Privacy Policy

Technical Assurance Group Ltd ("TAG", "we", "us", "our") is a company registered in England and Wales. We provide independent technology assurance services including infrastructure assessments, AI readiness evaluations, ISO certification assistance, and identity maturity assessments.

For the purposes of UK data protection law, TAG is the data controller for personal data collected through this website and in connection with our services. You can contact us at [email protected].

We may collect and process the following categories of personal data:

• Contact information: name, email address, telephone number, job title, and organisation name, provided when you submit an enquiry or contact form.
• Correspondence: the content of emails, messages, or other communications you send to us.
• Technical data: IP address, browser type, operating system, and pages visited, collected automatically when you use our website.
• Professional information: details about your organisation's technology environment that you share with us in the course of an engagement.

We use personal data for the following purposes and on the following legal bases:

• To respond to enquiries and provide our services — lawful basis: contract performance or pre-contractual steps.
• To manage our client relationships and deliver assessment engagements — lawful basis: contract performance.
• To comply with legal and regulatory obligations — lawful basis: legal obligation.
• To improve our website and services — lawful basis: legitimate interests.
• To send service-related communications — lawful basis: legitimate interests or consent where required.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Enquiry data is retained for up to 24 months. Client engagement data is retained for up to 7 years following the end of an engagement, in accordance with our legal and contractual obligations.

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right of access — to request a copy of the personal data we hold about you.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure — to request deletion of your data in certain circumstances.
• Right to restriction — to request that we limit how we use your data.
• Right to data portability — to receive your data in a structured, machine-readable format.
• Right to object — to object to processing based on legitimate interests.

To exercise any of these rights, please contact us at [email protected]. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Our website may use essential cookies to support basic functionality. We do not use advertising or tracking cookies. Where we use analytics tools, they are configured to anonymise IP addresses and not to share data with third parties for advertising purposes.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. We operate to the same security standards we assess our clients against.

We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. Continued use of our website following any changes constitutes acceptance of the updated policy.

For any questions about this Privacy Policy or how we handle your personal data, please contact us at [email protected].