Skip to content Skip to search Skip to footer

Privacy Policy

How we protect and respect your data

At Cyber-Duck your data is as important to us as it is to you, so we will protect and respect your privacy at all times. We comply with the EU General Data Protection (GDPR) and the UK Data Protection Act 2018. Please read this Privacy Policy carefully as it describes when and why we collect personal information when you visit our website, how we use your data, how we keep it secure, and when we would disclose it to third parties.

We may make changes to this policy from time to time, such as complying with legislation updates or company policy.

How We Collect and Use Personal Data

We may obtain personal data directly from you in a variety of ways as indicated below. We only collect this data when you voluntarily submit such information to us for any of the following reasons:

Prospect Enquiries

Via our web enquiry form, you may submit details including name, email address and telephone number. Additional information may be supplied voluntarily that will help us engage with your enquiry on a more personal level. If you are a business prospect, we will add your data to a customer relationship management (CRM) record if you provided a business card to any of the Cyber-Duck business development team.

When you provide your personal details to us they will be stored securely. We may use your information to conduct communications with you on a legitimate interest basis for the purposes of developing a business relationship, unless you have unsubscribed.

Newsletters and Events

You may choose to opt-in to other types of communication when completing Newsletter Subscription or Contact Us forms on our website. These communications may include quarterly digital news or invitations to events. 

Subscribers unsubscribe at any time by using links provided in these emails. We will also add your data to a CRM record if you’ve provided our team with business cards at events and workshops, as part of our legitimate business interests with you, we may use this data to invite you to similar events in the future. Any issues with managing subscriptions or data can be quickly brought to our attention by contacting

Careers and job applications

In relation to your personal data, we will:

  • process it fairly, lawfully and in a clear, transparent way
  • collect your data only for reasons that we find proper for the course of your employment in ways that have been explained to you
  • only use it in the way that we have told you about
  • ensure it is correct and up to date
  • keep your data for only as long as we need it
  • process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed.
We hold many types of data about you, including
  • your personal details including your name, and contact details
  • information included on your CV including references, education history and employment history

We collect data about you in a variety of ways including the information you would normally include in a CV or a job application cover letter, or notes made by our recruiting officers during a recruitment interview. Personal data is kept in personnel files or within the Company’s HR and IT systems.

The law on data protection allows us to process your data for certain reasons only:

  • In order to perform the employment contract that we are party to
  • In order to carry out legally required duties
  • In order for us to carry out our legitimate interests
  • To protect your interests and
  • Where something is done in the public interest.

All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first three reasons set out above to process your data.


We may gather your personal identification information (full name, email address) in connection with downloading resources (e.g. UX Handbook) or attending events (e.g. The Future of Drupal Webinar) that we make available on our website. We will collect personal identification information only if you’ve voluntarily submitted such information to us, either by completing the form or using LinkedIn authentication.

You can decline to supply personal identification information, except that it may prevent us from providing you with this gated content download. In exchange for downloading these products or attending these events of value, you will receive quarterly digital news and event invitations from the Cyber-Duck team. But, you can unsubscribe using the links in these newsletters at any time. 

Non-personal identification data

We may collect non-personal identification information whenever you interact with our website. Non-personal identification information may include the browser name, the type of computer and technical information about the users means of connection to our website, such as the operating system and the Internet service providers utilised and other similar information. We may use information to understand how you, and our others as a group, use the services and resources provided on our website. This can help us optimise future user experience of our website.


Who we classify as a legitimate interest subscriber
In light of GDPR, we have reviewed our subscriber list and determined whether we have a Legitimate Interest in maintaining contact with some subscribers or contacts. You may be so for one of the following reasons:

  • You are currently or have been a client of Cyber-Duck
  • You’ve expressed an interest in our service previously as a prospect
  • You’ve requested to hear more about our company via email
  • You’re a friend of the business or a close associate
  • You work for a university or an academic institution that works with Cyber-Duck
  • You supply services to Cyber-Duck
  • You currently work at Cyber-Duck
  • You have downloaded a product or attended an event of value by Cyber-Duck

We consider each of the above as good reason to continue contacting you in the future. Under GDPR, this is known as a Legitimate Interest and we believe there is a mutual and genuine interest in you hearing from Cyber-Duck going forward.

We do not share our database and our subscribers’ data with any third party without the specific consent of our subscribers.  

What do we send our subscribers and when?

