Privacy Policy

Privacy Policy

Last Updated: May 2026

Website:
https://drspeffle.co.uk

Author:
Dr Steph Rudd

  1. INTRODUCTION

Dr Speffle Cyber Resilience Ltd (“DSCR”, “we”, “us”, or “our”) is committed to protecting the privacy and security of personal information.

This website publishes research, working papers, publications, professional commentary, and information relating to enterprise architecture, operational resilience, dependency mapping, transformation risk, governance, and organisational resilience.

This Privacy Policy explains what information we collect, how it is used, and the rights available to individuals under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

  1. INFORMATION WE COLLECT

2.1 Information You Provide

We may collect information that you voluntarily provide, including:

• Name
• Email address
• Contact details
• Information contained within enquiries or correspondence

2.2 Technical Information

When visiting the website, limited technical information may be collected automatically, including:

• IP address
• Browser type
• Device information
• Pages viewed
• Referring website information
• Security and system logs

This information is collected primarily for website operation, security, and performance monitoring.

  1. HOW WE USE INFORMATION

Information may be used for:

• Responding to enquiries
• Communicating regarding research, publications, or professional engagements
• Maintaining website security
• Preventing fraud, abuse, or malicious activity
• Improving website performance and usability
• Meeting legal and regulatory obligations

We do not sell, rent, or trade personal information.

  1. LAWFUL BASIS FOR PROCESSING

Where personal information is processed, we rely upon one or more of the following lawful bases:

• Legitimate Interests
• Consent
• Contractual Necessity
• Legal Obligation

The lawful basis applied depends upon the nature of the interaction and information provided.

  1. ANALYTICS

Where analytics technologies are enabled, they are used solely to understand website usage and improve content and visitor experience.

Analytics data is not used for advertising, behavioural profiling, or marketing purposes.

Where required, analytics technologies operate only with user consent.

  1. DATA SHARING

Information may be processed by carefully selected service providers supporting website hosting, security, analytics, or administrative functions.

We do not sell personal information to third parties.

Information may be disclosed where required by law, regulation, court order, or lawful authority.

  1. DATA RETENTION

Personal information is retained only for as long as reasonably necessary to fulfil the purpose for which it was collected, meet legal obligations, resolve disputes, or maintain appropriate records.

Retention periods vary depending upon the nature of the information and the purpose of processing.

  1. INFORMATION SECURITY

Reasonable technical and organisational measures are implemented to protect information against unauthorised access, disclosure, alteration, or destruction.

These measures may include:

• Encryption
• Secure hosting
• Access controls
• Security monitoring
• Software maintenance and updates

No method of transmission or storage can be guaranteed to be completely secure. However, appropriate safeguards are maintained in accordance with good practice.

  1. YOUR RIGHTS

Subject to applicable law, you may have the right to:

• Access personal information
• Correct inaccurate information
• Request deletion
• Restrict processing
• Object to processing
• Withdraw consent
• Request data portability

Requests may be submitted using the contact details below.

  1. EXTERNAL LINKS

This website may contain links to third-party websites, publications, repositories, social media platforms, or external resources.

DSCR is not responsible for the content, security, or privacy practices of third-party websites.

  1. CHANGES TO THIS POLICY

This Privacy Policy may be updated periodically to reflect changes in legal requirements, website functionality, or organisational practices.

The “Last Updated” date will indicate the most recent revision.

  1. CONTACT

Questions regarding this Privacy Policy may be directed to the Contact page.