Privacy Policy

Introduction

Rexon Consulting Ltd (“Rexon Cyber”, “we”, “our”, “us”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and share data when you interact with our website, services, and communications.

We process all personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.


Who We Are

Data Controller: Rexon Consulting Ltd

Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

Company Number: 14664394

Email: [email protected]


Information We Collect

We may collect and process the following types of data:

  • Identity Data: name, job title, company, and contact details.
  • Contact Data: email address, phone number, and business address.
  • Technical Data: IP address, browser type, device information, and cookies.
  • Usage Data: pages visited, time spent on site, and referral sources.
  • Communication Data: enquiries, messages, or correspondence sent to us.

We do not intentionally collect sensitive personal data unless absolutely necessary for a specific engagement and with explicit consent.


How We Use Your Information

Your personal data is used for the following purposes:

  • To respond to enquiries and provide requested services.
  • To manage client relationships and contracts.
  • To deliver marketing updates (with consent).
  • To improve our website, services, and communications.
  • To meet legal, regulatory, or security obligations.

Lawful Bases for Processing

We rely on one or more of the following lawful bases:

  • Consent – where you have given clear permission.
  • Contractual necessity – to perform obligations under a contract.
  • Legal obligation – to comply with applicable law.
  • Legitimate interest – to operate and improve our business responsibly.

How We Store and Protect Data

All personal data is securely stored using encrypted systems and access-controlled environments.

We apply robust technical and organisational measures aligned with ISO 27001 and NIST CSF principles, including:

  • Encryption of data in transit and at rest.
  • Role-based access control and MFA.
  • Regular vulnerability assessments and monitoring.

Data Sharing and Disclosure

We do not sell or trade personal data.

We may share data only with:

  • Trusted third-party service providers (e.g., cloud hosting, analytics, CRM).
  • Regulators, auditors, or law enforcement when legally required.
  • Partners assisting in project delivery under strict confidentiality terms.

All suppliers are vetted and bound by data-processing agreements ensuring GDPR compliance.


Data Retention

We retain personal data only as long as necessary for the purposes collected, or as required by law or regulation.

Client data is typically retained for up to 7 years after contract completion unless otherwise agreed.


International Transfers

Where data is transferred outside the UK, we ensure appropriate safeguards, such as:

  • UK Adequacy Regulations; or
  • Standard Contractual Clauses (SCCs) approved by the ICO.

Your Data Rights

Under UK GDPR, you have the right to:

  • Access your personal data.
  • Request correction or erasure.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.
  • Lodge a complaint with the Information Commissioner’s Office (ICO).

ICO Website: https://ico.org.uk

Requests can be made by emailing [email protected].


Changes to This Policy

This Privacy Policy is reviewed annually and updated as required to remain compliant.

Effective Date: October 2025

Next Review: October 2026