Privacy Policy

VORTX Group (“VORTX”, “we”, “us”) provides cyber risk advisory and capability structuring services to executive teams, boards and general counsel. References in this policy to our website mean the site published at vortx-group.com.

For any privacy matter, you can reach us at info@vortx-group.com.

We collect only what is reasonably necessary to respond to enquiries, deliver engagements, and maintain a secure website. This may include:

• Information you submit through the discovery form: name, company, role, email address and the message you share with us.
• Information exchanged in subsequent email or telephone correspondence relating to a potential or active engagement.
• Limited technical information collected automatically when you visit the site, such as IP address, device type, browser, referrer and the pages you view.

We use the information you provide to:

• respond to your enquiry and arrange a discovery conversation;
• assess whether an engagement is appropriate and prepare proportionate proposals;
• communicate with you during the course of an active engagement;
• maintain proper business records and meet our legal, regulatory and professional obligations;
• understand how the website is used so that we can keep it functional, accurate and secure.

We do not sell personal data. We do not use your information for unrelated marketing purposes without your consent.

Where the UK GDPR applies, we rely on the following lawful bases:

• Legitimate interests: to respond to enquiries, run our business, and protect the integrity and security of our systems.
• Contract: where processing is necessary to take steps at your request prior to entering into a contract, or to perform a contract with you or your organisation.
• Legal obligation: where we are required to retain or disclose information to meet statutory, regulatory or professional requirements.
• Consent: where you have given clear consent, for example to optional analytics or marketing communications, which you may withdraw at any time.

Our website uses a small set of cookies to maintain core functionality. Where analytics tools are used, they are configured to minimise the personal data collected. Full detail is available in our Cookie Policy.

We do not share your personal information with third parties except where it is necessary to deliver a service you have requested, where we are legally required to do so, or where you have consented. Any processor acting on our behalf is bound by appropriate confidentiality and security commitments.

We hold personal information only for as long as is necessary for the purposes set out in this policy, including legitimate business, regulatory, tax and professional record-keeping requirements. When information is no longer required, it is securely deleted or anonymised.

We apply organisational and technical measures appropriate to the sensitivity of the work we perform, including access controls, secure transmission, and disciplined handling of client information. While no system can be entirely free of risk, security is treated as a fundamental part of how we operate.

Under UK GDPR you have a number of rights in relation to your personal data, including the right to:

• request access to the information we hold about you;
• request correction of inaccurate or incomplete information;
• request erasure of your information where there is no good reason for us to continue to process it;
• object to processing based on legitimate interests;
• request restriction of processing in certain circumstances;
• request portability of your data;
• withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, please contact info@vortx-group.com. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

Where personal information is processed outside the United Kingdom, we ensure appropriate safeguards are in place in line with UK data protection requirements.

We may update this policy from time to time to reflect changes in our operations or the legal environment. Material changes will be reflected by an updated effective date at the top of the page.

This policy and any matter relating to it is governed by the laws of England and Wales.