Last updated 31/03/2022


This policy covers the use of personal information that Cyjax collects when you visit this website and blog.

2 Who we are

Cyjax is a DigitalThreat Intelligence company.

Digital Threat Intelligence: We collect publicly available information from varying sources, enabling us to provide consultancy and advisory services to clients about the risks they face, and to ensure their critical assets are secured.

We do this through technologies designed to perform both automated and manual sourcing of threat intelligence information, alongside advanced analytic features that enable business entities to conduct analysis and generate outputs in the form of alerts, reports or data feeds.

Cyjax is dedicated to ensuring that all personal data is handled, stored and processed in compliance with statutory and regulatory requirements.

Our registered office is:  The Old Chapel, Union Way, Witney, Oxon, England, OX28 6HD

Cyjax is registered with the United Kingdom Information Commissioner’s Office (ICO) under reference ZA053004, as required by UK legislation.

2.1 EU Representative

As we do not have an establishment in the European Union (“EU”), we have appointed a representative based in Ireland, who you may contact if you are located in the EU to raise any issues or queries you may have relating to our processing of your Personal Data and/or this Privacy Notice.  Our EU representative is Data Protection Limited, located at 2 Pembroke House, 28-32 Upper Pembroke Street, Dublin, Ireland D02 EK84. Our EU representative can be contacted directly on 00 353 1 447 0402 or at

3  Collection of Personal data

We collect personal data from you for one or more of the following purposes:

  • To fulfil a contract that we have entered into with you or with the entity that you represent. In these circumstances it may be your entity, rather than yourself, that has provided us with your personal data.
  • To provide you with information that you have requested or that we think may be relevant to a subject you have demonstrated an interest.
  • To initiate a contract and/ or commercial transaction with you or the entity you represent for the purchase of one of our products.
  • To ensure the security and safe operation of our websites and underlying business infrastructure and understand visitors usage of our website.
  • To manage any communication between you and us.

As a visitor, you do not need to submit any personal information in order to use our website. Certain areas of the site allow you to provide us with personal information for purposes such as communicating with us, gaining access to view protected and secured content, or requesting communications about specific areas of interest.  When entering your details in the fields requested, you will be asked to select how we may contact you, thereby giving Cyjax consent to provide you with the information you require.

3.1Technical information

To ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:

  • Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
  • Your login information, browser type and version, time zone setting, browser plug-in types and versions.
  • Operating system and platform.
  • Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site.

Our cookies policy, which can be viewed below in section 11 of this document, describes in detail how we use cookies.

In section 8 below, we identify your rights in respect of the personal data that we collect and describe how you can exercise those rights.

4 Lawful basis for processing personal data

When you supply any personal information to us, we have legal obligations towards you in the way we use it. We will always ensure that whenever personal data processed, industry standards and legal requirements are maintained.

The table below describes the various forms of personal data we collect and the lawful basis for processing this data. We have processes in place to make sure that only those people in our organisation who need to access your data can do so. A number of data elements are collected for multiple purposes, as the table below shows.

When we process data on the lawful basis of legitimate interest, we apply the following test to determine whether it is appropriate:

The purpose test – is there a legitimate interest behind the processing?

Necessity test – is the processing necessary for that purpose?

Balancing test – is the legitimate interest overridden by the individual’s interests, rights, or freedoms?


Data collectedReason for collectionInformation categoryPurpose for collectionLawful basis for processingData shared withRetention period
Name, company name, job title and email addressTo provide access to the Digital Threat Intelligence PlatformUser credentialsTo create and provide access to the Digital Threat Intelligence PlatformContractual fulfilmentInternally and the business entity you are a member of1 month following end of contract
Names and physical business
-email address
-telephone number

Bank account and details/ payment information
Transactional/invoice informationTransaction/invoice detailsTo process payments for the Services provided to your organisation and to ensure any issues can be dealt with. For accounting, VAT and taxation purposesContractual fulfment

Statutory obligation
Internally only

Internally & professional advisors
7 years
Technical information  - IP addresses, login information (where applicable)SecuritySecurity informationTo protect our websites and infrastructure from attacks and threats.

To understand user behaviour on the website.

To enable trouble shooting.

