Cookie & Privacy Policy

Lomond Cyber Ltd · Last updated: April 2026

Introduction

This Privacy Policy explains how Lomond Cyber Ltd (“Lomond Cyber”, “we”, “us”, “our”) collects, uses, stores and protects your personal data when you visit our website, contact us, or use our services.

Lomond Cyber Ltd is the data controller responsible for your personal data. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy or how we handle your data, please contact us at info@lomondcyber.com.

What information we collect about you

We collect and process personal data about you when you interact with us. The personal data we process may include, but is not limited to:

  • Your name
  • Your work or home address, email address and/or phone number
  • Your job title
  • Your areas of business interest
  • Your username and password
  • Information related to the browser or device you use to access our website
  • Details of your visits to our website, including traffic data, location data, weblogs and other communication data
  • Any other information you provide

Lawful basis for processing

Under UK GDPR, we are required to identify a lawful basis for each type of processing we carry out. We rely on the following bases:

  • Contract - where processing is necessary to provide a service you have requested or to take steps prior to entering a contract with you.
  • Legitimate interests - where processing is necessary for our legitimate business purposes, including improving our services, communicating with you, and maintaining the security and integrity of our systems. We have assessed that these interests are not overridden by your rights and interests.
  • Legal obligation - where we are required to process your data to comply with a legal requirement.
  • Consent - where you have given us specific, informed consent to process your data for a particular purpose (such as receiving marketing communications). You may withdraw consent at any time.

What we use your information for

We may store and use your personal information:

  • To manage your project and process orders
  • To personalise our communications to you, our website and products or services for you, in accordance with our legitimate interests
  • To allow us to communicate with you and provide services appropriate to your needs
  • To improve our products and services and develop new ones
  • To monitor use of our websites and online services, to help us check, improve and protect our products, content, services and websites, both online and offline, in accordance with our legitimate interests
  • To ensure we meet our legal requirements
  • To send you marketing communications where you have consented to receive them, or where we have a legitimate interest in doing so

Our legitimate interests include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.

Sharing your personal information

Lomond Cyber will not share your information for marketing purposes.

We may share your personal data with third parties:

  • Our professional advisors such as our auditors and external legal and financial advisors
  • Our suppliers, business partners and sub-contractors, search engine and web analytics providers
  • Law enforcement or regulatory bodies where we are required to do so by law or a binding court order

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Using your personal data for marketing

We may send you information about products and services which may be of interest to you or the company you work for.

You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please email: info@lomondcyber.com

You may opt out of our marketing emails at any time by clicking the ‘unsubscribe’ link at the end of our marketing emails.

However, if you tell us you don’t want to receive marketing communications, then you may not hear about products or other services that may be of interest to you.

Your rights

Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at info@lomondcyber.com.

  • Right of access - you have the right to request a copy of the personal data we hold about you.
  • Right to rectification - you have the right to ask us to correct personal data that is inaccurate or incomplete.
  • Right to erasure - you have the right to ask us to delete your personal data in certain circumstances (for example, where it is no longer necessary for the purposes for which it was collected).
  • Right to restrict processing - you have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Right to data portability - where processing is based on your consent or the performance of a contract, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to ask us to transfer it to another organisation.
  • Right to object - you have the right to object to processing of your personal data where we are relying on legitimate interests as the lawful basis, or where your data is being used for direct marketing.
  • Rights in relation to automated decision-making - you have the right not to be subject to decisions made solely by automated processing that produce legal or similarly significant effects on you. We do not currently carry out any such automated processing.

We will respond to any request within one month. We may need to verify your identity before responding. There is no charge for making a request, although we may charge a reasonable fee if a request is manifestly unfounded, excessive or repetitive.

Right to complain to the ICO

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

You can contact the ICO at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the chance to address your concerns before you approach the ICO - please contact us in the first instance at info@lomondcyber.com.

How long will we keep your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

As a general guide, we retain client contact and service records for six years following the end of our engagement, in line with standard limitation periods under the Limitation Act 1980. Website enquiry data is retained for no longer than two years unless a client relationship has developed.

Processing outside of the United Kingdom

Lomond Cyber is a UK-based company and processes personal data primarily within the United Kingdom, in accordance with the UK GDPR and the Data Protection Act 2018.

The personal data that we collect from you may be transferred to and stored outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place, such as transfers to countries that have been recognised by the UK Government as providing an adequate level of protection, or the use of UK International Data Transfer Agreements (IDTAs) or equivalent contractual protections.

To find out more about how your personal information is protected when transferred internationally, please contact us at info@lomondcyber.com.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

We use the following categories of cookies on our website:

  • Strictly necessary cookies - these are essential for the website to function and cannot be switched off. They do not require your consent.
  • Analytics cookies - these help us understand how visitors interact with our website by collecting and reporting information anonymously. We use these only with your consent.
  • Functionality cookies - these allow the website to remember choices you make (such as your cookie preferences) to provide enhanced features. We use these only with your consent.

When you first visit our website, you will be asked to consent to the use of non-essential cookies. You may withdraw or change your consent at any time by adjusting your cookie settings via the link in the footer of our website.

You can also set your browser not to accept cookies. For further information visit www.aboutcookies.org or www.allaboutcookies.org. However, in some cases certain website features may not function as a result.

Other websites

Our website may contain links to other websites. This privacy policy only applies to our website, so when you link to other websites you should read their own privacy policies.

Changes to our privacy policy

We keep our privacy policy under regular review and we will update it as required. We will notify you of any material changes by posting a prominent notice on our website or, where appropriate, by contacting you directly. This privacy policy was last updated on April 2026.

How to contact us

Please contact us if you have any questions about our privacy policy or the information we hold about you:

By email: info@lomondcyber.com

By post: Lomond Cyber Ltd, Southgate Chambers, 37-39 Southgate Street, Winchester, SO23 9EH

For data protection enquiries, please mark your correspondence for the attention of the Data Controller.