Privacy Policy

1. About Us

Sunil Risk Advisory provides independent cyber risk advisory services to businesses in the United Kingdom.

Contact: support@sunilriskadvisory.com
Website: sunilriskadvisory.com

2. Information We Collect

We collect only the information necessary to deliver our services:

• Name and business email address
• Company name
• Responses to our Cyber Risk Snapshot questionnaire
• Information shared during advisory calls or follow-up communications

3. How We Collect Information

We collect information when you:

• Complete a purchase through our website
• Submit the Cyber Risk Snapshot questionnaire
• Contact us via our website contact form
• Communicate with us by email

4. How We Use Your Information

Your information is used to:

• Process your purchase and deliver the Cyber Risk Snapshot service
• Send you access links to complete your questionnaire
• Review your questionnaire responses in preparation for advisory calls
• Provide written summaries and follow-up communications
• Respond to enquiries submitted through our contact form

We do not sell, rent, or share your personal data for marketing purposes.

5. Payment Processing

Payments are processed securely by Stripe. We do not collect, process, or store payment card details, banking information, or payment credentials. All payment data is handled directly by Stripe in accordance with their privacy policy and PCI-DSS security standards.

6. Email Communications

We use Resend to deliver transactional emails, including:

• Questionnaire access links
• Purchase confirmations
• Service-related communications

Resend processes email delivery on our behalf and does not use your data for marketing purposes.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Secure, time-limited access links
• Industry-standard security practices across our website

8. Cookies

Our website uses essential cookies only:

We do not use advertising, analytics, or tracking cookies.

9. International Data Transfers

Some of our service providers (Stripe and Resend) are based in the United States. Where personal data is transferred outside the UK, these providers maintain appropriate safeguards including Standard Contractual Clauses and certification under relevant data protection frameworks.

10. Legal Basis for Processing

Under UK GDPR, we process personal data on the following lawful bases:

• Contract: To deliver the service you have purchased
• Legitimate interests: To communicate with you and provide advisory services
• Legal obligation: To maintain records for accounting and regulatory purposes

11. Data Retention

We retain personal data only as long as necessary to:

• Deliver the agreed service
• Maintain professional and accounting records
• Meet legal or regulatory obligations

Questionnaire data is reviewed periodically and deleted when no longer required for the above purposes.

12. Your Rights

Under UK data protection law, you have the right to:

• Access your personal data
• Request correction of inaccurate information
• Request deletion of your data
• Object to or restrict processing
• Request data portability (where applicable)
• Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, contact us at support@sunilriskadvisory.com.

You can also contact the ICO directly at ico.org.uk or by telephone on 0303 123 1113.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on our website with the date of last update shown above.