To collect statistics of website usage
Legitimate interestsInternally12 months
Names, contact details  Communications and account servicingPersonal data -Contact information  To communicate with you regarding the service and new products.   Contractual obligationsInternally and HubSpot6 months following end of contract
Name, contact detailsMarketing and SalesPersonal data - contact informationTo communicate with you regarding our services and provide articles that we believe will be of interest with you. Legitimate interestsInternally and with HubSpot2 years

If you have consented to receiving marketing and content emails from us, your email address will be handled as detailed below:

4.2 Policy for handling marketing emails

  • Your email address will not be sold, leased or otherwise made available to another company.
  • All emails will be sent with technology that will not make your email address visible to other subscribers
  • When subscribing to our newsletters and content, you agree that your personal data (name and email address) must be stored in our system for email marketing (Mailchimp)
  • All of our emails contain a link where you can unsubscribe from any further newsletters. If you use this system, your personal data will be deleted from  the system for email marketing (Mailchimp) and we will stop processing this data for marketing purposes.
  • Your consent is valid until you unsubscribe, withdraw your consent by contacting Cyjax via email on

4.2 Further information

Cyjax has completed a Data Protection Impact Assessment of all data processing activities it undertakes as required by the GDPR, to ensure both that it has legal bases for processing the information, and that this is necessary and proportionate.

Everyone has the right to object to this processing and if you wish to do so, please see the section below titled “Your rights in relation to personal data”.

5 Security

Cyjax is a UK domiciled company with its main offices located in the UK.  The company dedicated to ensuring that all information is protected against unauthorised access, processed appropriately, and held securely in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018.

Our ISMS (information security management system) is certified to ISO/IEC 27001 demonstrating that we have the appropriate Framework in place to ensure that all our information assets and networks are secure.

All communications and data are secured using end-to-end encryption.

6 Storage

We will make every practical effort to store and process your information in the country in which it was submitted. However, some of our third-party suppliers may be based outside the UK and European Economic Area (EEA), so there may be instances when data is stored and transferred outside the UK or EEA. In the eventuality that data is transferred outside these areas, we have the following safeguards in place:

  • The country or relevant territory has an adequate level of protection as recognised by the Commission.
  • Specific contracts approved by the appropriate Commission which give your personal information the same protection it has as if it stayed in the UK or EEA along with effective data controls.
  • The third-party supplier has met our data security standards and is compliant with our information management security framework.
  • All data is encrypted both in transit, end to end and at rest.
  • Data is stored within defined retention periods and is regularly reviewed.

6.1 Third parties

We may disclose information to our carefully selected third-parties, such as chosen systems for marketing, data analytics and web hosting. If the third party processes data on our behalf, we will ensure that the processor is only entitled to process personal data to our specific instructions.

Our chosen third party providers are:

  • Google Analytics – Web Analytics
    • Google Analytics Privacy policy can be found here
  • HubSpot – Customer relationship, marketing and sales
    • Hubspot’s privacy policy can be found here .
  • Server services:
    • AWS – AWS Privacy Policy can be found
    • Dedicated servers in an N+2 facility that operates a strict physical access policy and maintains logical separation controls ensuring the confidentiality and integrity of Cyjax information.  The data centre has a second N+2 facility in a different geographical location that provides failover services to ensure availability of the information is maintained. Some of the geographical locations are outside the EEA.
  • Sage
    • Sage – Sage Privacy Policy can be found here.

7 Sharing

Any information you provide to Cyjax, or that Cyjax collects, will only be used within Cyjax. It will not be shared with any third parties for commercial gain, or sold.

The only other instances in which we would share this information is where we are obliged or permitted to by law, or consent has been given.

8 Your rights in relation to personal data

Under data protection laws in the European Union and the UK, you have certain rights in relation to your personal information. You have the right to:

  • the right to be informed about the collection and the use of their personal data
  • the right to access personal data and supplementary information
  • the right to have inaccurate personal data rectified, or completed if it is incomplete
  • the right to erasure (to be forgotten) in certain circumstances
  • the right to restrict processing in certain circumstances
  • the right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services
  • the right to cease/object to processing in certain circumstances
  • rights in relation to automated decision making and profiling
  • the right to withdraw consent at any time (where relevant)
  • the right to complain to the Information Commissioner
  • Withdraw your consent at any time by contacting

A full list of your rights under the General Data Protection Regulation (GDPR) is available on the Information Commissioner’s Office (ICO) website.

We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. If this is the case, we will write to you to explain the reasons why.

9 Access to your personal information

If you are located in the UK and wish to request a copy of the personal information Cyjax holds about you, please email our Privacy Team at

If you are based in the EU, you can make a data request via our EU Representative here or via email at .

Requests will be acknowledged within three working days, with the final response and disclosure of information (subject to exemptions) within 30 calendar days.

10 Rectifying, restricting, objecting to processing of, or erasure of your personal information

To exercise your right to rectify, restrict, object to processing of, or erase the personal information Cyjax holds about you, please contact us at or our EU Representative as detailed above.

