Privacy & Data Security Policy

Our Commitment

Aegis Bridge operates within the most sensitive sectors of global defence and intelligence. The protection of personal data is not merely a legal obligation — it is a fundamental component of our operational integrity. This policy explains what data we collect, why we collect it, how we protect it, and your rights under UK GDPR and the Data Protection Act 2018.

Aegis Bridge is the data controller for personal data collected through this website.

What Data We Collect and Why

We only collect data that is strictly necessary for responding to enquiries and coordinating services. When you submit the contact form, we collect:

• Full name — to address you correctly in correspondence.
• Work email address — to respond to your enquiry.
• Service requirement and additional information — to prepare a relevant and accurate quote.

The lawful basis for this processing is legitimate interests (UK GDPR Article 6(1)(f)): responding to a business enquiry you have initiated. We do not use your data for marketing without your explicit consent, and we do not sell or share your data with third parties for commercial purposes.

Security Architecture

Our data management systems are designed to withstand sophisticated threats. We implement multi-layered security measures proportionate to the sensitivity of the information we handle:

• Encryption: Data is encrypted in transit (TLS) and at rest using current industry standards.
• Access control: Personal data is accessible only to vetted personnel with a documented operational need.
• Operational security: Sensitive project data is handled within controlled environments as required by contract.
• Breach response: We maintain an incident response procedure and will notify the ICO and affected individuals within 72 hours of a notifiable breach.

How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Enquiry data is retained for a maximum of 24 months from the date of last contact, after which it is securely deleted. Data relating to active or completed contracts is retained in accordance with our contractual and regulatory obligations and destroyed securely on expiry of that retention period.

You may request deletion of your data at any time — see Section 05 below.

Your Rights

Under UK GDPR you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your data where there is no legitimate reason to continue holding it.
• Restriction — ask us to restrict processing in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interests.

To exercise any of these rights, or if you have any questions about how we handle your personal data, please contact us using the secure contact form. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO): ico.org.uk.

Cookies

This website does not use tracking cookies or third-party analytics. A session cookie is set temporarily when you submit the contact form solely to validate the request and prevent automated abuse. This cookie contains no personal data and expires at the end of your browser session.