PRIVACY POLICY

V4.0, last updated 28 OCTOBER 2025

 

IMPORTANT: PLEASE READ THIS PRIVACY POLICY AS IT APPLIES TO ANY PERSONAL DATA YOU PROVIDE US OR THAT WE COLLECT ABOUT YOU THAT IS NECESSARY TO (1) PROVIDE A FUNCTIONING WEBSITE, (2) RESPOND TO YOUR INQUIRIES ABOUT OUR PRODUCTS OR SERVICES (‘SERVICES’), (3) PROVIDE YOU WITH ACCESS TO OUR SERVICES, (4) DELIVER SERVICES TO OUR CLIENTS, OR (5) RESPOND TO YOUR APPLICATION FOR EMPLOYMENT. FOR EXAMPLE, THIS POLICY APPLIES IF YOU ACCESS THE WEBSITE AT WWW.S7RISK.COM, THE WEBSITE OF OUR SUBSIDIARY INTELLIGENCE FUSION LTD. AT WWW.INTELLIGENCEFUSION.CO.UK, THE WEBSITE OF OUR SUBSIDIARY RISK AND STRATEGIC MANAGEMENT SERVICES, INC. AT HTTPS://SIGMA7.RESPONSE24.ONLINE, OR ANY OTHER WEBSITE OWNED, OPERATED OR PROVIDED BY OUR PARENT COMPANY RISKSIGMA7 GROUP HOLDINGS, LLC OR ITS SUBSIDIARIES (‘WEBSITE’ AND ‘COMPANY’, ‘US’, ‘WE’ RESPECTIVELY). FOR PUPOSES OF THIS POLICY, WE MAY BE THE CONTROLLER OR PROCESSOR AS NOTED IN THE SECTION TITLED “THE TYPE OF DATA WE COLLECT.”

 

WE DO NOT MARKET TO OR ENTER INTO CONTRACTS WITH CHILDREN NOR DO WE COLLECT PERSONAL DATA FROM ANY PERSON UNDER 18 YEARS OF AGE.  PLEASE DO NOT ACCESS OR USE THE WEBSITE OR SERVICES IF YOU ARE UNDER 18 YEARS OF AGE.

 

This Policy

 

This Policy sets out what personal data we might collect, how we process and protect that data, the lawful grounds for that processing, and your related rights. We always seek to comply with the data protection laws applicable to our processing of personal data.

 

Personal Data’ is a defined term in the European Union (‘EU’), United Kingdom (‘UK’), and the privacy laws of other jurisdictions. We also use it here to cover ‘personally identifiable information’ or ‘personal information’ as defined in the laws of the United States (‘US’) federal government and its states, as well as other similar legal definitions of this type of data. Essentially ‘personal data’ means any information relating to an identified or identifiable natural person, namely one who can be identified, directly or indirectly from that information alone or in conjunction with other information. This Policy and our processes are based upon General Data Protection Regulation (‘GDPR’) principles, as it is the world-standard for data protection laws, inspiring legal developments around the world, and we operate in many jurisdictions.

 

Note for Residents of the European Economic Area, Switzerland and the United Kingdom: The EU General Data Protection Regulation 2016/679 (‘EU GDPR’) may apply and the UK Data Protection Act 2018, the UK e-Privacy Regulations (‘PECR’), and the UK-adopted version of the EU GDPR (‘UK GDPR’) may apply directly to all our processing.  Please see the section below titled ‘Your Rights Under GDPR’ for specific details on your rights under applicable law. We use ‘GDPR’ to refer to either the EU or UK version as they’re almost identical.

 

Note for California Residents: This Policy describes how we process your personal data and your rights and choices over our processing. Please see the Section below titled Your Rights Under California Law for specific details on your rights under California law. The California Consumer Privacy Act of 2018, Cal. Civil Code §1798.100 et seq. and its implementing regulations (‘CCPA’) may apply directly to our processing of Personal Data.

 

As data protection laws and practice are constantly developing, we will update this policy from time to time, which we’ll do by posting a new policy on the Website that takes effect from the date stated. It is your responsibility to return to the Website from time to time and check for changes.

