Last updated: 19 June 2026
1. Introduction
Aardwolf Security Ltd (“Aardwolf Security”, “we”, “us” or “our”) is committed to protecting your privacy. This policy explains what personal data we collect when you visit and use our website and blog at aardwolfsecurity.com, how we use it, the lawful bases we rely on, how long we keep it and the rights you have under data protection law.
This policy is about your use of our website. Where you engage us as a client for penetration testing, OSINT or other security services, any personal data involved in that work is handled under the separate engagement terms and data processing terms we agree with you, not under this website policy.
2. Who we are
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is:
Aardwolf Security Ltd
Registered office: Suite 20, 548-550 Elder House, Elder Gate, Milton Keynes, MK9 1LR
Company registration number: 09464876, registered in England and Wales
ICO registration reference: ZB262326
Email: contact@aardwolfsecurity.com
We are registered with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.
3. The personal data we collect through the website
Enquiries. When you contact us through a form on our website, by email or by telephone, we collect the information you provide. This typically includes your name, business name, email address, telephone number and the content of your message.
Technical data. When you visit the website, our servers and analytics automatically collect limited technical information, such as your IP address, browser type and version, device information, the pages you view and how you arrived at the site. This information helps us run the site, keep it secure and understand how it is used.
We do not collect more information than we need, and we do not knowingly collect special category data through the website.
4. Blog comments
If commenting is enabled and you leave a comment on our blog, we collect the information shown in the comment form, which is typically your name, email address, any website you choose to provide and the content of your comment. We also collect your IP address and browser user agent to help detect spam.
If you have a Gravatar account linked to your email address, an anonymised version of your email address (a hash) may be sent to the Gravatar service so it can display your profile picture alongside your comment. The Gravatar service is operated by Automattic and is subject to its own privacy policy. After your comment is approved, your profile picture and the comment are visible to the public.
You can ask us to remove a comment and its associated data at any time using the contact details below.
5. Embedded content from other websites
Articles or pages on our site may include embedded content, such as videos, images or posts from other websites. Embedded content from another website behaves in the same way as if you had visited that website directly. These other websites may collect data about you, use cookies, embed additional third party tracking and monitor your interaction with that content. We do not control those websites and recommend reviewing their privacy policies.
6. Lawful bases for processing
Under the UK GDPR we must have a lawful basis for processing your personal data. We rely on the following.
Legitimate interests. We process enquiry data, comment data and technical data where it is in our legitimate interests to respond to you, to run and secure our website, to moderate our blog and to understand how the site is used. Where we rely on legitimate interests, we have considered the impact on you and concluded that our use of the data is proportionate.
Consent. We rely on your consent for non-essential cookies and for any marketing communications. You can withdraw your consent at any time.
Legal obligation. We process some data where we are required to do so to comply with our legal obligations.
7. How we use your personal data
We use your personal data to respond to and manage your enquiries, to operate and maintain the website and blog, to moderate and publish comments, to keep the site and our systems secure, to understand and improve how the site is used, to comply with our legal obligations and, where you have agreed, to send you information about our services.
8. Sharing and disclosure
We do not sell your personal data. We share it only in the limited circumstances set out below.
We share data with trusted providers who support the website, which may include our website hosting provider, our analytics provider and, if used, a spam filtering service for blog comments. These providers process data on our instructions and under appropriate obligations.
We may disclose personal data where required by law, by a regulator or by a court, or where necessary to protect our rights, property or safety or those of others. If our business is sold or reorganised, data may be transferred to the relevant successor organisation, subject to the protections in this policy.
9. Data retention
We keep personal data only for as long as is necessary for the purposes for which it was collected. This reflects the storage limitation principle in the UK GDPR, which requires that personal data is not kept for longer than is needed. The periods set out below are based on that principle together with our legal, accounting and limitation obligations.
Enquiries that do not lead to a business relationship are kept for 24 months after your last contact with us, and are then deleted. We retain enquiry data for this period because enquiries in our sector often involve long decision cycles and recurring needs, such as annual security testing, and a prospective client may contact us again within that time. Where an enquiry leads to a business relationship, the related data is retained for the duration of that relationship and for up to six years afterwards. This six year period allows us to meet our accounting and tax obligations and to deal with any potential claims within the limitation period under the Limitation Act 1980, after which the data is securely deleted or anonymised.
Blog comments and their associated metadata are kept for as long as the relevant article remains published, and are removed sooner if you ask us to remove them.
Website analytics data is retained for no longer than 14 months. Server and security logs are kept for a short period, normally up to 90 days, unless we need to retain a specific log for longer to investigate a security incident.
When a retention period ends, we securely delete or anonymise the personal data so that it can no longer be associated with you.
10. Data security
We apply technical and organisational measures appropriate to the risk to protect personal data submitted through the website, including access controls and encryption of data in transit. No method of transmission or storage is completely secure, but we maintain measures designed to protect your data and review them regularly.
11. Cookies
Our website uses cookies and similar technologies. Cookies are small files placed on your device that help the site function and allow us to understand how it is used.
We use strictly necessary cookies that are required for the site to work. If you leave a comment on our blog, you may opt to save your name, email address and website in cookies so you do not have to fill them in again next time, and these last for a limited period. We may also use analytics cookies to measure how visitors use the site. Non-essential cookies are set only with your consent, which you give through our cookie banner and can change or withdraw at any time.
You can control and delete cookies through your browser settings. Disabling certain cookies may affect how the website functions.
12. Your rights
Under data protection law you have the right to be informed about how we use your data, the right of access to the data we hold about you, the right to rectification of inaccurate or incomplete data, the right to erasure in certain circumstances, the right to restrict processing in certain circumstances, the right to data portability, and the right to object to processing based on our legitimate interests and to direct marketing.
To exercise any of these rights, please contact us using the details below. We will respond within one month, which we may extend where a request is complex. There is normally no charge, although we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive.
13. Marketing
Where you have agreed, or where we are otherwise permitted to do so under the Privacy and Electronic Communications Regulations, we may send you information about our services. You can opt out at any time by using the unsubscribe link in our emails or by contacting us.
14. Third party links
Our website may contain links to third party websites. We are not responsible for the privacy practices or content of those sites, and we encourage you to read their privacy policies.
15. Children
Our website is directed at businesses and is not intended for children. We do not knowingly collect personal data relating to children.
16. Changes to this policy
We may update this policy from time to time. The current version will always be available on our website, and the date at the top shows when it was last revised. Where changes are significant we will take reasonable steps to bring them to your attention.
17. Contact us and complaints
If you have any questions about this policy or wish to exercise your rights, please contact us:
Aardwolf Security Ltd
Email: contact@aardwolfsecurity.com
Post: Suite 20, 548-550 Elder House, Elder Gate, Milton Keynes, MK9 1LR
We hope to resolve any concern you raise. You also have the right to lodge a complaint with the Information Commissioner’s Office, although we would appreciate the chance to address your concern first.
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk