Legal

Privacy Policy

Last updated: July 2026

BlackTrace Operations is committed to protecting your privacy and handling personal data responsibly and transparently. This Privacy Policy explains how we collect, use, and protect personal data in the course of operating our website, responding to enquiries, conducting business development, and providing our professional services.

Who We Are

BlackTrace Operations provides professional security consultancy and testing services. We are based in the United Kingdom. For the purposes of applicable data protection legislation, BlackTrace Operations is the data controller for personal data that we collect and process in connection with our website, communications, business activities, and professional services.

What Data We Collect

We may collect and process the following personal data:

  • Name
  • Organisation
  • Email address
  • Job title or role
  • Information included in messages or enquiries submitted via our contact form
  • Business contact details obtained from publicly available sources (such as company websites and professional networking platforms)
  • Basic technical information (such as IP address and browser type) collected automatically by our website platform

We do not collect sensitive personal data unless it is voluntarily provided as part of an enquiry.

How We Collect Data

Personal data is collected when you submit an enquiry via the contact form, contact us directly by email, or interact with the website via standard analytics and hosting logs. We may also collect business contact details from publicly available sources — such as company websites, professional networking platforms, and industry directories — where we believe our services may be relevant to your organisation.

Why We Use Your Data

We use personal data to respond to enquiries and communications, assess whether our services may be appropriate for your requirements, conduct business discussions and engagement scoping, and maintain the security and operation of our website.

We may also use business contact details to send relevant, targeted business-to-business communications introducing our services to organisations we believe may benefit from them. These communications are sent to corporate contacts in a professional capacity, are limited in volume, and always include a clear and simple way to opt out. If you ask us to stop contacting you, we will do so promptly.

We do not sell personal data, send consumer marketing, or carry out automated profiling.

Legal Basis for Processing

We process personal data under one or more of the following lawful bases:

Legitimate interests — where processing is necessary for our legitimate business interests, including responding to communications, conducting business discussions, developing relevant professional and commercial relationships, maintaining the security and operation of our business, and conducting proportionate business-to-business outreach.

Contractual necessity — where processing is necessary to take steps in connection with a potential contract or to support the delivery of an agreed professional engagement.

Consent — where we specifically request and obtain your consent for a particular purpose.

Legal obligations — where processing is necessary for us to comply with applicable legal or regulatory requirements.

Where we rely on legitimate interests for business-to-business communications, we consider the necessity and proportionality of the processing and balance our interests against your rights and reasonable expectations as a professional contact. We honour all objections to direct marketing.

How We Store and Protect Data

Personal data is stored securely using reputable service providers, including our website platform and email systems. We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. Access to personal data is restricted to BlackTrace Operations only.

Data Sharing

We do not sell, rent, or trade personal data. Personal data may be processed by trusted third-party service providers (such as website hosting or email services) solely for operational purposes. These providers are required to handle data securely and in accordance with applicable data protection laws.

Data Retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected or processed, or where required by law.

Enquiry and engagement-related information may be retained for a reasonable period for follow-up, business administration, professional record keeping, and legal purposes.

Professional contact information used for business development is periodically reviewed and will not be retained for direct marketing purposes where it is no longer relevant or reasonably necessary.

Where an individual objects to direct marketing, we may retain limited information on a suppression list solely to ensure that their preference is respected and that they are not contacted again for that purpose.

Your Rights

Under UK data protection law, you have the right to request access to the personal data we hold about you, request correction of inaccurate or incomplete data, request deletion of your personal data, and object to or restrict certain types of processing. You have an absolute right to object to receiving direct marketing from us at any time — if you object, we will stop contacting you for that purpose immediately. Requests can be made by contacting us using the details below, or by replying to any communication you receive from us.

You also have the right to lodge a complaint with the Information Commissioner's Office if you have concerns about how your personal data has been handled.

Contact

If you have any questions about this Privacy Policy or how we handle personal data, contact us at: info@blacktraceops.com

Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in our practices or legal obligations. The most recent version will always be available on this website.