Privacy Policy

1. Introduction

This Privacy Policy explains how Digital Marmalade Limited, as the owner and developer of Spartacus Insights, collects, uses and protects personal data when you visit the Spartacus Insights website, contact us, request information, arrange a demonstration, or otherwise communicate with us.

Digital Marmalade Limited is committed to handling personal data responsibly, transparently and in accordance with applicable UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018.

This Privacy Policy applies to personal data collected through this website and related business communications. Where Spartacus Insights is provided to customers as a platform service, the handling of customer platform data may also be governed by separate customer agreements, data processing terms and service arrangements.

2. Who we are

Spartacus Insights is owned and developed by Digital Marmalade Limited.

Digital Marmalade Limited
65-66 Maltings Place
Tower Bridge Road
London
SE1 3LJ
United Kingdom

For privacy-related enquiries, please contact us using the details provided on this website or through your usual Digital Marmalade or Spartacus Insights contact.

You may also contact us at: info@spartacusinsights.com

For the purposes of this Privacy Policy, Digital Marmalade Limited is the controller of personal data collected through the Spartacus Insights website and related business communications.

Where Spartacus Insights is provided as a platform service to a customer, Digital Marmalade Limited may act as a processor in relation to certain customer-controlled platform data, as set out in the relevant customer agreement and data processing terms.

3. Personal data we may collect

We may collect and process personal data that you provide to us directly, including when you complete a contact form, request a demonstration, ask for information, communicate with our team, or engage with us as a prospective customer, customer, supplier or business contact.

This may include:

  • your name;
  • business email address;
  • telephone number;
  • job title;
  • organisation name;
  • country or region;
  • enquiry details;
  • product, framework or service interests;
  • communication history;
  • information provided during sales, procurement, onboarding or support conversations;
  • information you choose to include in messages or form submissions.

We may also collect limited technical and usage information when you visit the website, such as:

  • IP address;
  • browser type and version;
  • device information;
  • operating system;
  • pages viewed;
  • referral source;
  • approximate location;
  • date and time of visits;
  • cookie and analytics data, where enabled.

If you are an authorised user of Spartacus Insights, we may also process account and service-related data such as your name, business email address, user role, organisation, login activity, support interactions and platform usage records, subject to the applicable customer agreement.

We do not intentionally collect special category personal data through the Spartacus Insights website. Please do not include sensitive personal information in website forms or general enquiries unless specifically requested.

4. How we collect personal data

We may collect personal data:

  • directly from you, when you complete a form or contact us;
  • through business communications, meetings, calls or emails;
  • through website analytics and cookies, where enabled;
  • from your organisation, where you are nominated as a business contact, platform user or stakeholder;
  • from publicly available business sources, such as company websites or professional networking platforms;
  • from third parties involved in sales, procurement, partnership or service delivery processes.

5. How we use personal data

We use personal data for legitimate business purposes connected with operating, promoting, selling, supporting and improving Spartacus Insights.

This may include:

  • respond to enquiries;
  • arrange demonstrations or follow-up conversations;
  • provide information about Spartacus Insights products, frameworks and services;
  • understand which products, frameworks or capabilities may be relevant to your organisation;
  • manage sales, procurement and customer relationships;
  • provide onboarding, account management or support communications;
  • operate, maintain and improve the website;
  • understand website engagement and improve user experience;
  • send relevant B2B communications, where permitted by law;
  • maintain records of business communications;
  • protect the security and integrity of our website, systems, platform and communications;
  • comply with legal, regulatory or contractual obligations;
  • establish, exercise or defend legal claims.

We will only use personal data where we have a lawful basis to do so.

6. Lawful basis for processing

We will only process personal data where we have a lawful basis to do so. The lawful basis we rely on depends on the purpose for which the personal data is being used and the nature of our relationship with you or your organisation.

We may rely on legitimate interests where processing is necessary for our business purposes and we believe those interests are not overridden by your rights and freedoms. This may include responding to enquiries, arranging demonstrations, managing business relationships, improving the Spartacus Insights website, maintaining appropriate business records, protecting our systems, and sending relevant business-to-business communications where permitted by law.

We may rely on contract where processing is necessary to perform a contract with you or your organisation, or to take steps before entering into a contract. This may include managing customer relationships, providing access to Spartacus Insights, supporting platform users, handling service communications, and administering customer or supplier arrangements.

We may rely on legal obligation where processing is necessary for us to comply with applicable laws, regulations, accounting requirements, tax obligations, regulatory requests or other legal duties.

We may rely on consent where consent is required by law or where we have asked for your permission to process personal data for a specific purpose. This may include certain types of marketing communication or the use of non-essential cookies and analytics technologies. Where we rely on consent, you may withdraw that consent at any time.

For example, we may use personal data to respond to enquiries and demonstration requests on the basis of legitimate interests or steps before entering into a contract. We may use personal data to manage customer, supplier and business relationships on the basis of contract, legitimate interests or legal obligation. We may use personal data to send relevant B2B communications on the basis of legitimate interests or consent, depending on the circumstances. We may use website analytics and cookies on the basis of consent or legitimate interests, depending on the type of cookie and the way it is configured. We may use personal data to maintain website, platform and system security on the basis of legitimate interests or legal obligation.

Where we rely on legitimate interests, we carefully consider the purpose of the processing, whether it is necessary, and whether your interests, rights or freedoms override our interests.

7. Business communications and marketing

We may use business contact details to provide information about Spartacus Insights where we believe it may be relevant to you or your organisation.

This may include information about:

  • product updates;
  • cybersecurity assessment and assurance capabilities;
  • framework-related services;
  • events, webinars or demonstrations;
  • relevant business content;
  • customer or partner communications.

