S E P I V I

Please Wait For Loading

Your Next Layer Of Defence - Explore What's On Offer

Privacy Policy

Last Updated: 10th October 2025

Sepivi Limited (“Sepivi”, “we”, “our” or “us”) is a leading provider of privacy, security, and managed support services, helping organisations strengthen compliance, resilience, and trust.

We provide strategic advisory, compliance, training, and support solutions to clients (“Clients”). We are committed to protecting the privacy of our Clients, partners, and website users (collectively, “you”).

This Privacy Policy explains how we process your personal data in connection with our business, including the operation of our websites and the delivery of our consultancy, support and training services (the “Services”). Anyone who has access to such information or data must follow this Privacy Policy.

This Privacy Policy only applies to our use of your personal data, whether obtained directly from you or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links on our Site to third-party websites over which we have no control).

Further, this Privacy Policy is not intended to cover the processing of workplace personal data. Accordingly, if you are engaged as a worker for us, please see our Workplace Privacy Notice, which sets out further information about how we may process your personal data in connection with your employment and/or engagement.

This Privacy Policy is intended to assist you in making informed decisions when using our Sites and Services. Please take a moment to read and understand this Privacy Notice. It is intended to be read in conjunction with our Terms of Use and Cookie Notice.

1. PERSONAL DATA WE PROCESS

When we talk about personal data, we mean any information which relates to an identified or identifiable living individual.

In the last twelve months, we have collected the following types of personal data, in the following ways, for the following purposes:

Category of Personal Data and Specific Examples Purpose of Collection Legal Basis Third Parties With Whom We May Share Retention Period
Identifiers and Professional Information (Name, Email, Employer name) when you send us an inquiry. To respond to inquiries you send through the Site or via email. Contract (steps prior to entering into a contract); Legitimate interests (responding to business inquiries). IT support, email hosting providers. Up to 2 years after inquiry, unless a contractual relationship is formed.
Identifiers and Professional Information (Name, Email, Employer name) when you subscribe to our newsletter. To provide updates, insights and marketing communications from us about our services. Consent (subscription); Legitimate interests (B2B marketing where permitted). Email marketing platforms, IT/cloud providers. Until consent withdrawn, or up to 2 years after last interaction.
Internet or Network Activity (cookies, IP address, analytics data, log files). For site functionality, analytics, security, and to improve user experience. See our Cookie Notice. Consent (non-essential cookies); Legitimate interests (security, essential cookies). Analytics providers, hosting providers, IT support vendors. As set out in our Cookie Notice (typically 13 months).
Identifiers and Professional Information when operating client accounts (Name, Email, Organisation, Service history). To set up, operate, and manage client accounts, and provide contracted services. Contract; Legal obligation; Legitimate interests (business operations). Cloud providers, IT support, professional advisers. Duration of contract + 6 years (statutory limitation).
Identifiers for service delivery (Name, Email, Role, Employer). To deliver consultancy, managed services, or security/privacy training. Contract; Legitimate interests. IT/cloud support, training partners, accreditation bodies (if relevant). Duration of contract + 6 years.
Special Category Data (if voluntarily provided) e.g. accessibility needs, dietary preferences for events, or health information. To provide reasonable adjustments or ensure appropriate participation. Explicit Consent; Legal obligations (H&S). Event venues, training partners where required. Deleted after event unless legally required to retain.
Identifiers for recruitment (Name, Contact details, CV, employment history, education, right-to-work info). To evaluate suitability, manage recruitment, and make hiring decisions. Contract; Legal obligation; Legitimate interests. Recruitment platforms, referees, professional advisers. 6 months after campaign (longer with consent).
Identifiers and Account Information for legal/regulatory compliance (Name, Contact details, Transaction and account info). To comply with applicable laws (e.g., tax, AML, corporate obligations). Legal obligation. Regulators, professional advisers. As required by law (typically 6–7 years for financial/tax records).
Identifiers for queries, complaints, or claims (Name, Contact details, Service records, Correspondence). To manage and resolve queries, complaints or claims. Contract; Legal obligation; Legitimate interests (defending rights, improving services). Legal advisers, insurers, regulators. Duration of matter + 6 years.
Identifiers for training or events (Name, Email, Organisation, Role). To register attendance, provide materials, and administer training/webinars. Contract; Legitimate interests. Event/training partners, IT support vendors. 2 years after event (unless longer required for certification).
Identifiers for marketing preferences (Name, Email, Marketing opt-in/opt-out). To record, respect and administer your marketing choices. Consent; Legitimate interests (business development). Email marketing and CRM providers. Until consent withdrawn or preference updated.
Technical data for security and IT operations (IP address, device info, system logs). To secure systems, detect/prevent fraud, and maintain service integrity. Legitimate interests; Legal obligation (cybersecurity duties). Hosting providers, IT security vendors. Up to 2 years for logs, unless longer required for security investigations.

