically retained for up to 24 months after the last interaction.
  • Technical and usage data: generally retained for 12–24 months, depending on the purpose and system involved.

6. Sharing personal data

We may share personal data with:

  • Service providers (processors), such as website hosting, IT support, email, form handling, or analytics providers, who process data only on our instructions.
  • Professional advisers, including legal, accounting, or insurance advisers, where reasonably necessary.
  • Authorities or other parties, where required by law or necessary to establish, exercise, or defend legal claims.

We do not sell personal data and do not share personal data with third parties for their own marketing purposes.

7. International transfers

Some service providers may process personal data outside the UK or the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as adequacy regulations or approved standard contractual clauses.

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. This includes secure hosting, access controls, and appropriate configuration of systems.

While we take reasonable steps to protect personal data, no internet-based system can be guaranteed to be completely secure.

9. Your rights

Under UK data protection law, you have rights including:

  • The right to access your personal data.
  • The right to request correction of inaccurate or incomplete data.
  • The right to request erasure in certain circumstances.
  • The right to restrict processing in certain circumstances.
  • The right to object to processing based on legitimate interests.
  • The right to withdraw consent where processing is based on consent.

To exercise your rights, please contact us using the details above. We may need to verify your identity before responding.

10. Complaints

If you have concerns about how we handle personal data, please contact us first. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

https://ico.org.uk

11. Changes to this notice

We may update this Privacy Notice from time to time. Any changes will be posted on this page and reflected in the “Last updated” date above.