Solace Global Risk Ltd, a Global Guardian company

Privacy Policy: Solace Global Risk

1. Introduction

Solace Global Risk Ltd, a Global Guardian company, is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Solace Global Risk Ltd is a company registered in the United Kingdom and acts as the data controller in respect of personal data processed through our UK business operations.

As part of the Global Guardian group of companies, certain services and operational support functions may be provided at group level.

If you have any questions about this policy or how we handle your personal data, please contact us using the details provided at the end of this document.

2. The Personal Data We Collect

We may collect and process the following categories of personal data:

Contact information (such as name, job title, organisation, email address and telephone number)
Client and contractual information
Financial and billing information
Correspondence and communications
Website usage data (including IP address, browser type and analytics information)
Marketing preferences

We do not intentionally collect special category data unless it is necessary for the provision of our services and appropriate safeguards are in place.

This may include user interaction data such as page views, clicks, scrolling behaviour, navigation paths and session-level activity collected through analytics or session replay technologies, where consent has been provided.

3. How We Collect Personal Data

We collect personal data:

Directly from you when you contact us or engage our services
Through contractual relationships with organisations
During the provision of our services
From publicly available sources where appropriate
Through cookies and analytics tools when you use our website

This may include session recording or session replay technologies that capture information about how users interact with website pages and features, subject to your consent for non-essential cookies.

4. How We Use Personal Data

We use personal data for the following purposes:

To provide and manage our services
To administer contracts and client accounts
To communicate with clients, suppliers and partners
To manage billing and payments
To improve our website and services including analysing aggregated user interaction patterns, page engagement and usability metrics to enhance website performance and user experience.
To comply with legal and regulatory obligations
To protect our business, systems and personnel

We will only process personal data where we have a lawful basis to do so.

5. Lawful Bases for Processing

We rely on one or more of the following lawful bases:

Performance of a contract
Legitimate interests (provided those interests are not overridden by your rights)
Compliance with legal obligations
Consent (where required)

Where we rely on legitimate interests, we undertake an assessment to ensure that processing is necessary and proportionate.

We may share personal data with:

Other companies within the Global Guardian group
Professional advisers (including legal, audit and insurance providers)
IT service providers and cloud hosting providers
Software providers supporting our business systems including website analytics and session replay providers engaged to support website optimisation and performance monitoring
Regulators or public authorities where required by law

Group company access is limited to what is necessary for operational, oversight, administrative or support purposes.

All third parties are required to process personal data securely and in accordance with data protection law.

7. International Transfers

As part of operating within an international group, personal data may be accessed by group companies or service providers located outside the United Kingdom.

Access to personal data from outside the UK, including remote system access, constitutes a restricted transfer under UK data protection law.

Where personal data is transferred outside the UK, Solace Global Risk Ltd ensures appropriate safeguards are implemented in accordance with Article 46 UK GDPR. These safeguards may include:

The UK International Data Transfer Agreement (IDTA)
The UK Addendum to the European Commission’s Standard Contractual Clauses
The UK Extension to the EU–US Data Privacy Framework, where the recipient organisation maintains a valid certification

We assess international transfers on a case-by-case basis and, where required, conduct a transfer risk assessment to ensure that personal data continues to receive protection equivalent to UK GDPR standards.

Further information regarding the safeguards applied to international transfers can be obtained by contacting us.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage.

These measures include:

Access controls and user authentication
Role-based permissions
Secure network configurations
Regular review of user access rights
Defined onboarding and off-boarding procedures

Access to personal data is restricted to individuals who have a legitimate business need.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, contractual and reporting requirements.

Retention periods are determined based on:

Legal obligations
Regulatory requirements
Business necessity
Limitation periods

When personal data is no longer required, it is securely deleted or anonymised.

10. Your Rights

Under UK GDPR, you have the right to:

Access your personal data
Request correction of inaccurate or incomplete data
Request erasure of personal data (where applicable)
Object to processing
Request restriction of processing
Request transfer of your personal data
Withdraw consent where processing is based on consent

To exercise your rights, please contact us using the details below.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

11. Cookies

This may include analytics tools and session replay technologies that collect information about how users navigate and interact with our website, such as mouse movements, scrolling activity, clicks and page transitions. These technologies help us understand user behaviour in order to improve website usability, performance and security.

Session replay technologies are configured to minimise data collection and are designed to avoid capturing sensitive information entered into form fields. Where such technologies are used, we implement appropriate technical measures to mask or block unnecessary personal data.

Non-essential cookies and tracking technologies are deployed only where you have provided your consent via our cookie banner. You may withdraw or amend your consent preferences at any time.

12. Cookies

We may update this Privacy Policy from time to time. Updates will be published on our website and take effect from the date of publication.

13. Contact Details

Solace Global Risk Ltd, Twin Sails House, West Quay, Road Poole, BH15 1JF

If you wish to contact us about your personal data or exercise any of the rights described above please contact us: admin@solaceglobal.com or write to CISO, Solace Global Limited, Twin Sails House, West Quay Road, Poole BH15 1JF.

If you are in the European Union, you may address privacy-related inquiries to our EU representative pursuant to Article 27 EU GDPR: 

EU-REP.Global GmbH
www.eu-rep.global
Attn: Solace Global Risk Ltd.
Hopfenstr. 1d, 24114 Kiel, Germany
solaceglobal@eu-rep.global