2. USE OF TECHNOLOGY AND DATA SAFEGUARDS

Sepivi may process personal data with the support of secure technologies, including automation and AI-enabled tools, strictly in accordance with this Privacy Notice.

These technologies are applied to improve efficiency, enhance service delivery, and maintain strong security, but they are never used in ways that undermine your rights, freedoms, or reasonable expectations.

We do not sell personal data, and we do not share it with third parties for cross-context behavioural advertising.

Any sharing of personal data is limited to trusted vendors and service providers who are contractually bound to act only on our instructions, apply appropriate security measures, and protect your information.

For more information about the use of cookies and similar tracking technologies on our websites, the purposes for which we use them, and how you can manage your preferences, please see our Cookie Notice.

3. ADDITIONAL WAYS WE MAY SHARE YOUR PERSONAL DATA

In addition to the sharing already described, Sepivi may disclose your personal information in the following limited circumstances:

(a) where it is reasonably necessary to comply with applicable laws or a lawful request from a court, regulator, or government authority; to detect, investigate, prevent or respond to fraud, security, or technical issues; to enforce our contractual or legal rights; or to protect the rights, property or safety of Sepivi, our clients, or the public.

(b) in connection with a corporate transaction such as a merger, acquisition, reorganisation, sale of assets, or in the unlikely event of insolvency or bankruptcy. In these cases, we will ensure that any recipient of personal data is bound by appropriate confidentiality and data protection obligations consistent with this Privacy Notice.

(c) where you have provided your express consent for us to do so.

Sepivi also relies on trusted third-party providers to support the operation of our services. This may include:

  • Cloud service providers – for secure storage and hosting of business data.
  • IT and systems support providers – to maintain and protect our technology environment.
  • Professional service firms – such as auditors, consultants, insurers, and legal advisors.
  • Marketing and communications platforms – to manage secure newsletters, updates, and event communications.

We may also share information with regulators, insurers, or partners where necessary to deliver services, demonstrate compliance, or meet legal duties.

Any third parties we engage are contractually required to process personal data only on our instructions, keep it secure, and act in accordance with data protection law.

4. WHERE WE GET YOUR PERSONAL INFORMATION

We collect personal data from a range of sources, depending on how you interact with our website and services:

  • Directly from you – for example, when you contact us by email or through our website, subscribe to updates, or engage us for services.
  • From your devices – including technical information such as IP address, browser type, and usage data when you visit our site (see our Cookie Notice).
  • From suppliers and service providers – who provide services on our behalf, such as IT support, cloud hosting, or marketing platforms.
  • From third parties – such as professional networks (e.g. LinkedIn) or business partners who may introduce you to us.
  • From publicly available sources – such as Companies House or regulatory registers, where necessary to verify business or compliance details.
  • From government authorities or regulators – where required for legal or compliance purposes.

We only collect information that is relevant, proportionate, and necessary for the purposes described in this Privacy Notice.

5. HOW LONG WE KEEP YOUR INFORMATION

In general, Sepivi will only retain your personal information for as long as necessary to fulfil the purposes for which it was collected, to meet our contractual and legal obligations, and to support our legitimate business interests.

We may continue to retain anonymous or anonymised information (for example, aggregated Site usage data without identifiers) for analytical and service improvement purposes.

If certain personal data is only required for a short-term purpose – such as a recruitment campaign, a specific event, or a limited marketing initiative – we will delete it once that purpose has been fulfilled. For example, if you are an unsuccessful candidate, we may retain your application information for a limited period before secure deletion.

6. HOW WE PROTECT YOUR INFORMATION

Sepivi applies reasonable and appropriate technical and organisational measures to protect personal data from accidental or unlawful loss, misuse, unauthorised access, disclosure, alteration, or destruction.

These measures take into account the risks associated with the processing and the nature of the data. Protections include:

  • Secure cloud storage and encryption of data in transit and at rest;
  • Access controls and role-based permissions to limit personal data access;
  • Regular monitoring, testing, and review of security controls;
  • Staff training on data protection, confidentiality and secure handling of information;
  • Use of trusted service providers who meet our security and privacy requirements.

7. INTERNATIONAL DATA TRANSFERS

Sepivi is based in the United Kingdom. In most cases, your personal data will be processed and stored within the UK.

