Privacy Policy

Last updated: 1 January 2022

This privacy policy applies between you, the User of this Website and Cyber Risk Management Group Limited, the owner and provider of this Website. Cyber Risk Management Group Limited takes the privacy of your information very seriously. This privacy policy applies to our use of any and all Data collected by us or provided by you in relation to your use of the Website. Please read this privacy policy carefully.

DEFINITIONS AND INTERPRETATION
1. In this privacy policy, the following definitions are used:

Data
Collectively all information that you submit to Cyber Risk Management Group Limited via the Website. This definition incorporates, where applicable, the definitions provided in the Data Protection Act 2018 and the EU GDPR;

Cookies
A small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause below (Cookies);
Cyber Risk Management Group Limited, or us
Cyber Risk Management Group Limited, a company incorporated in England and Wales with registered number 11141209 whose registered office is at 207 Regent St, London, W1B 3HH;

UK and EU Cookie Law
The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;

User or you
Any third party that accesses the Website and is not either (i) employed by Cyber Risk Management Group Limited and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Cyber Risk Management Group Limited and accessing the Website in connection with the provision of such services; and

Website
The website that you are currently using, www.trustedriskadviser.co.uk / .com, and any sub-domains of this site unless expressly excluded by their own terms and conditions.
2. In this privacy policy, unless the context requires a different interpretation:
a. the singular includes the plural and vice versa;
b. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this privacy policy;
c. a reference to a person includes firms, companies, government entities, trusts and partnerships;
d. “including” is understood to mean “including without limitation”;
e. reference to any statutory provision includes any modification or amendment of it;
f. the headings and sub-headings do not form part of this privacy policy.

SCOPE OF THIS PRIVACY POLICY
3. This privacy policy applies only to the actions of Cyber Risk Management Group Limited and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.

DATA COLLECTED
4. We may collect the following Data, which includes personal Data, from you:
a. Name
b. Job Title;
c. Contact Information such as email addresses and telephone numbers;
d. in each case, in accordance with this privacy policy.

OUR USE OF DATA
5. For purposes of the Data Protection Act 2018 and EU GDPR, Cyber Risk Management Group Limited is the “data controller”.
6. We will retain any Data you submit for as long as we deem it necessary to provide you with the services or information as described in this Privacy Policy or until you request that we stop.
7. Unless we are obliged or permitted by law to do so, and subject to any third party disclosures specifically set out in this policy, your Data will not be disclosed to third parties. This includes our affiliates and / or other companies within our group.
8. All personal Data is stored securely in accordance with the principles of the Data Protection Act 2018. For more details on security see the clause below (Security).
9. Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:
a. transmission by email of promotional materials that may be of interest to you;
b. To contact you with information about our services;
in each case, in accordance with this privacy policy;
c. To respond to enquiries you have made to us either on our website, at an event or over the phone.

THIRD PARTY WEBSITES AND SERVICES
10. Cyber Risk Management Group Limited may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. The providers of such services do not have permission to access any personal Data provided by Users of this Website other than for the reasons for which it is collected.

LINKS TO OTHER WEBSITES
11. This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.

CHANGES OF BUSINESS OWNERSHIP AND CONTROL
12. Cyber Risk Management Group Limited may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Cyber Risk Management Group Limited. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.
13. We may also disclose Data to a prospective purchaser of our business or any part of it under an agreement that your data is protected in accordance with the terms of this Privacy Policy.

CONTROLLING USE OF YOUR DATA
14. Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
15. use of Data for direct marketing purposes; and
16. sharing Data with third parties.

FUNCTIONALITY OF THE WEBSITE
17. To use all features and functions available on the Website, you may be required to submit certain Data.
18. You may restrict your internet browser’s use of Cookies. For more information see the clause below (Cookies).

ACCESSING YOUR OWN DATA
19. You have the right to ask for a copy of any of your personal Data held by Cyber Risk Management Group Limited (where such Data is held).

SECURITY
20. Data security is of great importance to Cyber Risk Management Group Limited and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.
21. If password access is required for certain parts of the Website, you are responsible for keeping this password confidential.
22. We shall protect your personal Data in line with the UK Data Protection Act 2018 to the best of our ability. Transmission of information over the internet is not entirely secure and is done at your own risk. We use best practice security and encryption to protect the data you send to our website, however this is not a guarantee of security of your Data transmitted to the Website.

COOKIES
23. This Website may place and access certain Cookies on your computer. Cyber Risk Management Group Limited uses Cookies to improve your experience of using the Website. Cyber Risk Management Group Limited has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.
24. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.
25. Before the Website places Cookies on your computer, you will be presented with a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling Cyber Risk Management Group Limited to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.
26. This Website may place the following Cookies:
a) Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
b) Functionality cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
27. You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.
28. You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
29. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

GENERAL
30. You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.
31. If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.
32. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
33. This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

CHANGES TO THIS PRIVACY POLICY
34. Cyber Risk Management Group Limited reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations. You may contact Cyber Risk Management Group Limited by email at [email protected]

Meet Our Leadership Team.

At CRMG, our senior leadership team brings a rich history and deep expertise in cyber security. Spearheaded by consultants who are influential figures in the industry, our leaders are highly networked and well-established, with backgrounds in the ‘Big- Four’ firms.

LEARN MORE

Simon Rycroft

CO-FOUNDER AND CEO

Former Head of Consulting at the ISF. On a journey to bring accessible risk management to growing enterprises.

Nick Frost

CO-FOUNDER AND CHIEF PRODUCT OFFICER

Former Group Head of Information Risk, PwC. Motivated by the need to implement cyber risk principles for the real world!

Dan Rycroft

DELIVERY DIRECTOR

Former Head of Delivery, Cyber Security at DXC. Delivers risk-based cyber security programmes with maximum efficiency.

Matt Brett

DELIVERY LEAD – CYBER RISK SOLUTIONS

Former Portfolio Director, Tech Security & Risk, GSK. Specialises in implementing efficient, pragmatic cyber risk solutions.

Martin Tully

DELIVERY LEAD – GOVERNANCE AND COMPLIANCE

Twenty years’ experience in delivering fit-for-purpose cyber governance initiatives.

Louis Head

CONSULTANT – GOVERNANCE AND COMPLIANCE

An expert in everything ISMS-related, and how compliance works in practice.

Guy Asch

COMMERCIAL DIRECTOR

A seasoned Commercial Director, driving P&L business leadership through innovative strategies.

Ryan Hides

DELIVERY LEAD – THIRD PARTY RISK MANAGEMENT

Project Management and Six Sigma expertise. Specialises in turning effective third party risk management into a scalable reality.

Sarrah Ahmed

HEAD OF MARKETING

Bringing over 17+ years of marketing expertise, passionate about crafting innovative marketing campaigns.