Privacy Policy

Last updated: November 2025.  

This Privacy Policy explains how Agentic Risk Ltd (“Agentic Risks”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit www.agenticrisks.com, contact us, take part in our consultations, download resources, or sign up for updates. 

We are committed to protecting your privacy and handling all personal data transparently, lawfully, and securely. 

1. Who We Are 

Agentic Risk Ltd 

Registered in the United Kingdom. 

Registered office: 86-90 Paul Street, London, EC2A 4NE.  

Email: contact@agenticrisks.com 

We act as the “data controller” for the personal data described in this policy. 

If you are based in the EU/EEA, we may appoint an EU representative as required under GDPR. Details will be added here if applicable. 

2. Personal Data We Collect 

We collect information you provide directly, information collected automatically through your use of our website, and information you choose to submit during consultations or research exercises. 

2.1 Information you provide directly 

  1. Name and contact details (email, phone, organisation, job title). 
  1. Enquiry details submitted via forms. 
  1. Preferences (e.g., newsletter opt-ins). 
  1. Consultation responses, feedback, comments, or survey submissions. 
  1. Information required for event/webinar registration. 
  1. Data provided during research collaborations or framework contributions. 

2.2 Information collected automatically 

  1. IP address and general location. 
  1. Browser type and device information. 
  1. Pages visited, time on page, click behaviour.  
  1. Cookie and tracking data (see our Cookie Policy). [link to Cookie Policy] 
  1. Technical logs to ensure security and performance.  

2.3 Special category data 

We do not intentionally collect sensitive data. If you include such information voluntarily (e.g., in a free-text consultation response), we will process it only as necessary and delete or anonymise it where possible. 

3. How We Use Your Data 

We use your personal data for the following purposes: 

  1. Responding to your enquiries. 
  1. Sending updates, newsletters, and resources (if you opt in). 
  1. Managing participation in consultations and research activities. 
  1. Improving our website, services, and user experience. 
  1. Understanding how people engage with our content. 
  1. Maintaining security, detecting fraud, and ensuring platform stability. 
  1. Managing partnerships, collaborations, and licensing discussions. 
  1. Fulfilling legal or regulatory obligations. 

We do not sell personal data. 

4. Legal Bases for Processing 

We process personal data only when a lawful basis applies under UK GDPR / EU GDPR. 

  1. Consent – e.g., newsletter subscription, cookie consent 
  1. Contract – where processing is needed to respond to enquiries or deliver requested content 
  1. Legitimate interests – e.g., website analytics, improving services, running consultations 
  1. Legal obligations – e.g., responding to regulatory or statutory requests 

Where we rely on legitimate interests, we ensure they are balanced against your privacy rights. 

5. Marketing Communications 

We send marketing or update emails only if: 

  1. you have explicitly opted in, or 
  1. we have a legitimate interest and you have not opted out. 

You can unsubscribe at any time by clicking “unsubscribe” in any email or contacting us directly. 

6. Cookies and Tracking Technologies 

We use cookies and similar technologies to: 

  1. operate the website. 
  1. understand traffic and usage. 
  1. improve performance. 
  1. personalise content (where applicable). 

Non-essential cookies are used only with your consent. 

For more detail, please see our Cookie Policy. [link to Cookie Policy] 

7. Data Sharing and Third-Party Processors 

We only share data when necessary and with organisations that meet GDPR standards. 

These may include: 

  1. Email marketing platforms. 
  1. Website hosting providers. 
  1. Analytics services. 
  1. Consultation and survey tools. 
  1. Cloud storage providers. 
  1. Event/webinar management tools. 
  1. Security and performance services. 

All third-party providers are bound by data-processing agreements and cannot use your data for their own purposes. 

8. International Transfers 

If your data is transferred outside the UK/EEA (e.g., to US-based cloud or analytics tools), we use lawful safeguards such as: 

  1. Standard Contractual Clauses (SCCs). 
  1. Adequacy decisions. 
  1. Additional technical and organisational protections. 

We only use providers that meet recognised security standards. 

9. Data Retention 

We retain personal data only for as long as necessary for the purpose it was collected, including: 

  1. Enquiries: up to 24 months. 
  1. Newsletter subscribers: until you unsubscribe or after 24 months of inactivity. 
  1. Consultation responses: duration of the consultation plus up to 3 years for audit and analysis. 
  1. Analytics data: per provider default settings (e.g., 14 months). 

We may retain data for longer if required for legal, regulatory, or dispute-resolution purposes. 

10. Security Measures 

We apply a layered approach to security, including: 

  1. Encryption in transit and at rest. 
  1. Access controls and privilege management. 
  1. Secure cloud architecture. 
  1. Audit logs and monitoring. 
  1. Vendor security assessments. 
  1. Incident response procedures. 

No system is completely secure, but we work continuously to reduce risk. 

11. Automated Decision-Making and AI Tools 

We do not use automated decision-making that produces legal or similarly significant effects. 

We may use trusted AI tools for: 

  1. drafting content, 
  1. analysing consultation themes, and 
  1. improving user experience. 

When we do, we minimise personal data use and avoid sending sensitive information to AI systems. 

You may request that we delete or exclude your data from such processing. 

12. Your Rights 

Under UK GDPR / EU GDPR, you have the right to: 

  1. Access your personal data. 
  1. Correct inaccurate or incomplete data. 
  1. Request deletion. 
  1. Limit or object to processing. 
  1. Withdraw consent. 
  1. Request data portability. 
  1. Lodge a complaint. 

To exercise your rights, contact us at: contact@agenticrisks.com 

If you are in the EU/EEA, you may also contact your local data protection authority. 

In the UK, you can contact the Information Commissioner’s Office (ICO). 

13. Links to Other Websites 

Our website may link to external sites. We are not responsible for their content, privacy practices, or security. Please review their policies before providing personal data. 

14. Changes to This Policy 

We may update this Privacy Policy from time to time. 

The “Last updated” date at the top indicates when the latest version took effect. 

Material changes will be notified on the website. 

Template Agentic Risk Appetite and Adoption Strategy download

Fill in this form and get access to our
Template Agentic Risk Appetite and Adoption Strategy for free

Agentic AI Risk Appetite Statement and Adoption Strategy

Enterprise-Wide Agentic AI Controls Framework

Fill in this form and get access to the whitepaper of the
Enterprise-Wide Agentic AI Controls Framework.

Agentic Workflow Risk Flags

Fill in this form and get access to the pdf with the
Agentic Workflow Risk Flags

pdf links still to be changed

Subscribe to our newsletter

Fill in this form and stay up to date

Get in touch