If in future it becomes necessary to transfer your personal data to countries outside the UK, we will ensure that appropriate safeguards are in place in line with UK data protection law. These safeguards may include:

  • Relying on a UK Government adequacy decision confirming that the destination country provides an adequate level of protection for personal data; or
  • Putting in place Standard Contractual Clauses (SCCs) or the UK’s International Data Transfer Agreement (IDTA) with recipients to ensure your information remains protected.

At present, Sepivi does not routinely transfer personal data internationally. Should this change, this Privacy Notice will be updated to reflect the safeguards applied.

8. CHILDREN’S PERSONAL DATA

Our Sites and Services are not directed at children under the age of 16, and we do not knowingly collect, use, or store personal data from children. Sepivi does not conduct projects that involve children and will never request children’s data as part of its services.

If we become aware that personal data has been provided to us relating to a child under 16, we will delete it promptly. If you believe that we may have inadvertently collected such information, please contact us using the details in the Contact Us section so we can take appropriate action.

9. YOUR RIGHTS AND HOW TO COMPLAIN

Under the UK GDPR (and, where applicable, the EU GDPR), you have the following rights in relation to your personal data:

  • Right of access – to request copies of your personal data and information about how we use it.
  • Right to rectification – to ask us to correct or complete information you believe is inaccurate or incomplete.
  • Right to erasure – to request that we delete your personal data in certain circumstances.
  • Right to restrict processing – to ask us to limit how we use your information.
  • Right to object – to object to our use of your personal data where we rely on legitimate interests or use it for direct marketing.
  • Right to data portability – to request that we transfer the personal data you gave us to another organisation, or to you.
  • Right to withdraw consent – where we rely on consent to process your personal data (for example, for marketing), you may withdraw it at any time.

We aim to respond to all valid requests within one month. If your request is complex or numerous, we may extend this period by up to two further months, but we will inform you if this applies.

To exercise any of your rights, please contact us using the details at the top of this Privacy Notice.

If you are unhappy with how we have used your personal data, you should contact us in the first instance so we can seek to resolve the issue. You also have the right to complain to the UK supervisory authority:

Information Commissioner’s Office (ICO)

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

10. THIRD-PARTY LINKS AND SERVICES

Our Site and Services may include links to third-party websites or services. Please note that once you follow a link to a third-party site or engage with a third-party service, this Privacy Notice will no longer apply. Your interactions with those websites or services are governed by their own privacy policies and terms, and we are not responsible for their practices.

We may also use third-party tools and platforms (for example, cloud hosting providers, analytics services, or secure communications platforms) to support the operation of our Site and Services. Where this is the case, we take steps to ensure that your personal data is processed in compliance with data protection law. However, those third parties may apply their own privacy notices which we recommend you review.

We do not monitor, control, or endorse the privacy practices of third parties. Before providing any personal data, we encourage you to read the privacy policies of the relevant website, application, or service provider.

11. CLIENT PORTALS AND MOBILE APPLICATIONS

As part of our services, we may provide access to third-party client portals or mobile applications (for example, training or certification platforms). Use of these portals and apps is generally voluntary but may be required to complete certain activities such as training modules, certification, or access to learning resources.

When you use a portal or mobile application operated by a third-party partner, your personal data may be processed by that provider in accordance with its own privacy policy. Sepivi will only receive limited information necessary to administer our services, confirm your participation, or maintain accurate records.

Some applications may request your permission to collect additional information (such as location data or multimedia files). These permissions are always optional and can be managed through the settings on your device.

Any personal data collected through third-party portals or apps will be used and protected in line with this Privacy Notice and the third-party provider’s own terms.

12. CONTACT US

If you have any questions about this Privacy Notice or how Sepivi handles your personal data, please contact us:

By Post:

Sepivi Limited
71–75 Shelton Street
Covent Garden
London
United Kingdom
WC2H 9JQ

By Email:

privacy@sepivi.com

13. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by updating this page and, where appropriate, by other means so that you are aware of what information we collect, how we use it, and under what circumstances we may disclose it.

We will use personal data in accordance with the policy that was in effect at the time it was collected, unless you consent to a new use.

If Sepivi expands its services to include offerings outside the United Kingdom, or otherwise begins transferring data internationally, this Privacy Policy will be updated to reflect the safeguards applied and any additional rights that may become relevant.

YOUR NEXT LAYER OF DEFENCE

Sepivi logo
Support Assure Fortify Evolve

Company

Sepivi Limited
71–75 Shelton Street
Covent Garden
London WC2H 9JQ
Registered in England & Wales (No. 15356173)

Explore

Legal

© 2025 Sepivi Limited. All rights reserved.