Meridian Cyber Ltd ("Meridian Cyber", "we", "us", "our") is committed to protecting your privacy and handling personal data transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who we are
Meridian Cyber Ltd is a company registered in England and Wales, with registered office at [To be confirmed via Rapid Formations], London, United Kingdom. We operate a cybersecurity advisory practice with offices in London and Dubai.
For the purposes of the UK GDPR, Meridian Cyber Ltd is the data controller of the personal information we collect through our website and client engagements.
What information we collect
Information you provide
- Contact details submitted through enquiry forms (name, email, telephone, company)
- Newsletter subscription details
- Commercial information provided during engagement scoping
- Professional information exchanged during client mandates
Information collected automatically
- Technical data including IP address, browser type, device, operating system
- Usage data covering pages visited, time on site, referral source
- Cookie identifiers (see our Cookie Policy)
How we use your information
We process personal data for the following lawful purposes:
- Contract performance — to scope, deliver, and invoice client engagements
- Legitimate interests — to respond to enquiries, improve our services, and analyse website performance
- Consent — to send newsletters and marketing communications (where you have opted in)
- Legal obligation — to comply with regulatory and tax reporting requirements
Your rights under UK GDPR
You have the right to:
- Request access to the personal data we hold about you
- Request correction of inaccurate data
- Request erasure of your data (subject to retention obligations)
- Object to or restrict our processing
- Request data portability
- Withdraw consent at any time where processing is based on consent
- Lodge a complaint with the Information Commissioner's Office (ico.org.uk)
How we protect your data
We implement appropriate technical and organisational measures including encryption in transit, access controls, and regular security reviews. Engagement-related data is held in accordance with our internal security policies, which are aligned with ISO 27001 principles.
Data retention
We retain personal data only as long as necessary for the purposes for which it was collected. Enquiry data is typically held for 24 months; client engagement records are held for 7 years in accordance with UK tax and professional standards.
International transfers
Given our dual London and Dubai operations, some personal data may be transferred between the UK and the UAE. Such transfers are made under appropriate safeguards in accordance with UK GDPR Article 46.
Contact
For any privacy-related enquiries, to exercise any of your rights, or to raise a complaint, please contact privacy@meridiancyber.ai.