Gamayun

Behavioural Security: Research, Human Risk Intelligence, Profiling & Strategic Advisory

Privacy Policy

Last updated: 12 January 2026

This Privacy Policy explains how we collect, use, and protect personal data when you visit this website, contact us, or request resources (including the QuickScan PDF).

1. Who we are (data controller)

Gamayun Outsourcing Limited (“we”, “us”, “our”) is the data controller for personal data collected via this website.
Company number: 09754464 (England & Wales)
Contact email: tymur@gamayun.uk
Contact page: https://gamayun.uk/contact/

2. Personal data we collect

We collect the following categories of personal data depending on how you use the site:

2.1 Data you provide directly

  • Email address (e.g., when you submit the QuickScan access form)
  • Any information you include in messages (e.g., contact form submissions)

2.2 Technical and usage data

When you browse the site, we (and our service providers) may process technical information such as:

  • IP address, device and browser type, operating system
  • Pages visited, time spent, referral source, approximate location (inferred from IP)
  • Security and diagnostic logs

2.3 Cookie and similar technology data

We use cookies and similar technologies. For details, see our Cookie Policy: https://gamayun.uk/cookie-policy/

3. How we use your data (purposes)

We use personal data to:

  • Provide what you request, including access to resources and responding to enquiries
  • Administer the QuickScan follow-up only where you opt in
  • Operate, secure, and improve the website, including performance monitoring, abuse prevention, and basic analytics
  • Maintain records necessary for business operations and compliance

4. Lawful bases (UK GDPR)

We rely on one or more of the following lawful bases, depending on context:

4.1 Consent

We rely on consent where you actively opt in to receive the 3-email QuickScan follow-up (e.g., by ticking a consent checkbox).
You can withdraw consent at any time by using the unsubscribe link in an email or contacting us.

4.2 Legitimate interests

We may process limited technical/usage data for legitimate interests such as securing the site, preventing abuse, and understanding site performance. We balance these interests against your rights and expectations.

4.3 Contract / steps at your request

If you contact us to request information or services, we process your data to respond and take steps at your request.

5. Marketing emails

We will not send you the QuickScan follow-up or other marketing emails unless you explicitly opt in.
If you opt in, you can unsubscribe at any time (via the link in the email or by contacting us).

6. Who we share data with

We do not sell personal data. We share data only as necessary to operate the site and provide requested services, including:

6.1 WordPress.com / Jetpack (Automattic)

This site is hosted on WordPress.com and uses Jetpack features. Your data may be processed by Automattic (the provider of WordPress.com/Jetpack) to deliver hosting, security, forms, and site functionality.

6.2 Service providers and professional advisers

We may share data with:

  • Email or communications providers (only when required to send communications you requested/opted into)
  • Professional advisers (e.g., legal/accounting) as necessary
  • Regulators/law enforcement where required by law

7. International data transfers

Our service providers (including WordPress.com/Jetpack) may process data outside the UK. Where this occurs, appropriate safeguards may be used under applicable data protection laws. For details, refer to the relevant provider’s privacy documentation.

8. Data retention

We keep personal data only for as long as necessary for the purposes described:

  • QuickScan form submissions: typically up to 12 months
  • Opt-in follow-up list: until you unsubscribe or withdraw consent
  • Enquiry messages: typically up to 24 months (to maintain business records and continuity)
  • Security/technical logs: retained for limited periods consistent with operational needs

(Adjust these periods if you want different retention—what matters is that they reflect what you actually do.)

9. Your rights

Depending on your circumstances, you may have rights including:

  • Access to your personal data
  • Correction of inaccurate data
  • Erasure (in some cases)
  • Restriction of processing (in some cases)
  • Objection to processing based on legitimate interests
  • Data portability (in some cases)
  • Withdrawal of consent (where processing is based on consent)

To exercise rights, contact us using the details in section 1.

10. Complaints

If you have concerns, contact us first. You also have the right to complain to the UK regulator, the Information Commissioner’s Office (ICO).

11. Links to other websites

Our site may link to external websites (including embedded content). We are not responsible for their privacy practices. Please review the privacy policies of third-party sites you visit.

12. Changes to this policy

We may update this Privacy Policy to reflect changes to the site, services, or legal requirements. The “Last updated” date shows when it was most recently revised.