Privacy Policy

1. Introduction

Acumen Risk Ltd. ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.acumenrisk.com and use our risk management platform services.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and are ISO 27001:2022 certified, ensuring the highest standards of information security management.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and job title
• Company name and address
• Email address and phone number
• IP address and browser information
• Location data (country, region, city)
• Professional information relevant to risk management needs

2.2 Automatically Collected Information

When you visit our website, we automatically collect:

• Device information (type, operating system, browser type)
• Usage data (pages visited, time spent, click patterns)
• Cookies and similar tracking technologies
• Analytics data to improve our services

3. How We Use Your Information

We use your information for the following purposes:

• Providing and maintaining our risk management services
• Responding to inquiries and customer support requests
• Sending relevant security alerts and risk updates
• Improving our platform and developing new features
• Complying with legal obligations and protecting our rights
• Marketing communications (with your consent)
• Analyzing usage patterns to enhance user experience

4. Legal Basis for Processing

We process your personal data based on:

• Contract: To provide our services and fulfill our agreement with you
• Legitimate Interests: To improve our services and protect our business
• Consent: For marketing communications and optional cookies
• Legal Obligations: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your information with:

• Service providers who assist in operating our platform
• Professional advisors (lawyers, accountants, consultants)
• Law enforcement when required by law
• Business partners with your explicit consent

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Security

As an ISO 27001:2022 certified organization, we implement robust security measures including:

• Encryption of data in transit and at rest
• Regular security audits and assessments
• Access controls and authentication protocols
• Employee training on data protection
• Incident response procedures
• Regular backup and disaster recovery systems

7. Data Retention

We retain personal information for as long as necessary to provide our services and comply with legal obligations. Typical retention periods are:

• Customer data: Duration of contract plus 7 years
• Marketing data: Until consent is withdrawn
• Website analytics: 26 months
• Security logs: 12 months

8. Your Rights

Under applicable data protection laws, you have the right to:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data
• Restriction: Request limited processing of your data
• Portability: Receive your data in a portable format
• Object: Object to certain processing activities
• Withdraw Consent: Withdraw previously given consent

9. Cookies

We use cookies to enhance your experience. Types of cookies we use:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand usage patterns
• Marketing Cookies: Used for targeted advertising

You can manage cookie preferences through our cookie consent banner or your browser settings.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Information

For privacy-related inquiries or to exercise your rights, contact us at:

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.