top of page

Privacy Policy

Privacy Policy

This privacy policy sets out how The Cyber Resilience Centre for Wales uses and protects any information that you give us when you use this website or otherwise interact with this organisation.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement.

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from January 2022.

What we collect

Where you correspond with us, any information included in your signature block or that is contained in the correspondence is collected by us so that we can reply to your correspondence, or contact you for the purposes of offering or arranging guidance.

We also collect the following information:

Name, business address, email address, telephone number, business sector, and company size

other information relevant to customer surveys and/or offers

We automatically receive this information when you sign up for membership via our website, and supplying this information for the purposes of us contacting you is a requirement of our free core membership.

We use an automated service to transfer your information from our website to our Marketing Platform and Client Relationship Management system. This allows us to automatically send you a welcome pack, free tools, and a regular newsletter. It also helps us to contact you within two business days of registration in order to establish if you have been affected by cyber-crime, and to check that you have received the welcome pack.

This automated service is provided by an external company named Mailchimp, and their privacy policy can be found here: Mailchimp Data Processing Addendum | Mailchimp.

Your data is also stored on our Client Relationship System (Salesforce) and our own WCRC internal records. Your data will not be shared with third parties unless you give us your specific consent.

We will not share your information with any other third party, unless you give us specific consent to do so.

WCRC will review your data at least every six months in order to confirm that it is correct and relevant to our core purposes. We will retain your data for either as long as you remain a member of WCRC, or until you request it to be deleted. You can terminate your membership or request deletion of your data at any time by emailing

By registering for membership, you agree to us sending you a welcome pack to your email address.

You also agree to receive a monthly newsletter from us via email.

You also agree for us to contact you by either telephone or email in order to check that you have received your welcome pack, and to offer you an appointment in order to discuss any concerns you have with regards to cyber-crime.

You can revoke your consent to any of the above at any time by emailing

If you post comments on our blog, or other interactive features on our website then your message will be visible to any web-site visitor. Your email address or personal information however will not be visible (unless you include that information in the message itself).

What we do with the information we gather

We require this information to understand your needs and to provide you with a better service, and in particular for the following reasons:


Providing you with the newsletters to which you have subscribed

Internal record keeping

To improve our products and services

Compliance with our legal obligations for example to demonstrate consent has been obtained to receive mailings from us


To provide services to you


If you contact us with a technical question about our website, then we may need to pass it to our technology suppliers




We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.


How we use cookies


A cookie is a small file which asks permission to be placed on your computer's hard drive. We use traffic log cookies to identify which pages of our website are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may however prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest however, once you have used these links to leave our site, you should note that we do not have any control over that other website therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Our basis for holding and using your data

If you have subscribed for newsletters from us, we only hold and use your personal data in line with the consent that you have given us.

There are also circumstances where we do not require your consent to hold or use your personal data.  This is where we can rely on what are called "legitimate interests".  This includes situations where we are in correspondence because either you or we are interested in obtaining professional services from each other on our own behalf, where one of us is the client of the other, where we are providing services to a client and you are in a collaboration with our client or are representing them, or where you are also providing services to our client.

You have a right to object to us holding or using your personal data for “legitimate interest”. You can raise any objections by contacting

You also have a right to request erasure of your personal data from our records, you can request this by contacting

Data that we acquire in relation to a client file will be retained in relation to that client file for a minimum of two years.  It will not be used for any other purpose and will not be shared with persons who are not associated with that client without your consent.

Data that is not acquired in relation to a specific client will be regularly reviewed and deleted when it is no longer relevant or of use.

Controlling your personal information

If you no longer wish to receive a newsletter or other information from us, simply click on the “unsubscribe” button on a copy of that newsletter or email us at specifying which newsletter or information you no longer wish to receive.

We will not sell, distribute or lease your personal information to third parties unless you give us your specific consent to do so.

You may request details of personal information which we hold about you under the Data Protection Act 2018. If you would like a copy of the information held on you, please email us at A charge may apply.

If you believe that any information, we are holding on you is incorrect or incomplete, please email us as soon as possible at

We will promptly correct any information found to be incorrect.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.


Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.


Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.


Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.


Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.


You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.


Please contact us at if you wish to make a request.


For full details of your rights covered under GDPR, please visit the ICO guidance page here:


How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline Number: 0303 123 1113 ICO


bottom of page