Back to Home

Legal & Privacy

Decimus Group operates on a Minimal-Persistence data model. As a cybersecurity firm, our priority is the reduction of the digital attack surface-both for ourselves and our clients.

1. Data Minimisation & Website Analytics

Our website is a static informational gateway.

  • Tracking

    We do not use marketing cookies, tracking pixels, or invasive analytics.

  • Infrastructure Statistics

    We utilize industry-standard performance and security infrastructure to protect our site. These services may collect aggregated, non-identifiable technical data to ensure site stability and defend against automated attacks. No personally identifiable information (PII) is harvested during this process.

2. Third-Party Infrastructure

To maintain high-availability and enterprise-grade security, we utilise Tier-1 external service providers for business operations.

  • Communication

    Email and voice communications are facilitated via encrypted, enterprise-level cloud service and telecommunications providers.

  • Scheduling

    Meeting coordination is managed via vetted third-party platforms compliant with international security standards. By interacting with our contact channels, you acknowledge that your information is processed within these secured third-party environments. We do not host these services on our local infrastructure.

3. Data Retention Policy

We do not store technical client data longer than is strictly necessary for the execution of a request.

  • Inquiries

    Correspondence that does not lead to a formal engagement is purged from our systems within 30 days.

  • Technical Data

    All project-specific logs, scan results, and raw technical data are permanently deleted upon the conclusion of the contract and final settlement.

  • Legal Records

    We retain essential business and legal documentation (such as signed contracts, Statements of Work, and Proof of Completion letters) as required by UK law for professional indemnity and accounting purposes.

4. Hardware & Data Sanitisation

Technical services are conducted using specialized, isolated hardware environments. Following the conclusion of a project, all storage media undergo forensic-level sanitisation. We utilize NIST-compliant data erasure protocols to ensure that all project-specific information is irretrievable. This ensures that no residual client data remains on our systems after a project is closed.

5. Your Rights

Under UK Data Protection law, you have the right to request access to, or the erasure of, your personal data, subject to legal requirements. Given our minimal-persistence policy, our holdings are typically limited to essential business records. Requests can be sent to: [email protected].

6. Statutory Information

Decimus Group Ltd is a private limited company registered in England and Wales.

  • Company Number: 16939872
  • Registered Office: 20 Wenlock Road, London, England, N1 7GU