Stenward
Services Process Book a call
← Back to site Legal

Privacy Policy

Last updated · June 2026

On this page
1 · Who we are 2 · Information we collect 3 · How we use it 4 · Lawful bases 5 · Sharing 6 · Retention 7 · International transfers 8 · Your rights 9 · Cookies 10 · Changes 11 · Contact

This policy explains how Stenward collects, uses and protects personal information when you visit our website, enquire about our services, or work with us. We keep it deliberately plain — the same way we work.

1 · Who we are

Stenward is an information security consultancy providing senior-led ISO 27001 implementation and related services to technology companies. For the purposes of UK and EU data protection law, Stenward is the data controller for the personal information described in this policy.

Replace the bracketed details before going live: registered company name & number, registered address, and ICO registration reference.

2 · Information we collect

We only collect what we need to respond to you and deliver our work:

  • Contact details — your name, work email, company and anything you choose to tell us when you book a call or email us.
  • Engagement information — details about your organisation and environment shared with us during a project, so we can scope and deliver the work.
  • Technical data — basic, privacy-respecting analytics about how the website is used (pages visited, approximate region, device type).

We do not collect special category data through this website, and we ask that you do not send confidential security evidence by email.

3 · How we use your information

  • To respond to enquiries and arrange introductory calls.
  • To deliver, manage and improve the services you engage us for.
  • To send service-related communications you would reasonably expect.
  • To meet our own legal, accounting and contractual obligations.

We do not sell your information, and we do not use it for automated decision-making.

4 · Lawful bases

Under UK GDPR we rely on:

  • Legitimate interests — to respond to enquiries and run our business, balanced against your rights.
  • Contract — to deliver the services you have engaged us for.
  • Legal obligation — where we are required to retain or disclose information by law.
  • Consent — where you have opted in, for example to non-essential cookies. You can withdraw consent at any time.

5 · Sharing your information

We share personal information only where necessary: with trusted service providers who help us operate (for example, email, scheduling and hosting), all bound by appropriate data protection terms; and where required by law. We never sell or rent your data.

6 · Data retention

We keep personal information only as long as needed for the purpose it was collected, then delete or anonymise it. Enquiry correspondence is typically held for up to 24 months; engagement records are held for the duration of the contract and for as long as we are legally required to retain them afterwards.

7 · International transfers

Some of our providers may process data outside the UK or EEA. Where that happens, we ensure an appropriate safeguard is in place — such as UK adequacy regulations or the International Data Transfer Agreement — so your information remains protected.

8 · Your rights

You have the right to access, correct, delete or restrict the use of your personal information, to object to certain processing, and to data portability. To exercise any of these, email us at the address below. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

9 · Cookies

We use a small number of essential cookies to make the site work, and — only with your consent — privacy-respecting analytics to understand how it is used. You can control or clear cookies through your browser settings at any time.

10 · Changes to this policy

We may update this policy from time to time. When we do, we will revise the date at the top of this page and, where changes are material, make it clear on the site.

11 · Contact us

For any privacy question or to exercise your rights, contact us at info@stenward.com. We aim to respond within 30 days.

Stenward

Information security,
on your terms.

© 2026 Stenward. All rights reserved.

Services
  • ISO 27001 Implementation
  • Gap Analysis
  • ISMS Maintenance
  • Internal Audit
  • Questionnaire Response
  • Awareness Training
Company
  • The Offer
  • Client Outcomes
  • Contact
  • Privacy Policy
Contact
  • Book a call
  • info@stenward.com
  • LinkedIn