1. Introduction
Behavioural Risk Intelligence Ltd (“BRI”, “we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website (www.behaviouralri.com) or use our services, including the Behavioural Risk Index®, certification programmes, assessments, and consulting engagements (collectively, the “Services”).
 
2. Who We Are
Behavioural Risk Intelligence Ltd (Company No. 16551073)
Registered Office: 86-90 Paul Street, London, England, EC2A 4NE
Email: connect@behaviouralri.com
Website: www.behaviouralri.com

We act as the Data Controller when processing personal information about clients, partners, certified consultants, and website visitors.
 
3. Information We Collect
 
We may collect and process the following categories of personal data:
A. Information you provide directly:
• Name, job title, and professional contact details
• Company or organisation information
• Login details for platform access
• Payment and billing information
• Correspondence with us, including survey or assessment responses

B. Information collected automatically:
• IP address, browser type, and device information
• Website usage statistics (through cookies and analytics tools)
• Access logs and session data from our secure platforms

C. Information obtained from third parties:
• Referrals from certified partners or introducers
• Publicly available professional data (e.g., LinkedIn)
 
4. How We Use Your Information
We process personal data for the following lawful purposes:

• To deliver and manage access to the Behavioural Risk Index® platform and related services – Contractual necessity
• To communicate with clients, partners, and certified users – Contractual necessity / Legitimate interest
• To issue invoices and manage payments – Legal obligation / Contractual necessity
• To improve our services, analytics, and training quality – Legitimate interest
• To send marketing communications (where consented) – Consent
• To comply with legal and regulatory requirements – Legal obligation

We do not use automated decision-making or profiling that produces legal or similarly significant effects.
 
5. Cookies and Website Analytics
Our website uses cookies to enable secure and efficient operation and to collect anonymous usage data via Google Analytics or equivalent tools. You can manage or disable cookies in your browser settings. For details, see our Cookie Policy.
 
6. Data Sharing and Disclosure
We share personal data only when necessary and lawful, including with:
• Authorised employees, associates, or certified partners bound by confidentiality
• Professional service providers (e.g., hosting, IT, analytics, finance) who act as Data Processors under contract
• When required by law, regulation, or court order
We never sell personal data to third parties.
 
7. International Transfers
Where data may be transferred outside the UK or European Economic Area (EEA), we ensure adequate protection through UK Government-approved adequacy decisions or Standard Contractual Clauses (SCCs).
 
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
• Client and assessment records – up to 7 years after engagement ends
• Certification and partner records – up to 7 years following expiry or withdrawal
• Marketing contact data – until you withdraw consent or unsubscribe
After this period, data is securely deleted or anonymised.
 
9. Data Security
We implement technical and organisational measures to protect data, including encrypted data transmission (TLS/SSL), secure password controls, and restricted access. While no system is entirely secure, we continually review and improve our safeguards.
 
10. Your Rights
Under the UK GDPR, you have the right to:
• Access – request a copy of your data
• Rectification – correct inaccurate or incomplete data
• Erasure – request deletion where lawful
• Restriction of processing – limit certain uses of your data
• Data portability – obtain and reuse your data for your own purposes
• Objection – to processing based on legitimate interests or direct marketing
• Withdraw consent – at any time where processing is based on consent
To exercise these rights, contact connect@behaviouralri.com. We will respond within one month.
 
11. Marketing Communications
You may receive updates or marketing emails from us if you have opted in or have a legitimate business relationship with BRI. You can unsubscribe at any time using the link in our emails or by contacting us directly.
 
12. Third-Party Links
Our website may contain links to other websites. We are not responsible for their privacy practices or content and encourage you to review their privacy policies separately.
 
13. Children’s Data
Our Services are directed to professionals and organisations. We do not knowingly collect or process data from individuals under 18 years of age.
 
14. Changes to This Policy
We may update this Privacy Policy periodically. The latest version will always be posted on our website with the updated date shown above. Continued use of our Services after changes are published signifies acceptance of those changes.
 
15. Contact and Complaints
If you have questions or wish to exercise your rights, contact:
Data Protection Officer
Behavioural Risk Intelligence Ltd
Email: connect@behaviouralri.com
Address: 86-90 Paul Street, London, EC2A 4NE

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk | Tel: 0303 123 1113