Privacy Policy

How we protect and respect your data

At Cyber-Duck your data is as personal to us as it is to you, so we will protect and respect your privacy at all times. We comply with EU General Data Protection (GDPR) and the UK Data Protection Act 2018. Please read this Privacy Policy carefully as it describes when and why we collect personal information when you visit our website, how we use your data, how we keep it secure, and when we would disclose it to third parties.

We may make changes to this policy from time to time, such as complying with legislation updates or company policy.

How We Collect and Use Personal Data

We may obtain personal data directly from you in a variety of ways as indicated below. We only collect this data when you voluntarily submit such information to us for any of the following reasons:

Prospect Enquiries

Via our web enquiry form, you may submit details including name, company, email address and telephone number. Additional information may be supplied voluntarily that will help us engage with your enquiry on a more personal level. If you are a business prospect, we will also add your data to a customer relationship management (CRM) record if you provided a business card to any of the Cyber-Duck business development team.

When you provide your personal details to us they will be stored securely. We may use your information to conduct legitimate business interest communication with you for the purposes of developing a business relationship, unless other options for communication have been selected or you have unsubscribed to this content.

Newsletters and Events

You may choose to opt-in to other types of communication when completing forms on our website. These communications may include regular email newsletters or invitations to events. If data fields are marked as mandatory, this is to enhance and personalise your experience with us, particularly around event attendance.

Subscribers can change preferences or unsubscribe at any time by using links provided in these emails. We will also add your data to a CRM record if you’ve provided our team with business cards at events and workshops, as part of our legitimate business interests with you, we may use this data to invite you to similar events in the future. Any issues with managing subscriptions or data can be quickly brought our attention by contacting

Careers and job applications

You may send us personal details including email address, name, and details on a CV, via our website. We currently use a PeopleHR (see third party processors section below) to process applications for career related submissions. We consider submission of an application as the user giving consent for this data to be used for the processing of a job application but not for any other purpose, unless a user opts-in to receive other email communication while completing forms on our website.

Gated content from insights

We may gather your personal identification information in connection with using resources (like the UX Book) that we make available on our website. We will collect personal identification information only if you’ve voluntarily submitted such information to us, either by completing the form or using LinkedIn authentication. You can decline to supply personal identification information, except that it may prevent us from providing you with this gated content.

Non-personal identification data

We may collect non-personal identification information whenever you interact with our website. Non-personal identification information may include the browser name, the type of computer and technical information about the users means of connection to our website, such as the operating system and the Internet service providers utilised and other similar information. We may use information to understand how you, and our others as a group, use the services and resources provided on our website. This can help us optimise future user experience of our website. 

Web Browser Cookies

Cyber-Duck uses Cookies to personalise and enhance your experience and help us analyse web traffic. Please read our Cookie Policy for further information.

How We Protect Your Information

We understand that sharing your data with us is very personal. Cyber-Duck will protect your data and adopt appropriate data collection, security measures, storage and processing practices against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our website.

Who Has Access to Your Information?

We will not sell or rent your information to third parties. We will not share any of your personal information with third parties for marketing purposes.

Third party processors

We use third party processors who help us operate our business and website or administer activities on our behalf. As a data controller, we ensure our data processors, are GDPR compliant. All data is stored either in the EU or in the USA with Privacy Shield compliant data processors. This is something that we verify as an organisation. We will share your information with the following third parties if you have given us your permission and only for these purposes:

Third Party Name Data processing type Data and purpose Data processor security compliance
Mailchimp Email communication Collection of name, email address mandatory, other fields are optional. Fields available for email communication preference types. Compliant with the EU-U.S. Privacy Shield Framework under GDPR
People HR Applicant Tracking System Collect personal data relevant to current or future job roles. UK based - ISO27001 Accredited 
GDPR Compliant
Pipedrive CRM & Pipeline Management Collect name, contact and company details to engage with prospects and current clients. EU Customers data stored in Germany – GDPR Compliant
Eventbrite Event Management Collect data relevant to event communication, registration and management. Compliant with the EU-U.S. Privacy Shield Framework under GDPR


You will find content on the Cyber-Duck website that links to other websites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties who may be data processors. These websites and services may have their own privacy policies,  customer service policies, so we encourage you to read them.

Data Retention

For many of you, we will retain your data for as long as you remain engaged with Cyber-Duck. We will conduct regular data reviews then securely delete your data in line with legal guidelines and our own data retention policies as shown below:

Contact Type/Tag Retention Timeframe Criteria
Client T&C specific Clients can check specific terms and conditions within their contractual agreements
Prospect 3 years Prospect deleted after period of inactive engagement
Content Subscriber 3 years Subscriber deleted after period of inactive engagement
Associate - Friend of the business 7 years Individual data deleted after period of inactive engagement
Supplier 7 years Supplier deleted after period of inactive financial activity
Previous Staff 7 years Individuals data deleted after no additional contact
Human Resources 7 years Individuals data deleted after no additional contact
Applicants 7 years Applicant details deleted after no additional contact
Paper copies of CVs are securely destroyed after 1 year


Access rights to your information

You have rights regarding accessing, correcting or limiting how Cyber-Duck use or disclose information we hold about you.

Subject Access Requests (SAR):

You have the right to see what personal data we hold about you and for how long. To obtain a copy of this personal information, please email

Please put in the subject line: SUBJECT ACCESS REQUEST.

We will respond to any requests to access your personal information within 30 days. Requests will be processed free of charge unless the requests from one subject becomes excessive. We reserve the right to charge a fee if more than one request is received within a 12 month timeframe from a single individual. Requests for corrections to information will be dealt with within 21 calendar days from an electronic receipt of information from the data subject.

Your Acceptance of These Terms

By using this website, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our website, but we hope you will find our privacy policy to be fair and clear enough to continue being a user of the Cyber-Duck website.

Contact Us

If you have any questions about this Privacy Policy, data protection and practices, please contact us at:

12 High Street, Elstree
Herts, WD6 3EP, United Kingdom
+44 (0) 20 8953 0070

This document was last updated on the 31st of May 2018.