Privacy Policy

Privacy Statement

Hogen Data Ltd is the Limited company we have registered with the UK Companies House.

We thought that was pretty boring so we trade under the Name ‘Trusthogen’…….We also offer products and services relating to the deep and dark web. We call this range of products ‘Dark Hogen’……..original hey!

So, when we say us, we, they, we mean Hogen Data Ltd, Trusthogen or Dark Hogen……….get it?

We wouldn’t be much of a privacy or cyber security firm if we didn’t try our best to secure your data, so anytime we hear from you, through phone, email, social media or any method they’ve dreamt up, we make sure its looked after…….we’re good like that!

Going forwards, if you have a question about the relationship between us and your personal data, you can probably find the information below. 

Data Protection and other privacy regulations have been in the media a lot over the last few years. Data protection act 1998, 2018, GDPR, UK GDPR……..alot to remember right. So when we say Legislation or Laws, we mean all these rules!

Introducing Hogen Data Ltd, the Data Controller!

Hogen Data Ltd will always be the Data Controller when dealing with your personal Information. As mentioned above, this includes that other names we dreamt up to make us look like a marketing powerhouse!

We’ve also registered our intention to process Personal Data with those guys over at the Information Commissioner’s Office. To be fair, they’re not a bad bunch. They even gave us this number you can search us with:


In case you ever want to write to us or validate our registration, our Registered Company Address is 86-90 Paul Street, Hoxton, London, EC2A 4NE
You can also email us via Our DPO is Gary Langrish and he can be contacted directly by emailing if that’s what you’d like to do!
On the off chance you’d like to send a letter in the post , please use the same address as above……….the London one!

What Information do we hold about you and when do we collect it?

So, you’ve heard how good we are, how we help protect businesses and prevent reputational disaster and save you loads of money. But what data do we need from you and when do we need it?

Its pretty simple to be fair… just fill out the contact form, or call us. It really is no more exciting than that. In future, we might even dabble in a few trade shows…….if that happens, we’ll point you towards this when capturing your information

If it’s just a general query, but you chose not to follow up or take one of our services, that’s cool too. We’ll probably only hold your email, name and phone number at this point. We’ll keep this for 3 months then delete it.

If you decide to come on board (and let’s face it, why wouldn’t you), we’ll probably ask for some additional information. Information that helps might relate to contact details, names of some ‘points of contact’ within your business, company name, your position held within the firm etc

We don’t really do much marketing (we don’t need to) and we don’t capture any clever information about you via cookies and visits to our website either. But if we ever do, we’ll ensure you have given informed consent.

Here’s a table explaining what information we hold, including the purpose for capturing it and the lawful basis we rely upon to process it. It might surprise you, but consent isn’t the only ‘kid on the block’. We might also rely on basis such as Contract, Legitimate Interest or Legal Obligation. 



Lawful Basis


Facilitate Contact and create a file for you

Contract (preparation for entering into a contract also relies on this basis)


Facilitate Contact and create a file for you

Contract (preparation for entering into a contract also relies on this basis)

Email and physical Address

Facilitate Contact and create a file for you

Contract (preparation for entering into a contract also relies on this basis)

Job Titles

To know who to ask for

Contract (preparation for entering into a contract also relies on this basis)

Points of Contact

To help facilitate Discovery exercises in order to build an accurate picture of aggregated risks

Legitimate Interest

How Do Hogen Data Use Your Personal Data?

Lets face it, during the course of business, we may use your data for a number of purposes not outlined above, so in short, we’ll typically use it when:
  • Replying to queries
  • Contacting you to improve our services
  • Dealing and responding to complaints
  • Requesting payment or issuing refunds
  • Fulfilling a service promise to you
  • If this Privacy Notice changes and we think you need to know about it

Sharing Your Personal Data

We never share your data with anyone unless we have a very good reason. So when we get asked if we’d like to sell our data, the answer is always a resounding NO!

But there will be occasions when we might be obliged to share your data. For example, if Law Enforcement or other Government Agencies ask us for it. We’ll still make sure we follow the Principles of Good Data Protection regardless.

In the unlikely event that you decide to bring legal action against Hogen Data Ltd, we may need to share your information with legal third parties, to help defend our legal rights and argument.

We use Studio Inc to build our web pages, so perhaps they might get access to information stored within the site should there be an issue or maintenance required. This is rare, but these guys will be bound by Non Disclosure Agreements around this and other information they know about us.

In order to maintain good security of your data, we may store your information within databases such as Hubspot or similar CRM’s. We also have a panel of providers that may help deliver services on our behalf.

These affiliated partners may be given your data simply to facilitate contact. They will never market to you or be allowed to action your data in a way not specified in our Data Processing Agreement sections of supplier contracts.

Email services, cloud storage and other software used by us may also house your data. This is inevitable, but perfectly safe and secure.