We will only send marketing communications where permitted by law. You can ask us to stop sending marketing communications at any time by using the unsubscribe option in the message, where provided, or by contacting us.

We will not sell your personal data.

8. Cookies and analytics

The Spartacus Insights website may use cookies and similar technologies to operate the website, understand how it is used and improve the user experience.

Cookies may be used for purposes such as:

  • enabling core website functionality;
  • remembering preferences;
  • analysing website traffic and performance;
  • understanding which pages and content are useful to visitors;
  • supporting security and fraud prevention.

Where required, non-essential cookies will only be used with appropriate consent.

Further information about cookies may be provided through the website’s cookie notice, cookie banner or cookie settings tool.

9. Platform and customer data

Spartacus Insights is a cybersecurity platform used by customers and authorised users to support assessment, assurance, risk, reporting and related activities.

Where personal data is processed within the Spartacus Insights platform, the applicable customer agreement, service terms and data processing arrangements may also apply. These documents may define additional rules relating to access, retention, deletion, customer instructions, security measures and support processes.

Depending on the customer relationship and the nature of the data, Digital Marmalade Limited may act as a controller or processor. This will be determined by the applicable contractual arrangements.

Platform data may include business user account details, access permissions, assessment activity, uploaded documents, comments, review information, audit trails and service-related records. Customers are responsible for ensuring that any personal data they upload or provide through the platform is handled in accordance with applicable law and their own privacy obligations.

Data associated with inactive product licences is retained for 30 days from licence inactivation, unless earlier deletion is requested through the agreed service process. Where a tenant has no active product licences, tenant data is deleted in accordance with the agreed service process and applicable customer agreement.

10. Sharing personal data

We may share personal data with trusted third parties where necessary for the purposes described in this Privacy Policy

These may include:

  • website hosting providers;
  • IT and cloud service providers;
  • CRM and business systems providers;
  • email, communication and collaboration tools;
  • analytics and cookie technology providers;
  • professional advisers, such as lawyers, accountants and auditors;
  • payment, procurement or contract administration providers, where relevant;
  • partners, suppliers or subcontractors involved in providing services to you or your organisation;
  • regulators, public authorities, courts or law enforcement bodies where required by law.

Where third parties process personal data on our behalf, we expect them to protect that data and use it only for the purposes we have instructed.

We may also disclose personal data where necessary to comply with legal obligations, enforce agreements, protect our rights, protect the security of our systems, or support a business transaction such as a restructuring, merger or sale.

11. International transfers

Some of the service providers we use may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we will take steps designed to ensure that appropriate safeguards are in place in accordance with applicable data protection law. These safeguards may include adequacy regulations, contractual protections or other legally recognised transfer mechanisms.

12. How we protect personal data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These may include:

  • access controls;
  • authentication measures;
  • role-based permissions;
  • secure hosting arrangements;
  • encryption where appropriate;
  • monitoring and logging;
  • staff confidentiality obligations;
  • supplier due diligence;
  • operational security procedures.

No website, platform or method of transmission is completely secure. However, we take reasonable steps to protect personal data and maintain the confidentiality, integrity and availability of our systems.

13. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected.

Retention periods may depend on:

  • the nature of the relationship we have with you or your organisation;
  • whether we are responding to an enquiry or managing an active customer relationship;
  • legal, accounting, regulatory or contractual requirements;
  • the need to resolve disputes or maintain business records;
  • applicable customer agreements or service terms;
  • whether you have asked us to stop sending marketing communications.

Website enquiry and business-contact data will usually be retained for as long as needed to respond to the enquiry, manage the business relationship and maintain appropriate records.

Marketing preferences may be retained so that we can respect opt-out requests.

Customer platform data may be retained or deleted in accordance with the relevant customer agreement, product licence status and agreed service process.

14. Your rights

Subject to certain conditions and exemptions, individuals have rights under UK data protection law.

These may include the right to:

  • be informed about how personal data is used;
  • access personal data;
  • ask for inaccurate personal data to be corrected;
  • ask for personal data to be erased;
  • restrict certain processing;
  • object to certain processing;
  • request data portability in certain circumstances;
  • withdraw consent where processing is based on consent;
  • object to direct marketing;
  • complain to a supervisory authority.

These rights are not absolute and may not apply in all circumstances.

To exercise your rights, please contact us using the privacy contact details set out in this policy. We may need to verify your identity before responding to a request.

15. Automated decision-making

We do not use personal data collected through the Spartacus Insights website to make solely automated decisions that have legal or similarly significant effects on individuals.

16. Children

The Spartacus Insights website and platform are intended for business and professional users. They are not directed at children, and we do not knowingly collect personal data from children through the website.

17. Links to other websites

The Spartacus Insights website may contain links to third-party websites or resources.

We are not responsible for the privacy practices, content or security of third-party websites. We recommend that you review the privacy information provided by any third-party website you visit.

18. Complaints

We encourage you to contact us first if you have any questions or concerns about how we use personal data.

You also have the right to raise concerns with the Information Commissioner’s Office, the UK supervisory authority for data protection.

The Information Commissioner’s Office can be contacted through its website or by telephone on 0303 123 1113.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our website, platform, services, legal obligations or business operations.

The latest version will be published on this page with an updated effective date.

20. Contacting Us

For questions about this Privacy Policy or how we handle personal data, please contact:

Digital Marmalade Limited
65-66 Maltings Place
Tower Bridge Road
London
SE1 3LJ
United Kingdom

You may also contact us at: info@spartacusinsights.com


Last Updated : 05 May 2026