Privacy Policy

Viper Offensive Security Ltd is a cybersecurity company registered in both the UK and Estonia:

• –Registered in England & Wales (UK company registration)
• –Registered in Estonia (EU company registration)
• –Operating base: Netherlands

Registered address (UK):

Operating contact: info@viper-offsec.com

Website: https://www.viper-offsec.com

As a company with a presence in both the UK and the EU (Estonia, Netherlands), we are subject to both UK GDPR (as retained in UK law post-Brexit) and EU GDPR (Regulation 2016/679).

We collect personal data only when you voluntarily provide it through our contact form at viper-offsec.com/contact.

Data collected via the contact form:

• –Full name
• –Email address
• –Company or protocol name
• –Type of engagement and scope description
• –Optional: timeline and budget range

We do not use cookies, tracking pixels, analytics scripts, or any third-party data collection on this website. No data is collected passively from visitors.

We process your contact form data for the following purposes, each with a legal basis under UK GDPR Article 6 and EU GDPR Article 6:

Responding to your enquiry
Legal basis: Legitimate interests (Article 6(1)(f)) — we have a legitimate interest in communicating with prospective clients who contact us directly.

Fulfilling a contracted engagement
Legal basis: Contract performance (Article 6(1)(b)) — where an engagement is agreed, processing your data is necessary to deliver the contracted service.

We do not process your data for marketing, profiling, or any purpose beyond responding to your enquiry and delivering contracted work.

Enquiry data (contact form submissions that do not lead to an engagement) is retained for a maximum of 12 months, then deleted.

Engagement data (data related to a contracted project) is retained for 5 years from project completion, in line with professional services record-keeping requirements under UK, Dutch, and Estonian law.

You may request deletion at any time — see Your Rights below.

We do not sell, rent, or share your personal data with third parties for their own purposes.

Your data may be processed by the following categories of service provider acting as data processors on our behalf:

• –Email service provider (for receiving and responding to contact form submissions)
• –Secure document storage (for delivering audit reports and engagement materials)

All processors are contractually required to process data only on our instructions and in compliance with UK GDPR and EU GDPR.

Cross-border transfers: As we operate across the UK, the Netherlands, and Estonia, your data may be processed within these jurisdictions. The UK and EU maintain mutual adequacy arrangements. We do not transfer data to countries outside the UK or EEA without appropriate safeguards.

Under UK GDPR and EU GDPR, you have the following rights:

• –Right of access — Request a copy of personal data we hold.
• –Right to rectification — Request correction of inaccurate data.
• –Right to erasure — Request deletion of your data, subject to legal retention obligations.
• –Right to restriction — Request restricted processing in certain circumstances.
• –Right to object — Object to processing based on legitimate interests.
• –Right to data portability — Request your data in a structured, machine-readable format.

To exercise any of these rights, email info@viper-offsec.com. We will respond within 30 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with your relevant supervisory authority:

• –UK — Information Commissioner’s Office (ICO) — ico.org.uk
• –Netherlands — Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl
• –Estonia — Andmekaitse Inspektsioon (AKI) — aki.ee

Viper Offensive Security Ltd

info@viper-offsec.com

https://www.viper-offsec.com