  • Quarterly newsletters - We will normally only contact you on a quarterly basis (4 times per year) with relevant information and news about Cyber-Duck, trends in your industry, or in relation to one of our events.
  • Ongoing updates - We will contact you with relevant content based on your previous or current engagement with Cyber-Duck.
  • Client bulletins – These are for clients only and include important service level agreement (SLA) announcements as well as technology, security information and any other important updates that impact our service to you.
  • Events – Intermittently we may hold client workshops, webinars or events that could be useful for your CPD and training that may benefit you or your colleagues. Once you show interest in an event, we will send you reminders.

How we store and process your information

All your information is stored securely in our CRM and email system, Pipedrive and AutoPilot

How we send out electronic communication

We will normally email you everything, but we may call or send you an SMS message if you are attending an event or Cyber-Duck party.

How to change your preferences

If you disagree with our assessment of legitimate interest in your case, you can change your preferences at any time. You can unsubscribe from our mailing list by clicking the unsubscribe button in your email correspondence from us.

Alternatively, you can get in touch with our team to learn more about how we manage your data, as well as what data we collect and hold, by contacting us at We will also be able to update your preferences.

Web Browser Cookies

Cyber-Duck uses Cookies to personalise and enhance your experience and help us analyse web traffic. Please read our Cookie Policy for further information.

How We Protect Your Information

We understand that sharing your data with us is very personal. Cyber-Duck will protect your data and adopt appropriate data collection, security measures, storage and processing practices against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our website.

Who Has Access to Your Information?

We will not sell or rent your information to third parties. We will not share any of your personal information with third parties for marketing purposes.

Third party processors

We use third party processors who help us operate our business and website or administer activities on our behalf. As a data controller, we ensure our data processors, are GDPR compliant. All data is stored either in the EU or in the USA with Privacy Shield compliant data processors. This is something that we verify as an organisation. We will share your information with the following third parties if you have given us your permission and only for these purposes:

Third Party Name Data processing type Data and purpose Data processor security compliance
Pipedrive CRM & Pipeline Management Collect name, contact and company details to engage with prospects and current clients. EU Customers data stored in Germany – GDPR Compliant
Eventbrite Event Management Collect data relevant to event communication, registration and management. Compliant with the EU-U.S. Privacy Shield Framework under GDPR



Survey Management Collect survey responses if a participant provides their responses or personal details. Certified and complies with the EU-U.S. Privacy Shield Framework.


Meeting and Webinar Software Store contact details of those who have signed up to join a webinar. Certified and complies with the EU-U.S. Privacy Shield Framework.


Marketing Automation Software Store and send emails according to contact tags. Self-Certified and complies with the EU - U.S. Privacy Shield Framework.


Recruitment ATS Store and manage applicant data.  Customer data stored in the EU/EEA - GDPR Compliant


Survey Management Collect survey responses if a participant provides their responses or personal details. Servers protected by AWS.


You will find content on the Cyber-Duck website that links to other websites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties who may be data processors. These websites and services may have their own privacy policies,  customer service policies, so we encourage you to read them.

Data Retention

For many of you, we will retain your data for as long as you remain engaged with Cyber-Duck. We will conduct regular data reviews then securely delete your data in line with legal guidelines and our own data retention policies as shown below:

Contact Type/Tag Retention Timeframe Criteria
Client T&C specific Clients can check specific terms and conditions within their contractual agreements
Prospect 3 years Prospect deleted after period of inactive engagement
Content Subscriber 3 years Subscriber deleted after period of inactive engagement
Associate - Friend of the business 7 years Individual data deleted after period of inactive engagement
Supplier 7 years Supplier deleted after period of inactive financial activity
Previous Staff 7 years Individuals data deleted after no additional contact
Human Resources 7 years Individuals data deleted after no additional contact
Applicants 7 years Applicant details deleted after no additional contact
Paper copies of CVs are securely destroyed after 1 year


Access rights to your information

You have rights regarding accessing, correcting or limiting how Cyber-Duck use or disclose information we hold about you.

Subject Access Requests (SAR):

You have the right to see what personal data we hold about you and for how long. To obtain a copy of this personal information, please email

Please put in the subject line: SUBJECT ACCESS REQUEST.

We will respond to any requests to access your personal information within 30 days. Requests will be processed free of charge unless the requests from one subject becomes excessive. We reserve the right to charge a fee if more than one request is received within a 12 month timeframe from a single individual. Requests for corrections to information will be dealt with within 21 calendar days from an electronic receipt of information from the data subject.

Your Acceptance of These Terms

By using this website, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our website, but we hope you will find our privacy policy to be fair and clear enough to continue being a user of the Cyber-Duck website.

Contact Us

If you have any questions about this Privacy Policy, data protection and practices, please contact us at:

12 High Street, Elstree
Herts, WD6 3EP, United Kingdom
+44 (0) 20 8953 0070

This document was last updated on the 26th of March 2021.