 

We have identified eight general categories of processing activities for which we collect Personal Data as part of our operations: Services Delivery Data, S7 ONE Connect Platform Data, Journey Management Data, Diligence/Investigation Report Data, Marketing Data, Website Improvement Data, Technology Collected Data, and Recruiting Data. As defined in the GDPR, we are the ‘controller’ of Marketing Data, Website Improvement Data, Technology Collected Data, and Recruiting Data as we determine the purposes (the ‘why’) and the essential means (the ‘how’) of the collection and processing. We are the ‘processor’ of Service Delivery Data, S7 ONE Connect Platform Data, and Journey Management Data as the client remains the ‘controller’ of this data and we only process it to fulfil our contract with the client and on their instructions. For the Diligence/Investigation Report Data, we may be either a joint ‘controller’ or ‘processor’ as we will both process Personal Data on the instructions of our clients as well as using our discretion to determine the best sources from which to acquire and analyse such information. Each client is responsible for informing these data subjects of the purposes for which their Personal Data is being processed.

 

How We Collect and Use Your Personal Data

 

We collect or are provided personal data in the normal course of business. Provision of personal data to us is never a requirement, however if you do not provide us with the personal data necessary for us to carry out an action at your request or under a contract with or relating to you, for example to respond to your query or provide Services to you, we may not be able to respond to your query or provide Services to you.

 

Some privacy laws such as the CCPA require that we disclose this data by certain category types collected in the past 12 months. The table below lists those types.

 

We use personal data in the normal course of our business, including to provide, secure, manage and improve our Services and to meet any binding contractual or legal obligations. Some privacy laws such as GDPR require that we disclose to you the purpose and lawful basis for collecting this data and we do so in the table below. In most cases, the lawful ground (or legal basis) for our processing will be that the processing is necessary: (i) for our legitimate interests in carrying out our business, including to maintain, improve and market our products and services, provided those interests are not outweighed by your rights and interests (‘Legitimate Interests’), (ii) to perform a contract with you (‘Contract’), or (iii) to comply with our legal obligations (‘Legal Obligation’).

 

Where processing is based on your consent (‘Consent’), we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent when we ask for your consent. When you provide us with personal data about yourself or another person, for example a colleague or a contact, you are confirming to us that you have their consent or are otherwise authorised to provide us with that information and that any personal data you give us is accurate and up-to-date.

 

Most privacy laws require that we disclose to you whether we sell or share your data with third parties and allow you to opt out of this practice, if and when we do. We will not give, sell or rent your personal data to third parties so they can market their services to you. We also do not accept advertising from third parties on the Website. However, we may share personal data in the limited circumstances described below or to comply with a law, order or request of a competent legal or regulatory authority or if we enter negotiations with a third party for the sale or purchase of all or part of our business. When we share your personal data, we have written contracts in place incorporating relevant wording to safeguard that personal data and comply with applicable laws, and we will only share such data as is necessary for the purpose in question.

 

The Types of Personal Data We Collect

 

This is an aggregated overview of the information required by GDPR, the CCPA and other US privacy laws for the eight general types of processing activities for which we collect personal data. Table 1 provides definitions of each data category and alignment with GDPR and CCPA definitions.

 

  1. Service Delivery Data: We may receive personal data from our clients when using our Services, such as names of client employees or contractors, or data entered into the Services to access deliverables and other information such as an email address, username and password.

 

Data Categories Business or commercial purpose for Data Collection Lawful Basis for Processing or Sharing If Shared, Category of Third-Party Recipients and Purpose for Sharing
Account Access Personal Details, Professional Information To respond to enquiries about the Services, to provide Services, to provide advice and support. Legitimate Interests or Contract

 

 Shared with affiliates, clients, contractors and web hosting providers as part of Service delivery

 

 

  1. S7 ONE Connect Platform Data: Our S7 ONE Connect Platform, available at https://sigma7.response24.online/, provides clients with threat intelligence, tailored threat alerts, two-way communication between clients and their personnel who are traveling (‘Traveler’), Traveler location, and emergency response coordination services to meet their duty-of-care obligations (‘Duty-of-Care Services’). The personal data collected may include names of client employees or contractors, contact information for such persons, Traveler location when in the vicinity of an identified threat, critical medical information or health insurance data, emergency response status, and platform access credentials such as username and password.

