Privacy Policy

The Cyber Resilience Manifesto is a community initiative operated by High Value Target. High Value Target is responsible for the collection, use, and protection of your personal data in connection with this website and its services.

Contact: contact@highvaluetarget.org

When you contact us through the contact form or request access to the PDF, we may collect:

• First and last name
• Email address
• Phone number (required for PDF access requests, optional for general contact requests)
• Message content and subject
• IP address and user agent (automatically collected by our web server)
• mCaptcha token (for bot protection on the contact form)

We process your personal data for the following purposes, under the following legal bases:

We do not sell, rent, or otherwise share your personal data with third parties for their commercial purposes. We may share your data in the following limited circumstances:

• n8n workflow automation — contact form submissions are logged as JSON to stdout and processed by an n8n workflow running within our infrastructure. The workflow handles routing and notification.
• Service providers — we use managed hosting and email delivery services (such as Caddy, mCaptcha) under data processing agreements that restrict their use of your data.
• Legal obligation — we may disclose data where required by applicable law, court order, or regulatory authority.

We retain personal data only for as long as necessary to fulfil the purposes described in this policy. Contact form submissions are retained for a maximum of 24 months from the date of submission, unless a longer retention period is required by law or for the establishment, exercise, or defence of legal claims.

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of access — obtain a copy of your personal data
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure — request deletion of your data ("right to be forgotten")
• Right to restrict processing — request limitation of processing
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at contact@highvaluetarget.org. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority (e.g., the ICO in the UK or your national data protection authority).

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, or destruction. These measures include TLS encryption in transit, secure server environments, and access controls on our internal systems.

This website uses essential session cookies only — necessary for the website to function correctly. We do not use advertising networks, tracking pixels, or third-party analytics tools that profile visitors.

The contact form uses mCaptcha for bot protection. mCaptcha may set its own cookies as part of its verification process. Refer to the mCaptcha documentation for details.

We primarily process data within the United Kingdom and European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in accordance with Chapter V of the GDPR.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated policy will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically.