← Back to Home

Privacy Policy

Last Updated: October 16, 2025

1. Introduction

TestCorp Ltd ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our registered office is located at Kingfisher House, 21-23 Elmfield Road, Bromley, Kent, BR1 1LT, United Kingdom.

2. Information We Collect

2.1 Information You Provide to Us

We may collect the following personal information when you use our services or contact us:

• Name and contact details (email address, phone number, postal address)
• Company name and business information
• Job title and professional information
• Information provided in enquiry or contact forms
• Details of services you are interested in or have contracted
• Billing and payment information (processed securely through third-party payment processors)

2.2 Information Collected During Security Testing

When providing penetration testing, red team operations, or security assessments, we may collect:

• Technical information about your systems and networks
• Vulnerability data and security findings
• System logs and network traffic data
• Access credentials provided for testing purposes (handled with strict confidentiality)
• Employee information relevant to social engineering assessments (with prior consent)

2.3 Information Collected Automatically

When you visit our website, we may automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on our website
• Referral source and clickstream data
• Cookies and similar tracking technologies (see our Cookie Policy)

3. How We Use Your Information

We process your personal data for the following purposes:

• Service Delivery: To provide security testing, penetration testing, red team operations, and consulting services
• Contract Performance: To fulfil our contractual obligations and manage client relationships
• Communication: To respond to enquiries, provide support, and send service-related communications
• Reporting: To prepare security assessment reports and recommendations
• Legal Compliance: To comply with legal obligations and regulatory requirements
• Business Operations: To improve our services, conduct internal analysis, and manage our business
• Marketing: To send relevant information about our services (only with your consent)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

• Contract: Processing necessary to perform our services under contract with you
• Consent: Where you have given explicit consent for specific processing activities
• Legitimate Interests: For our business operations, fraud prevention, and security purposes
• Legal Obligation: To comply with applicable laws and regulations

5. Data Retention

We retain your personal data only for as long as necessary:

• Client Data: For the duration of the contract plus 7 years for legal and accounting purposes
• Security Testing Data: Retained as specified in our engagement contracts, typically destroyed securely after report delivery unless otherwise agreed
• Marketing Data: Until you withdraw consent or request deletion
• Website Analytics: Typically 26 months or as specified in our Cookie Policy

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing of our own systems
• Secure data destruction procedures
• Employee training on data protection and confidentiality
• Incident response and breach notification procedures
• Physical security measures at our premises

7. Sharing Your Information

We do not sell your personal data. We may share your information with:

• Service Providers: Trusted third parties who assist in delivering our services (e.g., cloud hosting, payment processors)
• Professional Advisors: Lawyers, accountants, and auditors when necessary
• Law Enforcement: When required by law or to protect rights and safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets

All third parties are required to maintain appropriate security measures and use your data only as instructed.

8. International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK authorities
• Adequacy decisions recognising equivalent data protection standards
• Other mechanisms compliant with UK GDPR

9. Your Rights

Under UK GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Complain: Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise these rights, contact us at admin@testcorpltd.com

10. Cookies

Our website uses cookies to improve functionality and user experience. You can control cookie preferences through your browser settings. For detailed information, please see our Cookie Policy.

11. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date. Significant changes will be communicated directly to clients.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact:

TestCorp Ltd
Kingfisher House
21-23 Elmfield Road
Bromley, Kent
BR1 1LT
United Kingdom

Email: admin@testcorpltd.com
Phone: +44 203 9965998

14. Supervisory Authority

You have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: https://ico.org.uk
Helpline: 0303 123 1113