GDPR overview

• Legal >
• Privacy and cookies >
• GDPR overview

This section gives a steady, practical overview of how we approach data protection and GDPR at Cultrix.

It is designed to support customers, partners and auditors who need to understand where data lives, who we share it with, how long we keep it and what rights individuals have.

Our approach

We see data protection as part of good service, not an extra chore. Our approach is based on a few simple ideas:

• collect only the data we genuinely need
• use it in fair, transparent ways
• keep it secure through sensible technical and organisational controls
• delete or anonymise it when it is no longer needed
• be open and honest if something goes wrong

Systems and platforms

The Cultrix systems page lists the main internal systems and platforms we use to deliver our services, where they are hosted and what kinds of data they hold.

This is particularly useful if you are mapping data flows, carrying out a DPIA or completing an information security questionnaire.

Third parties and data sharing

We work with a small number of trusted partners to help us deliver services securely and reliably. Our Third parties and data sharing page explains who they are, what data is involved and why we use them.

How long we keep data

Our Data retention and deletion page sets out typical retention periods for different types of data and how deletion works in live systems and backups.

Your rights

Individuals have a range of rights under UK GDPR, including access, rectification, erasure and objection. These are explained in more detail on our Your rights page, along with how to exercise them with us.

Data Processing Agreement (DPA)

When we act as a data processor for our customers - for example, managing Microsoft 365 tenants, backups or security tools - our Data Processing Agreement sets out how we handle personal data on your behalf.

This sits alongside your contract and explains roles, responsibilities, security measures and how we handle data subject requests and incidents.

Need more information?

If you are working through a procurement exercise, audit or accreditation and need additional detail, please contact us. We are happy to provide sensible, targeted information rather than pages of boilerplate.