Cyber. Transformation. AI. - Delivered

Company86 (C86) Privacy Policy 

Last updated: 6 January 2026 
Scope: This Privacy Policy applies to www.c86.tech, any microsites we operate, online forms, marketing communications, and personal data processed when we deliver our services globally.  

 

  1. Who we are and how to contact us

Company86 Ltd (C86, we, us, our) is a professional services firm specialising in Cyber Security, IT Transformation, and Artificial Intelligence. We serve clients worldwide and maintain offices in the United Kingdom and the United States. 

For the activities described in this policy, C86 is the data controller. In some engagements we act as a data processor on behalf of our customers, in which case we follow their documented instructions under a data processing agreement. Identifying the controller and any processor roles is an ICO requirement under the right to be informed.  

  • Privacy contact: Data Protection Officer Cheryl Martin  privacy@c86.tech 
  • Postal address: 5 Fleet Place, London, United Kingdom, EC4M 7RD 
  • Supervisory authority: UK Information Commissioner’s Office (ICO). You have the right to lodge a complaint with the ICO if you believe your data is being processed unlawfully.   

We aim to respond promptly and to resolve concerns directly wherever possible. 

  1. What personal data we collect

We collect different types of personal data depending on how you interact with us. The categories below follow Articles 13 and 14 of UK GDPR and reflect ICO guidance on what notices should disclose.  

2.1 Website and marketing interactions 

  • Identifiers and contact details: your name, business email, phone number, company name, job title when you subscribe or get in touch. 
  • Technical and usage data: IP address, browser type, device information, pages visited, time on page, referral source, and cookie identifiers. This helps us operate and safeguard the site and understand which content is useful. 
  • Marketing preferences: your subscription choices, opt-ins or opt-outs, and interests you share with us. 

2.2 Forms and event registrations 

  • Information submitted through contact forms, consultation requests, RFPs, newsletter signups, webinars and events. This typically includes business contact details and any message content you provide so we can respond. 

2.3 Professional services 

  • Client stakeholder data: business contact details, role, communications, meeting notes, and deliverables. We use these to plan and deliver engagements and keep appropriate records. 
  • Service data: depending on the engagement, this may include logs, configuration data, incident or vulnerability information, and related documentation. Where we process customer provided personal data, we do so under the client’s instructions as their processor. 

2.4 Recruitment and HR 

  • If you apply for a role or work for C86, we process applicant and employee data via our secure HR platform.  

 

  1. Why we use your data and our lawful bases

We only process personal data where we have a lawful basis under UK GDPR. The ICO recommends making a clear link between each purpose and the specific lawful basis relied upon.  

 

Purpose 

How we use your data 

Operate, secure, and improve our website 

We run and protect www.c86.tech, troubleshoot issues, measure performance, and manage cookie consent 

Respond to enquiries 

We process contact form submissions, schedule consultations, and provide requested information 

Sales and marketing 

We send updates, thought leadership, invitations and service information 

Deliver professional services 

We plan and deliver engagements, manage stakeholders, and create and share deliverables 

Governance, risk, and compliance 

We maintain records, manage risk, carry out security monitoring, and handle legal claims 

 

We do not use automated decision making or profiling that produces legal or similarly significant effects.  

 

  1. How we collect your data
  • Directly from you. When you visit our site, complete a form, subscribe to marketing, or work with us in a project. 
  • From your employer or colleagues. When they share your details with us for project delivery or stakeholder coordination. 
  • From public or business sources. Professional profiles, company websites, or event lists relevant to business to business outreach. Where we obtain personal data from sources other than you. 

 

  1. Who we share your data with

We only share personal data as needed for the purposes described. 

  • Service providers. We use Microsoft 365 services, including SharePoint and Exchange, for collaboration and storage; Salesforce for CRM; a SaaS HR platform; and trusted IT and security vendors. These providers act as processors under our instructions and contractual safeguards. 
  • Professional advisors. Legal, accounting and insurance providers who support our governance and risk management. 
  • Regulators or law enforcement. When required by law. 
  • Engagement partners and subcontractors. Only where necessary for delivery and subject to appropriate contracts. 

We do not sell your personal data to third parties. 

 

  1. Thirdparty processors

We rely on carefully selected processors to help us operate our business efficiently and securely. 

  • Microsoft 365. Used for document storage, email and collaboration. Data is protected through encryption and access controls. 
  • Salesforce CRM. Used to manage customer relationships, pipeline, and marketing preferences. Salesforce acts as a processor and operates under Binding Corporate Rules for processors and contractual transfer mechanisms, providing an established privacy framework for international operations.  
  • Xero HR. Used to process applicant and employee data. 
  • Security and infrastructure providers. Hosting, CDN, DDoS protection, email security and similar services. 