A ‘cease processing request’ from an individual will be acknowledged immediately with an automatic email response stating that Cyjax intends to comply with the request.

For information on the Privacy and Electronic Communications (EC Directive) Regulations 2003, General Data Protection Regulation (GDPR), Data Protection Act 2018 and the Information Commissioner’s Office, please follow this link:

11  Cookie Policy

11.1  How cookies are used by Cyjax

Cyjax usesCookies to help us improve the usability of our website.

11.2  Website

The type of information gathered relates to the amount of time spent on the website and the pages visited. No personal information is held and cookies cannot be used to identify you.

When you view our website for the first time from a new device, you will see the following message pop up:

“This website uses cookies for analytics and to ensure that you get the best experience on our website. Learn more.”

In order to consent you are required to click the ‘Accept’ button.

Cookies are used to improve services for you. For example by:

  • Enabling a service to recognise your device so you do not have to give the same information several times during one task
  • Measuring how many people are using services to make them easier to use and to ensure there is enough capacity for them to function quickly
  • Analysing data to help us understand how you use our services so we can improve them.

Cookies are stored in the computer’s memory only during your browsing session and are automatically deleted from your computer when the browser is closed.

These cookies usually store a session ID that is not personally identifiable to users, allowing you to move from page to page without having to log in repeatedly.

Session cookies are never written on the hard drive and they do not collect any information from your computer. Session cookies expire at the end of your browser session and are no longer accessible after the session has been inactive for a specified length of time, usually 20 minutes.

11.3  Hubspot cookies

Type of cookieCookie nameTypical contentExpiry
Essential/necessaryhs-messages-is-openThis cookie is used on the visitor UI side so HubSpot can determine/save whether the chat widget is open for future visits. It resets after 30 minutes to re-close the widget after 30 minutes of inactivity.
It contains a boolean value of True if present.
30 minutes
Essential/necessaryhs-messages-hide-welcome-messageWhen you dismiss the welcome message in your messages tool, a cookie is set to prevent it from appearing again for one day.
It contains a boolean value of True or False
1 day
Chatflow cookieMessagesUtkThis is the cookie used for the chatflows tool. If you’re a visitor, this allows you to chat with a representative on the site.13 months
Marketing/analytics_hstcThe main cookie for tracking visitors.
It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
13 months
Marketing/analyticshubspotutkThis cookie keeps track of a you. It is passed to HubSpot on form submission and used when deduplicating contacts.
It contains an opaque GUID to represent the current visitor.
13 months
Marketing/ analytics_hsscThis cookie keeps track of sessions.
This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.

It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
30 minutes
Marketing/analytics_hssrcWhenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.
If this cookie does not exist when HubSpot manages cookies, it is considered a new session.

It contains the value “1” when present.
End of session

11.4 Google analytics

Type of cookieCookie nameTypical contentExpiry
Marketing/ analytics_ga
Google analytics tracking which helps distinguish users and create reports about site visitors, their behaviours and journey on our website2 years
one session
1 day
Marketing/ analytics_gat_gtag_UAStores unique user ID for logging on to the Cyjax platform1 minutes

11.5 Our platforms

Type of cookieCookie namePurpose and typical contentExpiry
Essential/ necessaryXSRF_TOKENSecurity cookie to prevent cross site scripting attacks2 hours after session closes
Essential/ necessaryCyber_check_sessionRequired to authenticate you session2 hours after session closes
FunctionalPHPSSESSIDThe cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. On closure of session

11.6 Other websites

We sometimes have links to other websites, but these websites are not under our control.  Therefore we will not be liable for any issues arising in connection with their use of your information, the website content or the services offered to you by these websites.   For further information on these websites, you should consult their Privacy and Cookie policies.

11.7 How to opt out of cookies

Our website works better with cookies enabled. Our cookies do not give us or anyone else access to your personal data. We advise you to keep cookies enabled. However, you can choose to reject them.

You can use your browser to delete and reject cookies. Please see the links below for instructions on how to delete cookies and how to control cookies.

11.8  Disclaimer

As far as is reasonably possible, Cyjax will ensure that information provided on this website is accurate. We cannot accept any liability whatsoever for omission or error. Equally, as we regularly virus-check materials, we cannot accept any responsibility for any disruption or damage that may occur during use of this website.

Links to other websites included on this website do not imply any endorsement, validation or responsibility by Cyjax as to the content or privacy policies of such sites. We cannot guarantee that these links will work all of the time and we have no control over the availability of the linked pages.

12  How to contact us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to…