 

Data Categories Business or commercial purpose for Data Collection Lawful Basis for Processing or Sharing If Shared, Category of Third-Party Recipients and Purpose for Sharing
Account Access, Geolocation, Government ID, Health, Personal Details, Professional Information To provide Duty-of-Care Services Legitimate Interests or Contract

 

 Shared with affiliates, clients, contractors and web hosting providers as part of Duty-of-Care Service delivery

 

 

  1. Journey Management Data. We provide services to clients to coordinate and oversee secure travel and logistics for their personnel including deploying drivers and protective security teams, maintaining communication, and monitoring support during travel (‘Journey Management Services’). The personal data collected may include Traveler itineraries, names and photos of drivers or security personnel, Traveler location data, critical medical information or health insurance data, or emergency response status.

 

Data Categories Business or commercial purpose for Data Collection Lawful Basis for Processing or Sharing If Shared, Category of Third-Party Recipients and Purpose for Sharing
Geolocation, Government ID, Health, Personal Details, Professional Information To provide Journey Management Services Legitimate Interests or Contract

 

 Shared with affiliates, clients, contractors as part of Journey Management Service delivery

 

 

  1. Diligence/Investigation Report Data: We compile due diligence, litigation and other reports for our clients relating to individuals who our clients may interact with in the course of their business. These clients are required to conduct such diligence to comply with anti-corruption, anti-money laundering, sanctions and other applicable laws and regulations in their country of residence and countries where they conduct business. In addition, clients may be attempting to trace assets related to counter-parties in a dispute. Most of the information will be from the public domain and we have implemented research standards designed to identify any information which may be inaccurate. Our client reports will generally not include contact details of individuals.

 

Data Categories Business or commercial purpose for Data Collection Lawful Basis for Processing or Sharing If Shared, Category of Third-Party Recipients and Purpose for Sharing
Personal Details, Professional Information, Government ID, Financial, Education, Employment Performance, Compliance, Political Opinions, Family, Geolocation, Criminal History, Demographic, Health, Online User Activity, Opinions/Market Reputation, Profiling/Inferences, Public Posts/User Generated Content To provide Services to clients Legitimate Interests, Contract, Public Interest

 

 Shared with affiliates, clients and contractors as part of Services delivery

 

  1. Marketing Data: You may provide us with your details such as name, email address, and telephone number when you ask about our Services (through the Website, by email or otherwise) and we may otherwise lawfully obtain contact details of potential clients for our Services for our marketing purposes, for example from publicly available business contact information or your business website.

 

Data Categories Business or commercial purpose for Data Collection Lawful Basis for Processing or Sharing If Shared, Category of Third-Party Recipients and Purpose for Sharing
Personal Details, Professional Information, Interests/Preferences To market our Services to you by email or through social media and networking sites–if we do so, we will provide you with an easy and free way to opt-out of receiving such communications in the future. Legitimate Interests or Consent Shared with affiliates, social media companies, and consultants to market our services to you

 

  1. Improvement Data: When you visit the Website, we may collect information about your visit such as your IP address and the pages you visited and when you use our Services we may collect information on how you use those Services.

 

Data Categories Business or commercial purpose for Data Collection Lawful Basis for Processing or Sharing If Shared, Category of Third-Party Recipients and Purpose for Sharing
Device Identifiers, Online User, Geolocation Data To analyse and improve the Website or the Services, for example for technical or security purposes and to improve the customer experience. Legitimate Interests, Contract or Consent Shared with analytics providers, website designers, and consultants for operational requirements, security and business continuity purposes.

 

  1. Technology Collected Data: You may provide us with internet activity such as online identifiers (including name, IP address or email address) browsing history, geolocation data, or other commercial information that is collected by cookies as further described in our Cookie Declaration Policy

 

Data Categories Business or commercial purpose for Data Collection Lawful Basis for Processing or Sharing If Shared, Category of Third-Party Recipients and Purpose for Sharing
Advertisements, Device Identifiers, Online User, Geolocation Data To personalize content, to provide social media features and to analyze our Website traffic as further described in our Cookie Declaration Policy. Legitimate Interests or Consent; however where applicable law requires your consent to use certain cookies, we will ask for your Consent having provided you with relevant information as set forth in our Cookie Declaration Policy. Shared with analytics providers, website designers, and consultants as described in our Cookie Declaration Policy.  If required by your place of residence, our Cookiebot consent tracker will allow your to indicate your intent to opt out of sharing.

 

  1. Recruiting Data: You may provide us with your CV and other personal data when you apply for a position, including authorizing access to education records, professional or other employment history data.