We’re simply telling you all of this to be compliant, honest and open!…..oh, and its sort of like a rule within GDPR!

Keeping You Aware of Updates

We don’t currently capture marketing preferences, so you’ won’t hear from us about that…..

However, if you are a Business and we believe you may have an interest in some of our services, we may reach out to you. Simply tell us you want to unsubscribe if you don’t want these emails…..we won’t be offended!

However, we are obliged to contact you about changes to this privacy notice and the way we process your personal data.

Likewise, if there were ever an incident with our IT that you needed notifying about, we’ll be sure to let you know.

Data Subject Rights

7.1 The right to be informed 

In short, we have a duty to tell you what data we are collecting and why. How do we do this? We’ll give you a clue……you’re reading it!

7.2 Right to Access Your Personal Information

Want to know what data we have about you? Simply ask us! It’s not a secret nor do we mind responding to Data Subject Access Requests. It’s free too! But remember, you can only ask for YOUR personal data, unless you are a third party with written consent and right to represent

7.3 Right to Rectification

Misspelt your surname? Recently married and want your new name on our database? Have your contact details incorrectly stored? Just tell us and we’ll change it. Alternatively, if something is potentially misleading, give us a shout and we’ll add some context to explain it

7.4 Right to Object or Restrict Processing of Your Data

If you need us to change the way we process your data, just ask. We’ll look into it and give you a full response on how we plan to act . You may not always have an absolute right to action the above and this might depend on the lawful basis we used when first processing your personal data

7.5 Right to Erasure

‘The Right to be Forgotten’ as someone once said…..

To be fair, we’ll normally keep data inline with our data retention policy, meaning you should never have to ask for your data to be erased. However, should you find something you’re not happy for us to retain, lets have a conversation.

7.6 Right to Portability

The right to portability gives you the right to receive personal data you have provided to the data controller.

Should you need this, we’ll pop it into a machine readable format and send it wherever you choose……..probably in Excel!

7.7 Complaints

If you’re not happy with a response to a rights request, you can contact the Information Commissioner’s Office. We’ll be happy to reply to their correspondence and come to a pragmatic solution .

Data Retention – How We Uphold the Storage Limitation Principle

When we process your personal data, we will typically use it to manage our excellent service offering to you. Even when our relationship ends however, we may be duty bound to hold this information for a statutory time period. This means that data isn’t deleted the day you decided to walk away.

In order to maintain transparency, we have a Data Retention Schedule which defines which data type is kept for how long! It’s a sizeable document, but typically we’ll keep DSAR request data for 3 years post request, invoicing and transactional data is kept for 7 years post relationship and complaint data for the same period. As mentioned above, shorter periods may come into force when you’re making an inquiry but it doesn’t come to anything………..3 months, tops!

Upon reaching the end of its life-cycle, we’ll delete or anonymise it!

When You Communicate With Us

We have a number of social media channels including Instagram and Linkedin. These are great tools for raising our profile and also for making it easier for you to contact us. This privacy notice will apply to all correspondence through these channels also, not just traditional email and telephone means 

Integrity and Confidentiality – How We Keep Your Data Safe

As you can imagine, this is kind of a big deal to a cyber security and privacy consultancy, so we apply appropriate controls to mitigate risks and safeguard your information. We raise staff awareness, ensure colleagues are trained and often simulate Phishing Attacks to prepare for hostile emails!

We also deploy class leading SOC services and threat intelligence solutions to ensure we’re doing all we can. But it’s not always as sophisticated as that. We always wear ID, challenge tailgaters into restricted areas and ensure robust Role Based Access is applied across our infrastructure. ‘If your names not down, you’re not coming in’ for desktop folders and CRM’s so to speak….if there’s no business need for access to certain data, staff don’t get escalated privileges!

What happens if our business changes hands?

Should the business be acquired, sold, merged, expanded etc, we’ll ensure the data we hold is dealt with correctly.

So where its justifiable, proportionate and necessary, we’ll transfer this data over to the new controller, where it is required to continue providing a service to you.

Notifying You about changes to the processing of personal data

We reserve the right to change and update this notice when appropriate. Whilst most changes are small and administrative, we’ll be sure to add transparent version controls. We’ll also keep previous versions should you have a legacy issue to contest.

In the event that there is something we think you should be made aware of, we’ll contact you.

Get In Touch

We endeavour to deliver world class products and services to you. However, should we fall short of your expectations, we’d ask that you give us a chance to rectify the issue or complaint in the first instance.

Our DPO is Gary Langrish and he can be contacted on

020 4538 6669

If this fails, you reserve the right to make a complaint to the Information Commissioner’s Office. They can be contacted on:

Make a complaint | ICO

Or by calling

0303 123 1113

This Privacy Notice was last updated on 05/07/2022 and is version 2.0