This website is operated by Vrinik Solutions (trading as Vrinik Advisory), a boutique cybersecurity advisory firm specialising in security leadership, compliance, and risk for growth-stage businesses. Vrinik Solutions is responsible for the personal data collected through this website.
This is an informational website. We do not operate user accounts, offer subscription services, or conduct e-commerce. The personal data we collect is limited to what is provided voluntarily through contact interactions and what is collected automatically through standard website analytics.
| Data type | How collected | Examples |
|---|---|---|
| Contact information | Submitted voluntarily via the contact form or by email | Name, email address, organisation name, phone number (if provided), message content |
| Correspondence data | Email exchanges following an initial enquiry | Email address, name, message content |
| Usage and analytics data | Automatically collected when you visit the website | Pages visited, time on site, browser type, device type, approximate location (country/city), referring URL |
| Cookie data | May be set by the website or by analytics tools, if in use | Session identifiers, analytics cookies (if analytics is active) — see Section 4 |
We do not collect sensitive personal data (such as financial information, health data, or government identification numbers) through this website. We do not knowingly collect personal data from individuals under the age of 18.
We use the personal data collected through this website for the following purposes:
| Purpose | Data used | Basis |
|---|---|---|
| Responding to enquiries Replying to contact form submissions and email enquiries |
Name, email, message content | Legitimate interest in responding to business enquiries |
| Business communication Corresponding with prospective and existing clients |
Name, email, correspondence content | Legitimate interest; contract performance where a client relationship exists |
| Website improvement Understanding how visitors use the site to improve content and navigation |
Analytics and usage data | Legitimate interest; consent where required by applicable cookie law |
| Service information Sharing relevant information about services where you have expressed interest |
Name, email | Legitimate interest in following up on a specific service enquiry |
We do not use personal data collected through this website for automated decision-making, profiling, or any purpose unrelated to the enquiry or service relationship. We do not sell personal data to third parties.
This website may use cookies — small text files placed on your device — and analytics tools to understand how visitors use the site. The following types of cookies may be set:
You can control cookie settings through your browser. Most browsers allow you to view, refuse, or delete cookies — consult your browser's help documentation for instructions. Disabling cookies may affect the operation of certain features on this website.
We do not use advertising cookies, tracking pixels for retargeting, or any cookies that identify you personally without your consent.
We do not sell, rent, or trade personal data. We may share personal data with a limited number of service providers that help us operate this website and manage business correspondence. Where we share data with third parties, we do so only to the extent necessary for the specified purpose.
We may disclose personal data if required to do so by law, regulation, or a valid legal process — including requests from competent authorities under applicable data protection legislation. We will notify you of such requests where we are legally permitted to do so.
We select service providers who are committed to handling personal data responsibly and in accordance with applicable law. We do not transfer personal data internationally except where necessary for the services listed above and where appropriate safeguards are in place.
We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable law. Our general retention approach is as follows:
| Data type | Retention period | Reason |
|---|---|---|
| Enquiry correspondence (no engagement) | 12 months from last contact | To manage the enquiry and maintain a reasonable record of interest — covers contact form submissions and any follow-up emails where no engagement resulted |
| Client correspondence and records | Duration of the client relationship plus 3 years | To support the engagement and meet reasonable business record-keeping requirements — covers all email and written correspondence during and after an engagement |
| Analytics data | As configured in the analytics tool | To understand website performance over time |
When personal data is no longer required, we delete or anonymise it. If you wish to request earlier deletion, please see your rights in Section 8.
We take the security of personal data seriously — it would be inconsistent with the nature of our advisory work to do otherwise. The technical and organisational measures we apply to protect personal data collected through this website include:
No method of transmission or storage over the internet is completely secure. While we apply reasonable measures to protect your personal data, we cannot guarantee absolute security. If you believe your personal data has been affected by a security incident, please contact us immediately using the details in Section 10.
You have the following rights regarding your personal data. We are committed to honouring these rights and will respond to valid requests promptly.
You have the right to obtain confirmation of whether we hold personal data about you and, if so, to receive a summary of what data is held and how it has been used.
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. We will act on reasonable correction requests promptly.
You have the right to request deletion of your personal data, subject to any legal obligations we may have to retain certain records. We will act on valid erasure requests within a reasonable timeframe.
Where we process personal data on the basis of your consent, such as where cookies require it, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
You have the right to raise a complaint about how we handle your personal data. We will acknowledge and respond to all complaints promptly.
To exercise any of these rights, please contact us using the details in Section 10. We may need to verify your identity before acting on a request. We will not charge a fee for reasonable requests. If we are unable to fulfil a request, we will explain why.
If you are not satisfied with our response, you are entitled to escalate your complaint to the relevant data protection authority in your jurisdiction.
We may update this privacy policy from time to time — to reflect changes in how we operate the website, changes in applicable law, or improvements to how we describe our practices. The "Last updated" date at the top of this page will reflect the most recent revision.
Where changes are material, we will take reasonable steps to make those changes visible — for example, by noting them on the website or, where appropriate, by contacting individuals whose data may be affected.
We recommend reviewing this policy periodically.
For any questions about this privacy policy, to exercise your rights about your personal data, or to raise a grievance about how your personal data has been handled, please contact us using the details below. We aim to respond to all enquiries within five business days and to formal requests within a reasonable timeframe as required by applicable law.
When contacting us to exercise a data right or raise a grievance, please include your name, the email address through which you contacted us, and a clear description of your request. This will help us locate your data and respond efficiently.