 

Data Categories Business or commercial purpose for Data Collection Lawful Basis for Processing or Sharing If Shared, Category of Third-Party Recipients and Purpose for Sharing
Account Access, Criminal History, Education, Financial, Geolocation, Personal Details, Professional Information To manage our recruitment activities

 

 Legitimate Interests Shared with our affiliates, cloud storage providers and consultants to advisors to assist our recruiting activities

 

Special Categories and Protected Classifications of Personal Data

Except for the circumstances when you provide educational information or we conduct a background check as part of Recruitment Data or as described below for Diligence/Investigations Report Data, Duty-of-Care Services Data or Journey Management Services Data, we do not collect or otherwise ask for ‘special categories of personal data’ as referred to by GDPR or ‘protected classifications characteristics’ as often referred to by California or other US laws. These classifications are identified in Table 1.

 

However, if at any time you choose to transmit such personal data over our Website or Services for any reason, or you provide us such personal data to us as part of Recruitment Data, you must have full authority or consent to do so and you agree that it will be dealt with according to this Privacy Policy, including possible transfer to our offices or the third parties, inside or outside the UK or EEA, as described in this policy.

 

With regard to Diligence/Investigation Report Data, we collect ‘special categories of personal data’ as referred to by GDPR or ‘protected classifications characteristics’ as often referred to by California or other US laws. We do this to meet our contractual obligations to clients who are required to conduct diligence to comply with anti-corruption, anti-money laundering, sanctions and other applicable laws and regulations in their country of residence and countries where they conduct business. In addition, clients may be attempting to trace assets related to counter-parties in a court or other judicially mediated dispute under the laws of relevant jurisdiction.

 

With regard to Duty-of-Care Services and Journey Management Services Data, we collect ‘special categories of personal data’ as referred to by GDPR or ‘protected classifications characteristics’ as often referred to by California or other US laws. We do this to meet our contractual obligations to clients who have legal or other obligations to provide appropriate communication and security to their personnel while traveling. Our clients retain full control over the specific data collected and may delegate some control over certain data collection activities to their Travelers.

 

Financial Data

 

We do not collect or process any bank, debit or credit card data through our websites or Services.

 

Electronic Direct Marketing

 

Where we carry out electronic direct marketing – including phone calls, automated phone calls, emails, SMS and IM – we will comply with applicable laws.  This means, for example that we will, where required, check national do-not-call registers and obtain your prior specific and informed consent, particularly where you are acting as a consumer.

 

Our Website and S7 ONE Platform Location

 

Please be aware that our Website servers are either located in the United States or, if located in other countries, may be accessed from the United States. The servers that host our S7 ONE Platform are located in Ireland and the United Kingdom, and may be accessed from other countries by our contractors or clients. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, but please be assured that we take steps to protect your privacy. By using any portion of the Website, you are consenting to the transfer of your personal data to our facilities in the United States and those third parties with whom we share it as described in this Privacy Policy. To govern transfers of personal information from the EU/EEA to recipients outside the EU/EEA, we have entered into standard contractual clauses adopted by the European Commission (“Data Transfer Agreement”) between the companies in the Company Group.  We are happy to provide you with a copy of the Data Transfer Agreement upon request.

 

International Transfers

 

Our starting position is always to keep personal data within the UK or European Economic Area (‘EEA’) where the UK GDPR or EU GDPR applies respectively. However, in order to carry out the above purposes, we may use third parties and their facilities outside the EEA. In all such cases we will ensure that appropriate security measures are in place to protect your personal data and a valid legal basis for the transfer applies. To govern transfers of personal information from the EU/EEA to recipients outside the EU/EEA, we have entered into standard contractual clauses adopted by the European Commission (“Data Transfer Agreement”) between the companies in the Company Group.  We are happy to provide you with a copy of the Data Transfer Agreement upon request.

 

Cookies

 

Our Website uses cookies and/or similar technologies. Please review our Cookie Declaration, which is part of (and incorporated into) this Privacy Policy for more information, including on how to refuse or selectively accept cookies and/or similar technologies.

 

Retention

 

As a default position, we will only retain personal data for any statutory retention period, then a reasonable period (if any) necessary for the above purposes. This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent, or other valid exercise of your data subject rights. Please note that our clients determine the retention period for the S7 ONE CONNECT Platform data, unless there is an overriding statutory retention period in an emergency response situation. Please note that our Diligence/Investigations Report Data will be retained for as long as the information is relevant to the delivery of Services to our clients and as long as our overriding legitimate interest exists. Please contact us for further details of applicable retention periods.

