Privacy Policy

Privacy policy effective date: 22 September 2025

Harpoon Consulting Ltd (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website and our services.

1. Who We Are

Harpoon Consulting Ltd is a cybersecurity consultancy registered in the UK.

Registered address

Harpoon Consulting
Level 37,
1 Canada Square,
Canary Wharf,
London,
E14 5AA

2. Information We Collect

We may collect and process the following information about you:

• Information you provide directly
  • When you fill out forms on our website (to subscribe to our newsletter, request a brochure, download a checklist, or book a consultation call).
  • Your name, email address, phone number (where provided), and any additional details you include in your message.
• Information collected automatically
  • We use Google Analytics to collect information about how visitors use our site, including pages visited, time spent, and actions taken (such as completing a form). This helps us understand and improve user experience.
  • This data is anonymised and does not directly identify you.
• Email interactions
  • If you subscribe to our mailing list, we use MailerLite to store your details and send you communications. MailerLite also tracks engagement (such as whether emails are opened or links are clicked).

3. How We Use Your Information

We use your personal data to:

• Provide the information, services, or resources you request.
• Send you newsletters, updates, or marketing materials (where you have consented).
• Improve our website and understand visitor behaviour using analytics.
• Manage and respond to enquiries and bookings.
• Comply with any legal obligations.

4. Legal Basis for Processing

We rely on the following lawful bases under the UK GDPR:

• Consent – for sending newsletters and marketing emails.
• Legitimate interests – for improving our website through analytics and managing business enquiries.
• Contract – when processing your data to deliver a service you have requested.
• Legal obligation – when required to comply with applicable laws.

5. How We Share Your Data

We do not sell or trade your personal data. We may share it with:

• Service providers:
  • IONOS (website hosting, based in the UK/EU).
  • Google Analytics (web analytics, with servers located worldwide).
  • MailerLite (email marketing platform, with servers located in the EU).
• Authorities: if required to comply with legal or regulatory obligations.

6. Data Retention

We only retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, including legal, accounting, or reporting requirements.

You may unsubscribe from our newsletter at any time, and your contact details will be deleted from our mailing list.

7. Your Rights

Under UK data protection law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your data (“right to be forgotten”).
• Restrict or object to the processing of your data.
• Withdraw consent where processing is based on consent (e.g. newsletters).
• Lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise any of these rights, please contact us.

8. Security

We take appropriate technical and organisational measures to safeguard your data. However, no online transmission or storage system can be guaranteed to be completely secure.

9. Cookies

Our website uses cookies to enhance your browsing experience and to enable Google Analytics. You can manage cookie preferences through your browser settings. See our cookie policy for more information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.