Last Updated: 14th May 2025
Pensta Ltd (“we”, “our”, or “us”) is committed to protecting your privacy. This policy outlines how we collect, use, and safeguard your information when you use our website https://www.pensta.co.uk.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Pensta Ltd is a UK-registered cyber security company offering penetration testing and advisory services.
- Company Name: Pensta Ltd
- Website: https://www.pensta.co.uk
- Email: hello@pensta.co.uk
2. What Data We Collect
We may collect and process the following types of data:
- Contact Information (name, email address, phone number)
- Booking Details (meeting times, scope discussions via Microsoft Bookings)
- Form Responses (e.g. pre-engagement questionnaires via Microsoft Forms)
- Website Usage Data (via standard web logs or analytics tools)
- Email Correspondence (via Microsoft Office 365)
3. How We Collect Your Data
We collect data when you:
- Submit a form on our website (e.g. Microsoft Forms)
- Book a consultation via Microsoft Bookings
- Send us an email or contact us directly
- Visit our website (basic server logs)
4. How We Use Your Data
We use your data to:
- Respond to enquiries and provide requested services
- Arrange consultations and manage bookings
- Deliver penetration testing and advisory services
- Maintain internal records and legal compliance
We do not use your data for unsolicited marketing.
5. Lawful Basis for Processing
We process your personal data under the following legal grounds:
- Contractual necessity – to deliver services you’ve requested
- Legitimate interests – to improve services and respond to enquiries
- Legal obligation – to comply with laws and regulatory requirements
6. Where Your Data Is Stored
- Website hosting: DigitalOcean (UK/EU data centres)
- Bookings & Forms: Microsoft 365 services
- Email Storage: Microsoft Office 365
We ensure our suppliers provide appropriate safeguards for data protection and security.
7. Data Sharing
We do not sell or rent your data.
We may share your information with trusted suppliers (e.g. Microsoft) solely for the purposes listed above. All third-party processors are subject to appropriate data protection agreements.
8. How We Protect Your Data
We implement technical and organisational measures to keep your data secure, including:
- HTTPS encryption
- Secure hosting environments
- Strong access controls
- Limited retention periods
9. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Request correction or erasure
- Object to processing or request restriction
- Request data portability
- Withdraw consent (if applicable)
- Lodge a complaint with the Information Commissioner’s Office (ICO)
You can exercise your rights by contacting: hello@pensta.co.uk
10. Cookies
We may use minimal cookies to enhance site functionality. A full cookie notice will be shown if and when tracking cookies are introduced.
11. Retention of Data
We retain your data only as long as necessary for service delivery, legal obligations, and business purposes.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on this page.
13. Contact Us
If you have any questions or concerns about this policy or how your data is handled, please contact:
Michael Minchinton
Pensta Ltd
hello@pensta.co.uk