Privacy Policy

---

​

Welcome to Data Risk Group LLC’s Privacy Notice which explains how we collect, use, and safeguard your information in compliance with our applicable privacy regulations.

​

*Note: This is called a Privacy "Notice" because it is a notice from us to you as a visitor to our Website. We share this to be transparent with you and share some of our data processing practices (our internal policies and practices) that keep your privacy and rights in mind.

​

Data Types

When you interact with our website and service to purchase a product or subscribe to our blog, we will collect the following:

Business contact information including such as your name, business name, business email address, phone number, and mailing address.You may choose to share your business website and social media profiles. 

Account and payment information such as: 

• Account information: Such as username, password, and preferences. 
• Communications: Such as customer support requests, feedback, and any messages you send us.
• Purchase and order information: Details about products or services you have purchased or ordered from us, including order history.
• Payment information (collected by third party payment processor): including credit card details, billing address, and payment history.

Other information such as: ​

• Usage Data: Such as IP address, browser type, operating system, pages visited, time spent on those pages, and other analytical data.​
• Service Usage Information: Data on how you interact with our services, such as features used, and session durations.
• Marketing and Survey Responses: Such as your responses to surveys, promotions, and marketing campaigns.
• Cookies and Tracking Technologies: Data collected through cookies, web beacons, and similar tracking technologies to improve your experience on our website.
• Third-Party Data: Information from third-party services you connect with our services, such as social media accounts.
• Consent Records: Records of any consents you have given, along with the date and time, and the specific details of the consent.
• Legal and Compliance Information: Such as records of interactions with regulators, legal proceedings, and compliance-related communications.​​

​

Data Risk Group is a US-based company. However, as a global conscious business we strive to collect and use your personal data only when we have a valid reason to do so. For example, under certain data protection laws (for example GDPR in the EU), we may be required to have a specific "legal basis" (or reason) for processing personal data. The specific legal basis we rely on depends on how and why we are using your data.

Below are the most common examples:

• Consent: You have given us clear consent to process your personal data for a specific purpose.
• Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering a contract.
• Legal Obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
• Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

​

We strive to follow global principles and best practices in how we use your data - from the time we collect it, while we store and process it, to when we no longer need it. 

We use your information (listed above) for the intended purpose when we collect it. For example: 

• Business contact information: We use this information to receive contact requests or communications, or to send you communications upon your request (for example by submitting contact form)
• Account and payment information: We use this information to help set up and manage your account, to track purchases made, to provide you with requested resources, products or services. 
• Other information: We may collect other information intended to improve the delivery of our resources, products or services (including access and use of our website), seeking to get your feedback on desired improvements on current or future offerings or features, 

​Related to legal basis examples, we use you information for the following: 

• Personal Information: Necessary for the performance of a contract; Legitimate interests to communicate and provide services
• Payment Information: Necessary for the performance of a contract; Compliance with a legal obligation for financial records
• Usage Data: Legitimate interests to improve and personalize services; Explicit Consent, where required,
• Account Information: Necessary for the performance of a contract; Legitimate interests to manage user accounts
• Contact Information: Explicit Consent for accessing and using contacts) for marketing purposes, or legitimate interest to facilitate necessary business communications
• Communications: Necessary for the performance of a contract; Legitimate interests to improve services
• Marketing and Survey Responses: Explicit Consent (marketing); Legitimate interests to improve products and services
• Third-Party Data: Explicit Consent; Necessary for the performance of a contract (for account integration)
• Cookies and Tracking Technologies: Explicit Consent; Legitimate interests to enhance user experience and analyze usage
• Purchase and Order Information: Necessary for the performance of a contract; Legitimate interests to process orders
• Consent Records: Compliance with a legal obligation; Legitimate interests to document consent
• User Content: Necessary for the performance of a contract
• Legal and Compliance Information: Compliance with a legal obligation; Legitimate interests to manage legal risks and compliance
• Service Usage Information: Legitimate interests (to improve and personalize services); Necessary for the performance of a contract

​

We do not sell any personal data.

Data Risk Group is not a consumer focused business, we are business-to-business (B2B). This means we do not directly offer target our Website, communications or offerings to consumers (including residents of California). However, we recognize and respect your rights over your personal data.

Depending on where you live or where you are located, you may have several rights under various data protection laws, including the right to access, correct, delete, or transfer your personal data, or opt-out of certain processing. See detailed examples with descriptions below, however note that these can vary by law.

Common rights under many laws: 

• Right to Know and Access (“know” or “see” your data): You may have the right to request that we confirm whether we process your personal information, and to request information about our collection and use of your personal information, including whether we sell or share your personal information. You also have the right to request access to personal information we may process about you.
• Right to Request Correction of Inaccurate Personal Information (“fix” your data): o the extent that we may maintain inaccurate personal information, you may have the right to request that we correct such inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
• Right to Request Deletion (“delete” your data): You may have the right to request that we delete certain personal information or records provided by or obtained about you, with certain exceptions and limitations as allowed under law.
• Right to Data Portability (“move” your data): Where the processing is carried out by automated means, and subject to certain exceptions, you may have the right to request and obtain a copy of your personal information that you previously provided to us in a portable format. In addition, to the extent technically feasible, you may have the right to obtain your personal information in a readily usable format that allows you to transmit the personal information to another data controller without hindrance.
• Right to Disclosure of Direct Marketers (“know” what is shared): You may have a right to know the categories and names/addresses of third parties that have received personal information for their direct marketing purposes upon simple request, and free of charge.

