Privacy policy

At GRC Group, we recognise the importance of safeguarding your privacy and are committed to maintaining the trust and confidence of our clients, partners, and visitors. Our Privacy Policy outlines how we collect, use, and protect your information in compliance with all applicable data protection laws, including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Scope and Applicability
This Privacy Policy applies to all personal data collected by GRC Group from clients, website visitors, suppliers, and partners in connection with our products, services, and digital platforms. It covers all data processed through our websites, contact forms, events, and communications.

Data Collection and Use
GRC Group collects personal data to provide effective governance, risk, and compliance solutions tailored to the unique needs of businesses. This information may include identifiers such as your name, contact details, company affiliation, and any other information you voluntarily provide when utilising our services or engaging with our digital channels.

In addition, we may collect:

Technical and usage data: including IP address, browser type, device information, and interaction data obtained through cookies or analytics tools.
Marketing and communication preferences: including your opt-in or opt-out selections for newsletters and promotional updates.
We ensure this data is used solely for relevant purposes such as service delivery, client support, regulatory compliance, and improving our offerings. GRC Group does not sell or rent personal data to any third parties.

Consent and Legal Basis
Your personal information is collected and processed based on explicit consent, or where necessary for the performance of a contract, compliance with a legal obligation, or legitimate interests pursued by GRC Group.

We ensure transparency at every stage of data processing, providing clear options to opt in or opt out from communications that are not essential to our service provision. Our practices are continually updated to meet changes in legal obligations and sector-specific standards.

Data Sharing and Third Parties
We may share personal data with trusted third-party service providers who assist in our business operations—such as IT hosting, CRM systems, marketing automation, and analytics tools. These partners process data strictly under our instructions and in accordance with data protection agreements.

If required by law or regulation, we may also disclose information to relevant authorities. All third parties are carefully vetted to ensure compliance with GDPR and equivalent data protection standards.

International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA) or the United Kingdom, GRC Group ensures appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent measures ensuring the protection and integrity of your information.

Data Security and Retention
Ensuring the security of your personal data is paramount to GRC Group. We implement robust technological safeguards alongside administrative measures to prevent unauthorised access, disclosure, alteration, or destruction of your information.

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law—typically for a period of up to seven (7) years following the conclusion of a client relationship, unless a longer retention period is legally required or justified.

Your Rights
Under GDPR regulations, individuals hold specific rights relating to their personal data. These include the right to:

Access information we hold about you;
Request corrections or updates if necessary;
Object to or restrict processing under certain conditions;
Seek erasure (“the right to be forgotten”) where applicable;
Request data portability in a structured, commonly used format.
To exercise any of these rights or inquire about our privacy practices, please contact us at:
Email: [email protected]
If you are dissatisfied with our handling of your personal data, you have the right to lodge a complaint with your local data protection authority. In the United Kingdom, this is the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Children’s Privacy
Our services are intended for professional and business use and are not directed toward individuals under 18 years of age. GRC Group does not knowingly collect or process personal data from children.

Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance user experience, analyse traffic, and tailor content. For detailed information on the types of cookies used, their purpose, and how to manage your preferences, please refer to our Cookies Policy section.

Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in legal requirements, industry practices, or company operations. The most recent version will always be available on our website and will indicate the date of the latest revision.

Commitment to Privacy and Trust
GRC Group is dedicated to fostering a secure environment for your fintech endeavors while adhering steadfastly to privacy standards that respect individual autonomy and corporate integrity. We remain committed to transparency, accountability, and the responsible management of personal data.