Privacy Policy | Resonance Risk

Privacy Policy – Resonance Risk Pty Ltd

Last updated 1 August 2025 – Sydney, Australia

Introduction

Resonance Risk Pty Ltd (“Resonance Risk”, “we”, “our”, “us”) respects your privacy and is committed to protecting the personal information you provide through www.resonancerisk.com (the “Site”). This policy explains what data we collect, how we use it, and the choices you have. It is drafted to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we process data from the European Economic Area or United Kingdom, it also reflects the General Data Protection Regulation (GDPR)

What we collect

Category Examples Collected when…

Contact details name, business email, you complete our “Contact”

phone, organisation form or correspond with us

Professional information job title, industry vertical, voluntarily provided in the
procurement interests message box or during scheduling

Usage data pages viewed, time on collected automatically via

Site, referring URL cookies and analytics scripts

Technical data IP address, browser type, logged by our web host and

device ID security firewall

How and why we use your data

Purpose

Respond to enquiries and schedule consultations

Send thought-leadership updates you request

Improve Site performance and security (analytics, error logs)

Maintain internal records, comply with law, manage risk

Legal basis*

APP 3.3 (necessary for our functions); GDPR Art 6 (1)(b) (pre-contract)

Consent – unsubscribe any time

Legitimate interests in operating a safe, effective website

Legal obligations; legitimate interests

Disclosures & third-party service providers

We share data only when necessary:

Cloud hosting & email – Amazon Web Services (Sydney) and Microsoft 365.
Website analytics – Google Analytics 4 (IP anonymisation enabled).
Form processing – Formspree or a similar secure gateway.

Providers are bound by contractual clauses requiring confidentiality, appropriate security, and (for international transfers) GDPR-standard safeguards.

We do not sell or rent personal information.

Cookies & similar technologies

The Site uses first-party and limited third-party cookies for:

Essential operations – page navigation, load balancing;
Analytics – anonymised visitor metrics.

You can control cookies through browser settings or by declining the banner on first visit. Disabling cookies may affect Site functionality.

Data security & retention

Encryption in transit (HTTPS/TLS) and at rest (AES-256 for cloud storage).
Role-based access controls and audit logging.
We retain enquiry records for up to 24 months unless a client relationship is formed, in which case records may be held for statutory periods (e.g., 7 years for financial records).

Your rights

Depending on your jurisdiction, you may:

access, correct, or delete the personal information we hold;
object to or restrict certain processing;
withdraw consent at any time (e.g., unsubscribe links).

To exercise these rights, contact us using the details below. We may need to verify your identity before actioning requests.

International transfers

If we transfer personal information outside Australia (e.g., to EU or US-based processors), we ensure equivalent privacy protections either through adequacy decisions or standard contractual clauses.

Contact

RE: Privacy Officer
Resonance Risk Pty Ltd contact@resonancerisk.com

Changes to this policy

We may update this Privacy Policy periodically. Material changes will be highlighted on the Site and, where appropriate, notified by email.