Privacy Policy

Data Protection Commitment

We recognise privacy as a fundamental right and have implemented a comprehensive Information Security Management System [ISMS] aligned to ISO/IEC 27001:2022, including Annex A controls covering:

  • Threat intelligence
  • Information deletion
  • Data masking
  • Data leakage prevention
  • Secure coding
  • Monitoring and logging

Our ISMS supports GDPR compliance and provides you with transparency about the way your data is handled.

Information We Collect and How We Use It

We collect and process your personal data when you:

  • Submit contact forms
  • Provide feedback
  • Enquire via email or website

This data may include your name, email address, contact details, and any message content provided.

We use this information to:

  • Provide consultancy or contractual services
  • Maintain business relationships [clients, candidates, and users]
  • Respond to enquiries and deliver requested information
  • Send updates or communications, with the option to unsubscribe
  • Meet statutory and legal obligations [including tax or compliance]
  • Perform security monitoring, logging, and data retention in line with ISO 27001:2022 A.8.10 and A.8.15

We only process personal data where there is a lawful basis, including contractual obligation, legal requirement, consent, or legitimate interest.

Third-Party Disclosure and Data Handling

We may share data with third parties performing services on our behalf such as:

  • IT consultants and professional advisors
  • Research agencies or mailing houses
  • System maintenance and software testing partners

All third parties are contractually bound by confidentiality agreements and must meet information security controls per our ISMS, including supplier relationship management [A.5.21] and information security for the use of cloud services [A.5.23].

We may also release information where required by law or regulatory obligation.

Data Access and Retention

You have the right to:

  • Access your personal data
  • Request correction of inaccuracies
  • Request erasure [subject to retention obligations]
  • Object to or restrict processing

To submit a request, email us at info@tayfusion.com. We may verify your identity before fulfilling your request. We retain personal data only as long as necessary to meet legal, operational, or contractual obligations—such as financial/tax records for up to six years [A.8.10, A.5.33].

Privacy Policy Updates

This policy may be updated to reflect changes in legal, regulatory, or information security requirements. Any revisions will be posted prominently on our website. Your continued use of our services constitutes your acceptance of these changes.

Contact Us

If you have any questions or concerns about our data protection practices or information security posture, please contact us at info@tayfusion.com

Complaints and Contacting the Regulator

Any complaints regarding data protection should be emailed to our Data Protection Officer. If you feel that this has not been handled fairly or correctly then you have the right to put your complaint to the ICO. You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (please note we can't be responsible for the content of external websites). If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

Non-UK customers

By registering, placing an order or request with us you are expressly consenting to the processing of your data to fulfil your request. You still have the right to choose how you receive communications from us and we will of course respect your request. If you have any questions please contact the Data Protection Officer

Updated Sept 2025