You may have rights to opt-out (“stop” data processing”) or restrict:

• Right to Opt Out of the Sale and Sharing of Personal Information: You may have the right to opt out of the processing of your personal information for the purpose of selling or sharing your personal information for cross-context behavioral advertising. We do not sell or share your personal information.
• Right to Opt-Out of the Use of Personal Information for Targeted Advertising and Profiling: You may have the right to opt out of the processing of your personal information for purposes of targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. We do not use your information for targeted advertising or profiling purposes.
• Right to Limit Use and Disclosure of Sensitive Personal Information: You may have the right to request that we limit the ways we use and disclose your sensitive personal information to uses which are necessary for us to perform the Website, or deliver the goods reasonably expected by you, or as authorized by law. Note that sensitive personal information definitions can vary by laws.

Other rights you may have: 

• Right to Non-Discrimination: You may have a right to not be discriminated against in the Website or quality of Website you receive from us for exercising your rights. We will not discriminate against you for exercising any of your rights in this section including denying access to our website or goods, charging different prices or rates for our website or goods, or providing a different level of quality of our website or goods. However, we may offer a different price, rate, level, quality, or selection of goods or our level access to our website, including offering goods or access to our website for no fee, if you have exercised your right to opt-out.
• Right to Appeal: You may have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit an appeal request via the information in the How to Contact Us section below. Within the certain timeframe of receipt of your appeal, as proscribed by the applicable law we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may contact the Attorney General or another authority which we will help you identify.

We take steps to protect your data and keep it secure, including the following:

• Storage and Access: Your data is stored in the US (either directly based on our operations or through the core tools we use to run our business and offer our resources, products or services).  Access to your personal data is limited to authorized employees and is controlled through various security controls. When transfer data across borders in compliance with leading global standards to strive to protect your data even if it leaves your country, following adequate data protection measures and controls and implementing approved contractual provisions or agreements where required (for example as may be required for data transferred from the UK to the US, or the EU to the US under the EU GDPR). 
• Data Retention: We follow leading global principles on data retention with the intent to limit holding your data only for as long as necessary. For example, we retain your personal data as needed while we provide our resources, products and services, and may be required to retain information longer to meet legal obligations under local laws. 
• Data Security & Incident Response: We follow recommended industry standards and global principles for protecting your data and the systems we use to process your data. We also generally try to limit the types and amounts of data to what we really need to reduce the data we process and potential risks. In case of a data breach, where required we will notify affected individuals and relevant authorities as required by the relavant laws in accordance to their requirements. Note that triggers and requirements for notification vary by law (for example by state in the US). 
• Third-Parties & Partners: We share your data with third parties to facilitate our offerings - including our resources, products and services. These third parties include platform features, payment processors, customer relationship management and business management companies. We evaluate our third-party vendors best practices for privacy and security before onboarding and during use. We may share your information with our third party external partners to facilitate your access to their offerings if you request.  

​

Data Risk Group is not a consumer focused business. However, we recognize and respect your rights over your personal data. As noted above, you may have several rights under various data protection laws, including the right to access, correct, delete, or transfer your personal data. In recent years laws are changing more frequently, so be sure to tell us in which state or country you live or are located when you contact us. 

How to Make a Request

If you wish to exercise any of your rights, please follow these steps:

1. Contact Us: Reach out to us via using our below or using our Contact Us form. Please provide as much detail as possible about your request and your relationship with us. 
2. Complete Verification (if necessary): For your security, we may need to verify your identity before proceeding with your request. This is to ensure that personal data is not disclosed to anyone who does not have the right to receive it.
3. Assist with Processing: Once your identity is verified, we will process your request in accordance with applicable data protection laws. We aim to respond to your request within [specify time frame, e.g., one month] of receiving it, or as otherwise required by law.

Examples of Requests

• Access: You can ask for copies of your personal data.
• Correction: You can ask us to correct inaccurate or incomplete data.
• Deletion: You can ask us to delete or remove your data in certain circumstances.
• Objection: You can object to the processing of your data in certain circumstances, such as for direct marketing purposes.
• Portability: You can request that we transfer your data to you or another organization in a structured, commonly used, and machine-readable format.

​Policy Review Process: We review and update our privacy policies and practices for ongoing compliance and protection of personal data.

How to Contact Us

For any questions or concerns regarding your personal data or this Privacy Notice, please submit a query on our website via the chat function or email us at info@datariskgroup.com.

Last updated: November 2025