Privacy Policy

Summary

This website does not use cookies, analytics, advertising trackers, fingerprinting scripts or third-party submission services. There is no contact form. The only personal data the site touches are standard server access logs and the contents of any email you choose to send us.

1. Data controller

SECURE PATH LTD, 41 Devonshire Street, London W1G 7AJ, United Kingdom.
Companies House 16035181 · ICO registration C1895044.

For data protection enquiries: legal@securepath.biz (PGP encryption available — see Contact).

2. What this website processes

2.1 Server access logs

The web server records standard request metadata: the visitor's IP address, the HTTP user agent string, the timestamp and the URL requested. These logs exist solely to detect abuse, defend against attacks and produce aggregate, non-identifying traffic statistics.

2.2 Email correspondence

If you write to us at one of the published addresses, we receive your name, email address and the contents of your message on our own mail infrastructure. We do not enrich this data with third-party sources and we do not use it for marketing.

2.3 What we do not process

• No browser cookies of any kind.
• No web analytics (no Google Analytics, Plausible, Matomo, etc.).
• No advertising or behavioural tracking.
• No social media pixels, no embedded fonts hosted by third parties.
• No contact form, no form-handling third-party service.
• No content delivery networks profiling visitors.

3. Lawful basis

• Server logs — Article 6(1)(f) UK GDPR (legitimate interest in operational security and integrity of the service).
• Email correspondence — Article 6(1)(b) UK GDPR (steps taken at your request prior to entering into a contract) or 6(1)(f) (legitimate interest in replying to your enquiry), as applicable.
• Statutory or judicial correspondence — Article 6(1)(c) (legal obligation).

4. Retention

• Server access logs: 30 days, then automatically rotated and deleted.
• Email correspondence: kept for as long as the matter is open. Records may be archived under counsel's instructions if relevant to a contractual or judicial relationship; otherwise deleted within 24 months of the last interaction.

5. Recipients and processors

Personal data are accessed only by Secure Path Ltd personnel. The infrastructure (web server and mail server) is operated by Secure Path Ltd on its own platforms; no consumer cloud, no SaaS form provider and no analytics processor is engaged for this website.

6. International transfers

Web and mail infrastructure are operated within the United Kingdom and the European Economic Area. Any transfer outside this perimeter would be performed only under appropriate safeguards consistent with UK GDPR and the EU GDPR.

7. Your rights

Under UK GDPR you have the right to:

• request access to your personal data;
• request rectification of inaccurate data;
• request erasure ("right to be forgotten") where applicable;
• request restriction of processing;
• request data portability;
• object to processing based on legitimate interest.

Requests should be sent to legal@securepath.biz. We will reply within 30 days. You may also lodge a complaint with the Information Commissioner's Office (ico.org.uk).

8. Children

This website is intended for professional and institutional audiences. It is not directed to children and we do not knowingly process the personal data of minors.

9. Security

This site is served exclusively over TLS 1.3 with HSTS preload, strict Content-Security-Policy, and no third-party JavaScript. Server access is restricted to authenticated administrators on hardened infrastructure. A coordinated-disclosure channel is published at /.well-known/security.txt.

10. Changes to this policy

This policy is reviewed periodically. Material changes are reflected on this page, with the revision date below updated accordingly. The current version supersedes any previous version.