Legal

Privacy policy.

Effective 2026-05-19.

This policy describes how CompTech Lab ("we", "us", or "the firm") collects, uses, and protects personal data in connection with the website www.comptech-lab.com and with customer engagements. This summary is intended to be readable. For specific contractual data-processing terms during an engagement, refer to the engagement contract and the data processing addendum.

1. Data we collect

1.1 Information you provide directly

  • Contact form submissions. Name, email address, company, service interest, and the message you choose to share.
  • Direct correspondence. Email, video calls, or other channels you initiate with us.
  • Engagement data. During a customer engagement, we receive information that customer staff share with us; this is governed by the engagement contract and any data processing addendum.

1.2 Information collected automatically

  • Server logs. Standard web-server access logs that include IP address, timestamp, requested URL, user agent, and referrer. Retained for security and operational diagnostics.
  • Cookies. We use a small number of strictly-necessary cookies for site operation. We do not run third-party analytics or advertising cookies on www.comptech-lab.com.

2. How we use data

  • To respond to enquiries submitted through the contact form or directly to a CompTech Lab address.
  • To deliver engagements under a signed contract and any associated data processing addendum.
  • To operate, secure, and improve the website and our internal systems.
  • To comply with legal, regulatory, and contractual obligations.

We do not sell personal data. We do not share contact-form information with third-party marketing platforms.

3. Lawful bases (GDPR & equivalent regimes)

Where the GDPR or a comparable privacy regime applies, our lawful bases for processing are:

  • Legitimate interests — responding to your enquiries, securing the site, operating the business.
  • Contract — performing services under a signed engagement.
  • Consent — where you have explicitly opted in (rarely; we avoid asking for consent we do not need).
  • Legal obligation — complying with applicable law.

4. Sharing and sub-processors

We use a small set of vetted sub-processors to operate the website and the firm (cloud hosting, email, source-control, identity, support tooling). A current list of sub-processors is available under NDA on request. We notify customers in advance of material changes that affect their engagement.

We do not share customer engagement data with other customers or with any third party except as required to deliver the engagement under contract or as required by law.

5. International transfers

Where personal data is transferred across borders, we rely on appropriate safeguards including Standard Contractual Clauses and customer-specified regional residency arrangements. For engagements with strict data-sovereignty requirements, we operate inside the customer's environment and customer data does not leave that boundary.

6. Retention

We retain personal data only as long as necessary for the purpose for which it was collected, or as required by law or contract:

  • Contact-form submissions and correspondence: retained for the duration of the conversation plus a reasonable period for follow-up.
  • Server logs: short-lived, retained for security and diagnostics.
  • Engagement data: per the engagement contract; deleted or returned at engagement close.

7. Your rights

Under the GDPR and comparable regimes, you have rights including access, rectification, erasure, restriction of processing, portability, and objection. To exercise any of these, contact privacy@comptech-lab.com. We will respond within the timeframe required by the applicable law (typically 30 days under GDPR).

8. Security

We maintain administrative, technical, and physical safeguards proportionate to the sensitivity of the data we hold. See Trust & compliance for the firm's information-security posture.

9. Children's data

This site is intended for business audiences. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the effective date above and, where appropriate, by notifying customers directly.

11. Contact