All processors are subject to data processing agreements that require appropriate technical and organisational measures and restrict their use of personal data to our instructions.  

 

  1. International data transfers

We operate globally and may transfer personal data outside the UK or EEA, including to our US operation. When we make international transfers, we implement appropriate safeguards. 

We also apply security measures such as encryption and access controls. These safeguards are designed to ensure your data receives a level of protection similar to UK GDPR and EU GDPR requirements.  

 

  1. How we protect your data

We take security seriously and use layered controls to keep data safe. 

  • Technical measures. Encryption in transit and at rest on core platforms; multifactor access; least privilege permissions; logging and monitoring. 
  • Organisational measures. Policies, training, supplier due diligence, and change management designed to reduce risk. 
  • Continuous improvement. Vulnerability management and periodic reviews of our controls and supplier posture. 

 

  1. How long we keep your data

We retain personal data only for as long as needed for the purposes collected, then delete or anonymise it securely. 

  • Enquiries and marketing. We keep details until you unsubscribe or for up to 24 months of inactivity. 
  • Engagement records and deliverables. We keep data for the contract term plus a period required for legal, audit and professional obligations.  
  • Security logs. Retained for short rolling periods unless needed for investigation. 

Retention periods are reviewed regularly and updated where necessary.  

 

  1. Cookies and similar technologies

Our website uses cookies to make the site work and to improve your experience. Nonessential cookies are only set with your consent.  

Your controls: On your first visit you will see a banner that allows you to accept or reject nonessential cookies. You can change or withdraw consent at any time using the cookie settings link in our footer. 

10.1 Cookie categories 

  • Strictly necessary. Required for core functionality, security and remembering consent choices. 
  • Analytics. Help us understand how visitors use our site so we can improve it. 
  • Functional. Remember preferences such as language where applicable. 
  • Marketing. Provide insights and attribution for our marketing channels. 

10.2 Our website cookies 

The table below lists the cookies used on our website: 

Cookie name 

Provider or domain 

Purpose 

Type 

Duration 

_ga 

c86.tech or .google.com 

Distinguishes unique users across sessions 

Analytics, first party 

2 years 

_ga_<container-id> 

c86.tech or .google.com 

Stores session level data for Google Analytics GA4 

Analytics, first party 

2 years 

_gid 

c86.tech or .google.com 

Identifies sessions for analytics 

Analytics, first party 

24 hours 

session_id 

c86.tech 

Maintains user session for navigation and forms 

Strictly necessary 

Browser session 

cookie_consent 

c86.tech 

Remembers your cookie consent preferences 

Strictly necessary 

12 months 

LinkedInInsightCookie 

linkedin.com 

Tracks visits from LinkedIn for attribution and audience insights 

Marketing, third party 

Up to 6 months 

 

If you block cookies at the browser level, strictly necessary features may not work as expected. 

 

  1. Your rights

Subject to applicable law, you have the right to: 

  • Access the personal data we hold about you. 
  • Rectify inaccurate or incomplete data. 
  • Erase your data in certain circumstances. 
  • Restrict how we use your data, for example during a dispute. 
  • Object to processing, particularly where we rely on legitimate interests or for direct marketing. 
  • Data portability for data you have provided to us. 
  • Withdraw consent at any time where consent is our lawful basis. This does not affect the lawfulness of processing before you withdrew it. 

These rights reflect the ICO checklist for the right to be informed and standard UK GDPR rights. We will respond within one month and may request information to verify your identity. To exercise your rights, contact privacy@c86.tech 

 

  1. Children’s data

Our services and site are intended for business users. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us so we can address the situation promptly. 

 

  1. Complaints

We hope to resolve any concerns directly. You can contact us at privacy@c86.tech. You also have the right to complain to the ICO. Guidance on how to raise concerns and the ICO’s role is available on the ICO website. 

 

  1. Updates to this policy

We review and update this policy periodically. If we plan to use personal data for a new purpose, we will update the policy and communicate changes before starting the new processing.  

 

  1. Automateddecision makingand profiling 

We do not carry out automated decision making or profiling that produces legal or similarly significant effects on individuals.  

 

At Company 86, we combine decades of real-world experience in Cybersecurity, Digital Transformation, and Advanced AI implementation to drive measurable results for our clients.

Linkedin-in

Useful Links

Our Services

Contact us

Copyright 2025, C86 Tech All Rights Reserved.
C86
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.