Enabling our customers to survive and thrive in the digital economy

Privacy Policy

Privacy Policy

Privacy Policy

This privacy statement is effective as of February 12, 2024.

Please note that this privacy statement will be regularly updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.

This page and its sub-pages tell you everything you need to know about how C2 Risk Ltd protect the personal data we process and control relating to you (your personal data) and what rights you have in relation to this. This Privacy Notice informs you about our privacy practices, the personal data we collect, use, disclose and transfer, as well as rights you may have in relation to your personal data. This Privacy Notice is available on the c2risk.com website.

1. How does C2 Risk Ltd protect your personal data?
C2 Risk Ltd recognises your right to privacy and the protection of your personal data. We want you to feel secure that when you deal with C2 Risk Ltd, C2 Risk Ltd protects your personal data in accordance with applicable laws and our data privacy policies. In addition, C2 Risk Ltd maintains appropriate and reasonable technical and organisational measures to protect your personal data against unauthorised or unlawful processing AND/OR against accidental loss, alteration, disclosure, access, or accidental/unlawful damage.

2. Which categories of personal data do we collect and how do we process such personal data?
We collect the personal data of our employees, potential employees, clients, suppliers, business contacts, shareholders and website users. If the data we collect is not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how it will be used. This Privacy Notice applies to all C2 Risk Ltd.’s websites, domains, services, applications and products; except in the case that a privacy policy or statement specific to a C2 Risk Ltd.’s program, product, or service may supersede or supplement this Privacy Notice. When you use our website and applications, we may collect your personal information.

Here are the categories of personal information we collect and how we may use them.

– Information you give us directly: Contact information, account information and other.

– Information as may be relevant (name, email address, name of the organisation you represent, information required to set up customer account, information required to purchase and deliver our products and services, your comments, feedback, enquiries, etc.) in order to:

Enter into agreements with you or your organisation
Provide our products and services
Manage relations with customers
Conduct customer satisfaction surveys
Deliver training and education programs
Address enquiries and complaints

Information we collect automatically: Online activity information (e.g. IP address, device)

ID, visited pages and websites, etc. in order to:
– Enable efficient use of our website and applications
– Enable the delivery of our services to our customers
– Improve user experience and marketing initiatives

Marketing communications: contact information, preferences and online activity information (e.g. name, email address, visited pages and websites, etc.) in order to:
– Provide you with marketing information
– Create and deliver targeted offers
– Interact with you online and offline for promotional purposes (e.g. webinars, events).

We process your personal data as may be necessary to enter and perform agreements with you or your organisation; to pursue our legitimate business interests and comply with laws and regulations. We ask for your consent only if we cannot rely on the above legal basis or if your consent is required by law. You can withdraw your consent at any time by either following the unsubscribe link included in our marketing communications or by sending an email to: [email protected].

3. How we share personal information with third parties
We do not sell, lease or rent personal information. We disclose your personal information in order to provide our services or products or to communicate with you. Here are the types of third parties and why we disclose personal information:

Third party service providers
We engage third party service providers to support our business operations, including the provision of our services or products or communications with you. For instance, we engage public cloud provider(s) to host information submitted as a result of using our services or products. Such third parties process received information under appropriate instructions and only as necessary to support and facilitate use of personal data as described in section 1 of this Privacy Notice. They are contractually required to keep information confidential and secure and shall not use received information for any other purpose than to carry out the service they are performing for us.

Compliance with laws
Except as described in this Privacy Notice, we will not share your personal data with third parties, unless to:
– Respond to a duly authorised information request from a public or governmental authority
– Comply with law, regulations or court orders
– Enforce or protect our rights and properties in line with requirements of applicable law.

Business transfers
In the event we decide to sell, buy, merge or otherwise reorganise our business, we may need to disclose some of your personal data to a prospective or actual purchaser. We will seek appropriate protection of your personal data should such a situation arise.

4. How we keep personal information secure
We take security of personal information seriously. To prevent unauthorised access, prevent unauthorised disclosure, maintain data accuracy and to ensure appropriate use of information we apply reasonable and appropriate physical, technical and administrative safeguards. We and our third-party service providers keep your personal information, if necessary, to provide our service or products or as otherwise necessary, to perform our obligations. For example, we keep your personal information for the duration of any contractual relationship and after the end of that relationship, if necessary, to administer our business, perform our obligations and to protect our business from legal claims.

