Legal

Privacy Policy

Cloud53 Ltd — Last updated: June 2025

Cloud53 Ltd (“Cloud53”, “we”, “us” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website, enquire about or purchase our services, or otherwise interact with us.

Cloud53 Ltd is registered in England and Wales (Company Number: 09447764) with its registered office at North Stage, 76 Broadway, Media City, Salford M50 2UW. We are the data controller for personal data collected through this website and in connection with our services.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions, please contact us at hello@cloud53.co.uk.

1. What Personal Data We Collect

We may collect and process the following categories of personal data:

Identity DataFirst name, last name, job title, company name.

Contact DataEmail address, telephone number, postal address.

Technical DataIP address, browser type and version, time zone, operating system, and other technology on the devices you use to access our website.

Usage DataInformation about how you use our website and services.

Marketing & Comms DataYour preferences in receiving marketing from us and your communication preferences.

Transaction DataDetails of services you have purchased from us and billing information.

We do not collect any special category personal data (such as data relating to health, ethnicity, religion, or biometric data) unless specifically required and agreed in writing.

2. How We Collect Your Personal Data

We collect personal data through the following means:

Direct interactions — when you complete a contact form, request a cyber scan, send us an email, call us, or enter into a contract with us.

Automated technologies — as you interact with our website, we may automatically collect Technical Data and Usage Data. We collect this data using cookies and similar technologies. Please see our cookie section below for further detail.

Third parties — we may receive personal data about you from analytics providers, advertising networks, or publicly available sources such as Companies House or LinkedIn, where relevant to providing our services.

3. How We Use Your Personal Data

We use your personal data only where we have a lawful basis to do so. The purposes for which we use your data and our corresponding lawful basis are:

To respond to enquiriesLegitimate interests — to respond to your questions and provide information about our services.

To deliver servicesPerformance of a contract — to provide managed IT, cyber security, and related services you have engaged us for.

To process paymentsPerformance of a contract — to collect and process payments for our services.

To run a cyber scanConsent — where you have requested a free cyber risk scan, we use your contact and domain information solely to generate and deliver your scan report.

To send marketingLegitimate interests or consent — to send you relevant updates, insights, and service information. You may opt out at any time.

To improve our websiteLegitimate interests — to analyse how visitors use our website and improve our content and services.

Legal complianceLegal obligation — to comply with applicable law, regulation, or court orders.

4. Marketing

We may send you information about our services, industry news, and security updates where you have indicated an interest or where we have a legitimate interest in doing so as an existing or prospective business customer.

You have the right to opt out of receiving marketing communications at any time. To do so, please email hello@cloud53.co.uk with the subject “Unsubscribe”, or use the unsubscribe link in any marketing email we send you.

We will never sell your personal data to third parties, and we will never share it with third parties for their own marketing purposes.

5. Sharing Your Personal Data

We do not sell your personal data. We may share your data with the following categories of recipients, strictly on a need-to-know basis:

Service providers and sub-processors — trusted third-party suppliers who assist us in delivering our services (e.g. cloud infrastructure providers, cyber security tooling). All such parties are subject to data processing agreements and are required to keep your data secure and confidential.

Professional advisers — lawyers, accountants, and insurers who provide professional services to us under duties of confidentiality.

Regulatory or legal authorities — where required by law, court order, or a government or regulatory authority.

Business transfers — in the event of a sale, merger, or acquisition of Cloud53 or its assets, your personal data may be transferred to the relevant third party, who will be bound by this Privacy Policy.

6. International Transfers

We store and process data primarily within the UK and the European Economic Area (EEA). Where we or our sub-processors transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place (such as UK International Data Transfer Agreements or Standard Contractual Clauses) to ensure your data receives the same level of protection as it does in the UK.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

As a general guide:

Client and contract data — retained for 7 years from the end of the contract, in line with HMRC requirements.

Enquiry and contact form data — retained for up to 2 years if no contract is entered into.

Cyber scan data — retained only for the period necessary to generate and deliver your report, after which contact data is anonymised or deleted.

Marketing preferences — retained until you opt out or withdraw consent, plus a short suppression period to honour your preference.

8. Cookies

Our website uses cookies to distinguish you from other users, improve your experience, and help us understand how our website is being used. Cookies are small text files placed on your device.

We use the following types of cookies:

Strictly necessary cookies — essential for the website to function. These cannot be disabled.

Analytical / performance cookies — allow us to recognise and count visitors and understand how they move around the website, so we can improve it. All data is aggregated and anonymised.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information about cookies, visit www.allaboutcookies.org.

9. Security

We take the security of your personal data seriously. As a cyber security company, we apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These measures include encrypted data transmission (TLS/HTTPS), access controls, and regular security reviews.

Where we have provided you (or where you have chosen) a password or access credential, you are responsible for keeping it confidential. We ask you not to share credentials with anyone.

While we take all reasonable steps to protect your data, no transmission over the internet is completely secure. Any transmission is at your own risk.

10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of accessYou have the right to request a copy of the personal data we hold about you (a Subject Access Request).

Right to rectificationYou have the right to ask us to correct inaccurate or incomplete personal data.

Right to erasureYou have the right to ask us to delete your personal data in certain circumstances (“the right to be forgotten”).

Right to restrictionYou have the right to ask us to restrict the processing of your personal data in certain circumstances.

Right to portabilityYou have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller.

Right to objectYou have the right to object to our processing of your personal data where we rely on legitimate interests, including for direct marketing.

Right to withdraw consentWhere processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at hello@cloud53.co.uk. We will respond within one calendar month. We may need to verify your identity before fulfilling a request.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO), at ico.org.uk or by calling 0303 123 1113.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies. This Privacy Policy applies solely to information collected by Cloud53.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The “Last updated” date at the top of this page will be revised accordingly. Where changes are material, we will take reasonable steps to notify you.

We encourage you to review this page periodically to stay informed about how we protect your data.

Contact Our Data Team

For any questions, requests, or concerns relating to your personal data or this Privacy Policy, please get in touch:

Email: hello@cloud53.co.uk

Phone: 0333 444 5353

Post: Cloud53 Ltd, North Stage, 76 Broadway, Media City, Salford M50 2UW

ICO Registration: Cloud53 Ltd is registered with the Information Commissioner’s Office as a data controller. Registration number: ZA265587.