Privacy Notice
How Strontian Ltd collects, uses, and protects your personal data.
1. Who we are
Strontian Ltd is a UK-registered company providing cybersecurity and information security advisory services. For the purposes of UK data protection law, Strontian Ltd is the data controller of personal data collected through this website and in the course of delivering our services.
Contact: info@strontian.ltd
2. What data we collect
We collect only the data you provide to us directly:
- Contact form: name, company, email address, area of interest, message, and how you heard about us.
- Cyber Health Check intake form: name, company, email address, role, trigger for the engagement, description of your situation, current tools and documents, and any deadline.
- Direct emails: any information you send to info@strontian.ltd.
We do not collect sensitive personal data (special category data) through this website. We do not run web analytics, advertising trackers, or third-party scripts that collect behavioural data.
3. How we use your data
| Purpose | Data used | Lawful basis (UK GDPR) |
|---|---|---|
| Responding to enquiries submitted via the contact form | Contact form fields | Legitimate interest (responding to business enquiries) |
| Scoping and delivering the Cyber Health Check | Intake form fields | Performance of a contract / steps prior to entering a contract |
| Sending an invoice or payment link | Name, company, email | Performance of a contract |
| Maintaining records of engagements and communications | All provided data | Legitimate interest (business administration, legal claims) |
4. Who we share your data with
We use the following service providers who may process personal data on our behalf:
- Netlify, Inc. (USA) — hosts the website and processes form submissions.
- Stripe, Inc. (USA) — payment processing (when payment links are used).
- Email provider — your data may pass through our email infrastructure when you contact us or we respond.
We do not sell, rent, or trade personal data. We do not share your data with third parties for their own marketing purposes.
5. International transfers
Some of our service providers (Netlify, Stripe) are based in the United States. Where personal data is transferred outside the UK, we rely on the UK International Data Transfer Agreement (IDTA) or the EU–US Data Privacy Framework (where the provider is certified). Stripe and Netlify each maintain appropriate safeguards — their current certifications and transfer mechanisms are available on their respective websites.
6. Data retention
We retain personal data only as long as necessary for the purpose it was collected:
- Enquiry data (no engagement): deleted 12 months after the last communication.
- Client engagement data: retained for 6 years after the engagement ends (to meet professional indemnity and HMRC record-keeping obligations).
- Payment records: retained for 6 years per HMRC requirements.
7. Your rights
Under UK GDPR, you have the right to:
- Access your personal data (subject access request).
- Rectify inaccurate or incomplete data.
- Erase your data (the "right to be forgotten") where no lawful basis for continued processing exists.
- Restrict processing in certain circumstances.
- Data portability — receive your data in a structured, machine-readable format.
- Object to processing based on legitimate interests.
To exercise any of these rights, email info@strontian.ltd. We will respond within one calendar month. We may ask for proof of identity before acting on a request.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been mishandled.
8. Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. This includes using HTTPS, minimising data collection, and restricting access to personal data to the sole director of Strontian Ltd.
9. Changes to this notice
This notice will be reviewed at least annually. Material changes will be noted on this page with an updated date.
10. Contact
For any questions about this privacy notice or how we handle your data, contact Lee Johnson at info@strontian.ltd.