Privacy Policy

Last updated: April 2026

1. Introduction

Sangnoir Risk Management ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website (sangnoir.co.uk) or interact with our services.

We are a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our obligations under data protection legislation seriously and handle all personal data in accordance with applicable law.

2. Data We Collect

We may collect the following categories of personal data:

2.1 Information You Provide

  • Contact form submissions: first name, last name, email address, phone number, location, service of interest, and any additional information included in your message
  • Mailing list subscriptions: email address
  • Any correspondence you send to us directly via email or telephone

2.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, referring website
  • Usage data: pages visited, time spent on pages, navigation paths
  • Cookie data: as described in Section 7 below

3. How We Use Your Data

We process your personal data for the following purposes:

  • To respond to your enquiries and provide information about our services
  • To send you updates via our mailing list, where you have consented to receive these
  • To improve and maintain our website
  • To comply with legal obligations
  • To protect our legitimate business interests

4. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you submit a contact form enquiry or subscribe to our mailing list, you consent to us processing your data for the stated purpose. You may withdraw consent at any time.
  • Legitimate interests: We may process data where it is necessary for our legitimate interests, such as improving our website and services, provided these interests do not override your rights.
  • Legal obligation: Where processing is necessary to comply with a legal obligation to which we are subject.

5. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected:

  • Contact form enquiries: retained for 24 months from the date of submission, unless you become a client, in which case data is retained in accordance with our client data retention policy
  • Mailing list subscriptions: retained until you unsubscribe or request removal
  • Technical and usage data: retained for 12 months

After the applicable retention period, personal data is securely deleted or anonymised.

6. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete data.
  • Right to erasure: You may request deletion of your personal data in certain circumstances.
  • Right to restrict processing: You may request that we limit how we use your data.
  • Right to data portability: You may request a copy of your data in a structured, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at enquires@sangnoir.co.uk. We will respond within one month of receiving your request.

7. Cookies

Our website uses the following types of cookies:

  • Essential cookies: Required for the website to function correctly. These include cookies that remember your cookie consent preferences.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. You may manage cookies through your browser settings at any time.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures are reviewed and updated regularly to reflect current best practices.

9. Third-Party Sharing

We do not sell, trade, or rent your personal data to third parties. We may share data with:

  • Service providers who assist in operating our website, under appropriate data processing agreements
  • Professional advisors where necessary for legal or regulatory purposes
  • Law enforcement or regulatory authorities where required by law

10. International Transfers

Your personal data is primarily processed within the United Kingdom. Where data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated revision date. We encourage you to review this policy periodically.

12. Contact

For any questions regarding this Privacy Policy or our data practices, contact us at:

Sangnoir Risk Management
Email: enquires@sangnoir.co.uk
Phone: +44 7984 386 017

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled improperly. The ICO can be contacted at ico.org.uk.