This notice explains how personal information is used when you visit NFRisk.com, request information or make a business enquiry. It is written for the current operating position before a successor corporate entity is formally established.
1. Who is responsible for your information
Draz Ivezic currently operates the NFRisk and DQIntegrity advisory propositions and is the data controller for the personal information described in this notice.
Resolvo Advisory is the intended corporate and commercial umbrella for these propositions. It should not be understood from this website alone as the name of an incorporated limited company. Where a future corporate entity assumes responsibility, this notice will be updated.
Contact: contact@nfrisk.com, London, United Kingdom.
2. Information collected
Depending on how you interact with the site, the following information may be processed:
- Enquiry information: name, professional email, role, organisation, area of interest, contact preference and the message you submit.
- Business correspondence: subsequent emails, meeting notes, documents and other information voluntarily exchanged in relation to a possible or active engagement.
- Security and technical information: a short-lived contact-form session identifier, IP address and limited request information used for security, abuse prevention and delivery. The hosting environment may also generate standard server and email logs.
- Information supplied by third parties: for example, when a professional contact makes an introduction.
The public form is not designed to collect customer records, account information, credentials, investigation material, special-category data or privileged documents. Please do not submit them through the form.
3. Purposes and lawful bases
Personal information is used only where there is a lawful and proportionate reason, including:
- Responding to an enquiry and taking requested pre-contract steps: where processing is necessary to consider or prepare a possible engagement.
- Legitimate business interests: managing professional relationships, arranging meetings, maintaining appropriate business records, protecting the website and email service, and establishing, exercising or defending legal rights.
- Legal obligations: where information must be retained or disclosed to comply with applicable law.
The contact-form acknowledgement is not treated as consent for marketing. NFRisk does not currently operate a general marketing mailing list through this website. Any future optional marketing will use a separate and appropriate process.
5. International processing
Some technology providers may process or support information outside the United Kingdom. Where this occurs, reasonable steps are taken to use providers and transfer arrangements designed to protect the information in accordance with applicable UK data-protection requirements.
6. Retention
The website application does not retain contact-form message content as a separate website database. Enquiries are delivered to the NFRisk business email account.
Initial enquiries may ordinarily be retained for up to 12 months after the last substantive contact. Information may be kept longer where an engagement proceeds, a professional relationship remains active, or retention is reasonably required for contractual, legal, tax, security, record-keeping or dispute purposes. Technical and security records are retained only for the periods needed by the relevant system or provider.
7. Your rights
Depending on the circumstances and lawful basis, you may have rights to request access, correction, erasure, restriction, portability or objection to processing. Where processing is based on consent, you may withdraw that consent without affecting earlier lawful processing.
To make a request, email contact@nfrisk.com. Reasonable information may be requested to verify identity and locate the relevant records.
You also have the right to raise a concern with the UK Information Commissioner's Office. Information is available at ico.org.uk.
You may object to processing based on legitimate interests. The request will be considered against any compelling legitimate grounds or legal reasons requiring continued processing.
9. Security
Proportionate safeguards include encrypted web transport, one-time CSRF tokens, same-origin checks, server-side validation, rate limiting, automated-submission controls, authenticated SMTP delivery and restricted access to configuration files. No internet service is completely secure, so detailed confidential material should be exchanged only through an agreed secure route.
10. Automated decision-making
The website contact process does not use personal information to make automated decisions that produce legal or similarly significant effects.
11. External links
The site may link to external websites or downloadable resources. Their operators control their own privacy practices, and you should review the information they provide.
12. Changes and contact
This notice may be updated to reflect changes in the website, providers, operating structure or legal requirements. The current version and effective date will remain available on this page.
Questions or rights requests should be sent to contact@nfrisk.com.