Manchester: 0161 797 8123

London: 0207 438 2045

Manchester: 0161 797 8123

London: 0207 438 2045

Privacy Policy


Related pages


CY4OR Legal Limited, operating as CYFOR, are a digital forensics, eDiscovery, cyber security and corporate investigations service provider with company number 06295131 and registered office at 7 St Petersgate, Stockport, Cheshire, SK1 1EB.

CYFOR are a data controller registered with the Information Commissioner’s Office with registration number Z7719845. This means that we collect, hold and are responsible for certain personal data. We are committed to protecting and respecting your privacy and personal data; this is our Privacy Notice which explains how we obtain, use and keep your personal data safe.

Your personal data is data which by itself or with other data available to us can be used to identify you. We are committed to keeping your personal information safe in accordance with applicable data protection laws.


What information we collect about you

Information you provide voluntarily – In the course of contacting CYFOR and using our services, consulting with our teams, sending us an email, or communicating with us in any way, you are voluntarily giving us information that we collect. That information may include either your name, email address, phone number, postal address, in addition to other details that may include location, occupation or other information of a demographic nature. In supplying this information, you consent to this information being collected, used, disclosed, transferred to CYFOR affiliates and stored by us, as described in our Terms and this Privacy Policy.

Information we automatically collect – When you browse one of our websites ( and, send an enquiry via our contact form or contact email, or interact with an email that we send to you, we may collect information about your web browsing and use of the site or platform. This may include details of your operating system, location, IP address, browser ID, browsing activity, and other information about how you interacted with CYFOR. We may collect this information through the use of cookies or other tracking technologies. We use this information to help improve our website or monitor the performance of our marketing campaigns.

Information from elsewhere – CYFOR may obtain information about you from information freely available on legal and law firm websites, third parties, such as public databases, social media platforms and third-party data providers. Examples of the information we may receive from other sources include email addresses, telephone numbers, postal addresses, location, and demographic information. We may use this information, alone or in combination with other information described above, to develop or provide more relevant services or provide more relevant marketing and content to you.

Public information & third-party sites – CYFOR websites include social media features (either hosted by a third party or hosted directly on our website), which may collect information about your IP address and which page you are visiting. The feature may set a cookie to make sure the feature functions properly. We also maintain presences on social media platforms including Facebook, Twitter, and LinkedIn. Your interactions with these platforms are governed by the privacy policies of the companies that provide them. Anything you submit to CYFOR via a social media platform is done so at your own risk without any expectation of privacy.

Further, any comments or information you supply on any CYFOR blog can be read, used or collected by anyone. If your information appears in our blog pages and you want it removed, contact our Marketing department:

Our website may also contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over other websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. We accept no responsibility or liability for such other websites. You should exercise caution when entering personal information online and look at the privacy statement applicable to the website in question.


How your information will be used

We process information collected via these web sites for the purposes of:

  • Identifying potential customers or subscribers;
  • Providing you with the services that you have subscribed to or registered for;
  • Dealing with your requests and enquiries;
  • Carrying out customer and marketing research;
  • Providing you with information about products and services offered by CYFOR.

We do not sell information collected through these sites or use your information for any other purposes than those stated above.

Your information will be added to our systems and applied to cases that we are handling, and to engage in communications and correspond with you over the status and progress of a case we are handling. Your information may also be used to keep in touch for marketing purposes, such as informative newsletters and potential business opportunities.

We will always respect your privacy and will only use your information for specified and lawful purposes as provided for under the General Data Protection Regulation (GDPR). We will use and handle your information responsibly and will take all appropriate organisational and technical measures to safeguard your information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.


Data relating to others

In the course of providing our professional services to you, we may process data, on your behalf, or for your client, which may contain personal data. This will be afforded the necessary safeguards to prevent it from accidental or unlawful loss, disclosure, access, alteration or destruction.

When we are provided with data relating to others, you must ensure that you are legally permitted to share this with us and you should ensure that those individuals understand how their data will be processed by us.


Who we might share your information with

Your information may be shared with relevant personnel within CYFOR whom require access for legitimate business purposes, and, with CYFOR clients for business referral purposes.

We may, depending on the nature of the matter and the work involved, have to share your, or your clients, personal data with other third parties and they may also share the personal data they hold about you, or your client, with us; this may include:

  • legal counsel, counsel’s clerks and/or other experts to obtain advice and/or assistance on your matter;
  • the other parties (including their legal representatives) involved in your matter;
  • courts, tribunals, arbitrators and/or mediators where we are acting for you in a dispute and/or litigation;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
  • if in our reasonable opinion disclosure is required in relation to any criminal investigation or prosecution or permitted by law or applicable regulation;
  • third-party service providers contracted to CYFOR in the course of dealing with you to include contractors and couriers.

If we have to pass your sensitive personal data onto a third party we will only do so once we have obtained your, or your clients, consent. Where we are legally obliged to provide data without consent you will be informed.

We require all third parties with whom your data is shared to respect the security and integrity of your personal data and to treat it in accordance with the law. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you. When they no longer need your data to fulfil this service, they will dispose of the details in line with CYFOR’s procedures.


Lawful basis for processing 

We will only process your, or your client’s, personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • if it is necessary for our performance of a contract with you, or for us to take steps prior to entering into a contract with you;
  • if it is necessary for the purposes of our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests;
  • where we need to comply with a legal or regulatory obligation.


What measures do we have in place to keep your data secure?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those members of staff and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We will hold your personal data on secure servers within the EEA with all reasonable technological and operational measures to safeguard unauthorised access.

If we provide you with a username and password which enables you to access certain parts of our systems, you are responsible for keeping such log-in details confidential.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


How long we will keep your information

We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including:

  • for the purposes of satisfying any legal, accounting and/or reporting requirements;
  • to carry out the legal work under our retainer;
  • to investigate and defend any complaints and/or legal claims alleged and/or made against us (such as professional negligence claims);
  • to comply with our legal obligations.


International Transfers

CYFOR does not routinely transfer personal information outside of the European Economic Area (EEA), however, should the need to do so arise we will contact you in advance to seek your consent for a transfer to take place. We will also ensure that where such transfers are carried out they are done so using secure methods that offer sufficient assurances and guarantees that your data is afforded the necessary safeguards to prevent it from accidental or unlawful loss, disclosure, access, alteration or destruction.


Your rights

You may request access to the personal information which we hold about you under Article 15 of the GDPR, to do so requests must be made in writing (to the addresses specified below) and we may require you to provide valid forms of identification in order to process your request.

Additionally, if you wish to exercise any of your rights under GDPR, such as where you believe any information we hold about you is incorrect, inaccurate or incomplete, where you wish to restrict or object to processing, or, if you are dissatisfied with the way in which CYFOR has used your information in any way you can report the matter to our Data Protection Officer (DPO) at PO BOX 439, Bury, BL8 9AG, or email:

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the ICO, the UK supervisory authority for data protection issues. Further details can be found at or by calling 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.



Contact us

London: 0207 438 2045

Manchester: 0161 797 8123

Manchester: 0161 797 8123

London: 0207 438 2045

Related pages

Contact us

London: 0207 438 2045

Manchester: 0161 797 8123

Manchester: 0161 797 8123

London: 0207 438 2045

Feel free to send us an enquiry

  • This field is for validation purposes and should be left unchanged.

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the new General Data Protection Regulation (GDPR) act, 2018.