5. What rights and choices do you have?

At any time, you may change your marketing preferences. You also have the right to the below.
– Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you, and in the cases we do, to obtain information on and a copy of that personal data.
– Request a rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
– Object to the processing of your personal data: this right entitles you to request that C2 Risk Ltd no longer processes your personal data.
– Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
– Request the restriction of the processing of your personal data: this right entitles you to request that C2 Risk Ltd only processes your personal data in limited circumstances, including with your consent.
– Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to C2 Risk Ltd, or request C2 Risk Ltd to transmit such personal data to another data controller.

If you would like to change your marketing preferences or exercise your rights, please contact us by sending an email to: [email protected]

If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to C2 Risk Ltd first to seek the resolution of any complaint. You have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against C2 Risk Ltd with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).

6. How to contact us and updates to this Privacy Notice
If you have any concerns about our privacy practices, please contact us by sending an email to: [email protected]. We will contact you within a reasonable timeframe from receipt of your query and address your concerns and outline options regarding how they may be resolved. If you consider that the processing of your personal data infringes the General Data Protection Regulation, you have a right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO) in the UK.

If we make updates to this Privacy Notice, we will post the revised version with an updated revision date on our websites.

7. How we use cookies (and other tracking technologies)
In addition to the information set out above, this section describes how we use cookies and other tracking technologies. We use cookies to analyse how our users are using the C2 Risk website and services so that we can improve them.

To ensure you have a smooth user experience we identify your session by tracking moves between pages to understand your interests so that we can help you to understand the most relevant services and products we can offer to you. We also collect data that can help us identify and fix any errors or faults. We do not use any third-party tracking cookies and do not give your activities to third parties to use for their own marketing purposes.

8. Do we send targeted e-mails?
We send commercial e-mail to representatives from our clients and other companies with whom we want to develop or maintain a business relationship with, in accordance with applicable marketing laws. Our targeted e-mail messages typically include web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click. When you click a link in a marketing e-mail you receive from C2 Risk Ltd, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or logged into our site. Targeted e-mails from C2 Risk Ltd may include additional privacy information, as required by applicable laws. All actions we take are for the sole benefit of C2 Risk Ltd and our subsidiary businesses, they are not offered to third parties to use for their own purposes.

9. Do we maintain Customer Relationship Management (CRM) databases?
Like most companies, C2 Risk Ltd uses Customer Relationship Management (CRM) database technology to manage and track our marketing efforts. Our CRM databases include personal data belonging to individuals that are either our clients OR other companies with whom we already have a business relationship or want to develop one with.

The personal data used for these purposes includes relevant business information, such as:
– Contact data
– Publicly available information (e.g. board membership, published articles, press releases, your public posts on social media sites if relevant for business purpose)
– Your responses to targeted e-mail (including web activity following links from our emails)
– Website activity of registered users of our website
– Other business information included by C2 Risk Ltd professionals based on their personal interactions with you.

If you wish to be excluded from our CRM databases, please contact us by sending an email to: [email protected]

10. Do we combine and analyse personal data?
We may combine data from publicly available sources, and from our different e-mail, website, and personal interactions with you. This includes information collected across our different websites such as our careers and corporate sites, and information collected when you signup or log on to our sites or connect to our sites using your social media credentials (such as LinkedIn and Xing). We combine this data to better assess your experience with C2 Risk Ltd, and to perform the other activities described throughout our privacy policy.


Personal Data: Data which relates to a living individual who can be identified from that data, AND/OR from other information which is in or is likely to come into our possession. It includes any expression of opinion about the individual and any indication of our intentions towards them.

Processing: Any and every activity performed with respect to personal data throughout its life cycle. This includes:
– Storage of data
– Collection of data
– Recording data on paper or through an electronic form
– Storing data in the cloud
– Storage data on a physical server (internal or external)
– Disclosing data
– Disseminating data online
– Using data for testing purposes
– Amending data
– Updating data
– Correcting data
– Deleting data
– Anonymising data
– Obfuscating data

All of these mentioned above are deemed to be data processing operations and are therefore covered by Data Protection legislation.

Privacy Notice: The information provided to users of our services about how the Company processes their data.

Purposes: The reasons for which the Personal Data was collected and is being Processed by the Company – for example, are we processing it for marketing purposes or for testing purposes?