Privacy Policy

Who we are

DS Risk Group (“we”, “us” or “our”) provides documentation, risk, compliance and investigation support services.

Data controller: DS Risk Group

What this policy covers

This policy applies to personal data collected through our website, contact forms, email correspondence, service enquiries, client onboarding, service delivery and related business administration.

The personal data we collect

We may collect and process the following categories of personal data:

• Name
• Email address
• Telephone number
• Company or organisation name
• Job title or role, where provided
• Enquiry details, messages, uploaded documents and attachments
• Billing, quotation and transaction information, where applicable
• Records of communications with you
• Technical website data such as IP address, browser type and usage data, where collected by our website or service providers

How we collect personal data

• Directly from you when you complete a contact form or email us
• When you request a quote or submit documents for review
• During client onboarding and service delivery
• Through routine website and server logs
• From third-party providers we use to operate the website or handle enquiries, where applicable

How we use personal data

• Respond to enquiries
• Provide quotations and proposals
• Deliver our services
• Review documents or information you submit
• Manage client relationships and communications
• Maintain internal records and business administration
• Improve website performance and security
• Comply with legal, regulatory and tax obligations
• Establish, exercise or defend legal claims where necessary

Our lawful bases for processing

• Legitimate interests – to operate and develop our business, respond to enquiries, manage communications and provide services efficiently
• Contract – where processing is necessary to take steps at your request before entering into a contract, or to perform a contract with you
• Legal obligation – where we must process personal data to comply with applicable laws or regulations
• Consent – where we rely on your consent for a specific activity; if we do so, you may withdraw that consent at any time

Special category or sensitive information

We do not intentionally request special category personal data through the website contact form. If you send sensitive information to us, you are responsible for ensuring it is appropriate to do so.

Where sensitive information is processed as part of service delivery, we will only process it where a valid lawful basis and any additional condition required by applicable data protection law applies.

Who we share personal data with

We may share personal data with trusted service providers where necessary, including providers involved in:

• Website hosting
• Form handling and email delivery
• Cloud storage or document management
• Accounting, invoicing or payment processing
• Professional advisers such as legal, tax or insurance advisers

We may also disclose personal data where required by law, regulation, court order, law enforcement request, or where necessary to protect our legal rights.

International transfers

Some of our service providers may process personal data outside the United Kingdom. Where this happens, we will take reasonable steps to ensure appropriate safeguards are in place in accordance with applicable data protection law.

Data retention

We keep personal data only for as long as reasonably necessary for the purposes set out in this policy, including to respond to enquiries, deliver services, maintain records, comply with legal obligations and resolve disputes.

Retention periods may vary depending on the nature of the information and the purpose for which it was collected. Where no longer required, personal data will be securely deleted or anonymised where appropriate.

Data security

We take reasonable technical and organisational measures to protect personal data against accidental or unlawful loss, destruction, misuse, unauthorised access, alteration or disclosure.

However, no method of internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

Your rights

Subject to applicable law, you may have the right to:

• Request access to your personal data
• Request correction of inaccurate or incomplete personal data
• Request erasure of your personal data
• Request restriction of processing
• Object to processing carried out on the basis of legitimate interests
• Request transfer of your personal data in certain circumstances
• Withdraw consent where we rely on consent
• Lodge a complaint with the Information Commissioner’s Office (ICO)

How to exercise your rights

If you wish to exercise any of your rights or have any questions about this policy, please contact us at info@dsriskgroup.co.uk.

We may need to verify your identity before responding to certain requests.

Complaints

If you are unhappy with how we handle your personal data, we would appreciate the opportunity to address your concerns first.

You also have the right to complain to the Information Commissioner’s Office (ICO) in the UK. You can find more information at ico.org.uk.

Third-party websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices, content or security of third-party sites.

Cookies and similar technologies

Our website may use cookies or similar technologies for essential website operation, performance, analytics or security purposes.

Where required, further information will be provided in a separate cookie notice, cookie banner, or related website notice.

Children’s data

Our website and services are not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so that we can take appropriate steps.

Changes to this policy

We may update this privacy policy from time to time. Any updated version will be posted on this page with a revised “Last updated” date.