Who we are
Computer Forensics Lab (also trading as Data Recovery Lab) is an independent digital forensics laboratory in North London. For the purposes of the UK GDPR, we are the data controller for personal data we collect through cflab.uk and for personal data collected in the course of instructions given directly to us. Where we are instructed by a solicitor, law-enforcement body or organisation to examine material on their behalf, we typically act as a data processor for the personal data contained in that material.
We are registered with the UK Information Commissioner's Office (ICO) under registration number ZB395023.
Personal data we collect
Through this website and normal business correspondence we may collect:
- Contact details you provide (name, organisation, email, phone).
- The content of your inquiry, including any facts you disclose about your matter.
- Correspondence between you and our team.
- Invoicing and payment details necessary to raise and settle invoices.
- Basic technical logs (IP address, request timestamps) for security and abuse prevention.
When we are instructed to preserve, examine or analyse digital evidence, that evidence may contain personal data, and in some cases special-category or criminal-offence data, belonging to you or to third parties. We handle such data strictly under the instructions of the party instructing us, in accordance with UK law and forensic best practice.
How we use personal data
We use personal data to:
- Respond to inquiries submitted through the secure inquiry form or by email.
- Provide, scope and deliver digital forensics services.
- Preserve chain of custody and produce expert reports.
- Manage engagements, invoices and client records.
- Comply with legal, regulatory and court-imposed obligations.
- Protect our systems from unauthorised access or abuse.
Legal bases for processing
We rely on the following lawful bases under the UK GDPR:
- Contract — to take steps at your request before entering a contract, and to perform our engagement with you.
- Legitimate interests — to run our business, respond to inquiries, protect our systems, and pursue or defend legal claims.
- Legal obligation — to comply with tax, accounting, anti-money-laundering, and court orders.
- Consent — where you have expressly agreed, for example to marketing communications you may withdraw at any time.
- Substantial public interest / legal claims — where we process special-category or criminal-offence data as part of forensic evidence in legal proceedings.
Evidence and case material
Digital evidence is handled under documented forensic procedures. Original exhibits are hashed on receipt, working copies are used for examination, and access is restricted to the examiners assigned to the matter. Case material is retained only for as long as necessary for the engagement and for any anticipated appeal window, unless a longer period is required by law or agreed with the instructing party.
Who we share data with
We only share personal data where necessary and lawful, including with:
- The party who instructed us and their nominated representatives (for example, counsel).
- Courts, tribunals and regulators where required.
- Vetted service providers (secure email, hosting, invoicing) bound by contractual confidentiality.
- Law enforcement where legally compelled to do so.
We do not sell personal data and we do not use case material for marketing.
Retention
Inquiry correspondence is retained for up to 24 months from last contact unless it becomes part of an active engagement. Client and accounting records are retained for a minimum of six years after the end of the engagement, consistent with HMRC guidance. Case exhibits and working copies are retained for the period agreed with the instructing party, after which they are securely destroyed.
Security
We apply organisational and technical measures appropriate to the sensitivity of the data we handle, including access controls, encryption of data at rest and in transit, physical security of premises where evidence is stored, and audited chain-of-custody records.
Your rights
Subject to the exemptions in the UK GDPR and Data Protection Act 2018, you have the right to request access to, correction of, or deletion of your personal data; to object to or restrict processing; and to portability of data you have provided to us. Where processing is based on consent, you may withdraw that consent at any time. To exercise these rights, email info@cflab.uk.
You also have the right to complain to the Information Commissioner's Office at ico.org.uk. We would ask you to contact us first so we can try to resolve any concern.
Cookies and analytics
cflab.uk uses only strictly necessary cookies required for the site to function. We do not run third-party advertising trackers. Basic server logs (IP address, user-agent, timestamps) are collected for security and diagnostics and are not used to build behavioural profiles.
Submitted property retention
Any unclaimed physical property submitted to Computer Forensics Lab (also T/A Data Recovery Lab) for more than 30 days will be securely disposed of or recycled. After that period, Computer Forensics Lab and its representatives shall have no liability to the client or any third party for the loss or absence of the submitted property.
How to contact us
For any privacy question, or to exercise your rights, contact:
We may update this policy from time to time. Material changes will be notified on this page with an updated revision date.
