International Bureau of Ethical Hacking
Call: 012131 40315

iBeh.ai

012131 40315 contact@ibeh.ai

Privacy Policy

How iBeh.ai collects, uses, and protects your personal data in compliance with UK data protection laws

iBeh.ai - International Bureau of Ethical Hacking Ltd Last Updated: March 2026

1. Introduction

iBeh.ai ("we", "our", "us") is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, store, and protect your personal information when you visit our website, use our services, or interact with us. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

iBeh.ai is a company registered in England and Wales. We are registered with the Information Commissioner's Office (ICO) as a data controller.

Data Controller Contact Information:

Email: admin@ibeh.ai
Phone: 012131 40315
Postal: Data Protection Officer, Ibeh.ai Ltd,
67, 7 Rea, Digbeth
Birmingham
B12 0NJ
United Kingdom

2. What Personal Data We Collect

We may collect, use, store and transfer different kinds of personal data about you. We have grouped these as follows:

2.1 Identity Data

  • First name and last name
  • Job title and position
  • Company name
  • Username or similar identifier

2.2 Contact Data

  • Email address (work and personal)
  • Telephone numbers (work and mobile)
  • Business address

2.3 Technical Data

  • Internet Protocol (IP) address
  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform
  • Device information

2.4 Usage Data

  • Information about how you use our website and services
  • Pages viewed, page response times, download errors
  • Length of visits to certain pages

2.5 Communications Data

  • Your preferences in receiving communications from us
  • Correspondence sent via email, contact forms, or phone
  • Meeting schedules and consultation notes

3. How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

3.1 Direct Interactions

You may give us your Identity, Contact, and Communications Data by filling in forms, corresponding with us by email, phone, or otherwise. This includes personal data you provide when you:

  • Request a security consultation or assessment
  • Subscribe to our newsletter or updates
  • Request marketing materials to be sent to you
  • Enter a promotion or survey
  • Give us feedback or contact us

3.2 Automated Technologies or Interactions

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

3.3 Third Parties or Public Sources

We may receive personal data about you from various third parties and public sources including:

  • Analytics providers (such as Google Analytics)
  • Advertising networks
  • Search information providers
  • Publicly available sources (Companies House, etc.)

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Purpose Type of Data Lawful Basis
To provide our cybersecurity services to you Identity, Contact Performance of a contract
To process and respond to your enquiries Identity, Contact, Communications Legitimate interests
To send you security updates and threat intelligence Identity, Contact Consent / Legitimate interests
To improve our website and services Technical, Usage Legitimate interests
To comply with legal obligations Identity, Contact Legal obligation

5. Lawful Basis for Processing

Under UK GDPR, we will only process your personal data where we have a lawful basis. The lawful bases we rely on are:

  • Performance of a contract: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Consent: Where you have given us explicit consent to process your data for a specific purpose (such as marketing communications).
  • Legal obligation: Where we need to comply with a legal or regulatory obligation.

6. Cookies and Similar Technologies

Our website uses cookies to distinguish you from other users, provide a good experience, and improve our site. For detailed information about the cookies we use, please see our Cookie Policy.

7. Data Sharing and Disclosures

We may share your personal data with the following categories of recipients:

7.1 Service Providers

We may share your data with trusted third-party service providers who perform services on our behalf, such as:

  • IT and cloud service providers (for hosting and data storage)
  • Email service providers (for communications)
  • Analytics providers (to understand website usage)
  • Payment processors (if applicable)

7.2 Professional Advisers

We may share your data with professional advisers including lawyers, bankers, auditors, and insurers who provide professional services to us.

7.3 Regulatory Authorities

We may share your data with regulators and authorities such as the Information Commissioner's Office (ICO) when required by law.

7.4 Business Transfers

If we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

8. International Data Transfers

We may transfer your personal data to countries outside the UK. When we do, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transferring to countries that have been deemed to provide an adequate level of protection by the UK Government
  • Using specific contracts approved by the UK Government which give personal data the same protection as in the UK
  • Transferring to organizations that are part of the UK International Data Transfer Agreement (IDTA)

9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax and legal purposes.

11. Your Legal Rights

Under UK data protection law, you have the following rights:

  • Right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data (this policy).
  • Right of access: You have the right to obtain access to your personal data (subject access request).
  • Right to rectification: You are entitled to have your personal data corrected if it is inaccurate or incomplete.
  • Right to erasure (right to be forgotten): You can request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing: You have the right to 'block' or suppress processing of your personal data.
  • Right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
  • Right to object: You have the right to object to processing based on legitimate interests or direct marketing.
  • Rights related to automated decision making: You have rights in relation to automated decision making and profiling.

How to Exercise Your Rights:

To exercise any of your rights, please contact our Data Protection Officer at:

Email: admin@ibeh.ai
Postal: Data Protection Officer, Ibeh.ai Ltd,
67, 7 Rea, Digbeth
Birmingham
B12 0NJ
United Kingdom

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

12. Children's Privacy

Our website and services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

13. Third-Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

14. Changes to This Privacy Policy

We keep our privacy policy under regular review and may update it from time to time. Any changes we make to this policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this policy.

15. Complaints

If you have any concerns about our use of your personal data, you can make a complaint to us at admin@ibeh.ai.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

Website: https://ico.org.uk
Phone: 012131 40315

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

iBeh.ai is a trading name of International Bureau of Ethical Hacking Ltd, registered in England and Wales (Company Number: [Your Company Number]). Registered Office: Ibeh.ai Ltd,
67, 7 Rea, Digbeth
Birmingham
B12 0NJ
United Kingdom