 

Security

 

The security of data is very important to our business.  In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review.  However, we can only be responsible for systems that we control, and we would note that the internet itself is not inherently a secure environment.

 

Anonymised data

 

We may create anonymised data from personal data, and any anonymisation would be carried out in accordance with applicable law as well as relevant guidelines from regulators such as the UK Information Commissioner (‘UK ICO’). Anonymisation may, for example, be achieved by aggregating data to the point that no individual can be identified such as aggregating website use statistics to see which web content is working well and which could be improved. Anonymised data does not allow for the identification of any individual person and, as it is no longer personal data, neither data protection laws nor this Privacy Policy would apply to such data.

 

Third Party Services

 

If you access the services of another provider through our Websites or services, for example through a link on the Website, your use of those services is entirely at your risk and governed by the terms and privacy policy of that third party provider. If we resell a service delivered or provided by a third party (‘Third Party Service’), including any software that is delivered or owned by a third party (‘Third Party Software’), it is that third party’s separate privacy policy that will apply to your personal data and your use of the Third Party Service and Third Party Software. Your use of a Third Party Service is not covered by this Privacy Policy. Please therefore review the privacy policy for any Third Party Service and Third Party Software before using it.

 

Your Rights Under GDPR

 

Under the UK and EU GDPRs, you have the following rights (some of which may be subject to conditions set out in the relevant GDPR):

 

  • to know if we process any personal data about you and, if we do, with certain limitations, to a copy of that personal data,
  • to ask us to remove or correct any of that personal data that is inaccurate,
  • to object to certain processing,
  • to withdraw any consent you may have given us for any processing of your personal data,
  • to ask us to restrict processing certain of your personal data,
  • to ask us to erase your personal data, and
  • to ‘port’ certain of your personal data to you or another provider, provided in each case that we have such data and certain conditions are met.

 

You have the right, at any time, to object to the processing of your personal data for direct marketing.

 

To exercise any of these rights, please see the Section titled Contact Us below.

 

Your Rights under California Law

 

The CCPA provides California residents with specific rights regarding their personal data. This section describes your CCPA rights and explains how to exercise those rights.

 

You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you, at your request:

  • The categories of personal data we collected about you.
  • The categories of sources for the personal data we collected about you.
  • Our business or commercial purpose for collecting or selling that personal data.
  • The categories of third parties with whom we sold or shared that personal data.
  • The specific pieces of personal data we collected about you (also called a data portability request).
  • The personal data categories disclosed for a business purpose that each category of recipient obtained.
  • If we sold or disclosed your personal data for a business purpose, identifying the personal data categories that each category of recipient purchased.

 

You have the right to request that we delete your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies.

 

You have the right to correct inaccurate personal data that we maintain about you. Please keep your personal data on file with the Company up to date and inform us of any significant changes to it.

 

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes.

 

To exercise any of these rights, please see the Section titled Contact Us below.

 

Your Rights under Other Jurisdictions

 

State consumer privacy laws in the U.S. may provide their residents with additional rights regarding our use of their personal information.

 

Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:

  • Confirm whether we process their personal information.
  • Access and delete certain personal information.
  • Data portability.
  • Opt-out of personal data processing for targeted advertising and sales.

 

Colorado, Connecticut, and Virginia also provide their state residents with rights to:

  • Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.
  • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

 

To exercise any of these rights or rights afforded to you by any other jurisdiction (U.S. state or federal law or a national law), please see the Section titled Contact Us below.

 

‘Do Not Track’

 

The Website uses technologies that respond to ‘Do-Not-Track’ signals communicated by your internet browser.

 

Contact Us

 

If you’ve any question you can always contact us at the address above or by email to privacy@s7risk.com. You have the right, at all times, to notify a complaint to any regulator such as the UK Information Commissioner. We always welcome the opportunity to discuss and resolve any complaint with you first.

 

You can also reach us by telephone at:

 

Canada: +1 888 230 6550

United States: +1 888 230 8079

France: +33 805 98 12 07

UK: +44 800 031 5905

Germany: +49 800 1378268

 

You can also reach us by mail at: Privacy Policy Administrator, Aleco Ltd., 17 Connaught Place, London W2 2ES.

 

If you want to appeal any decision made with regard to your personal data, you can notify us at any of the above contact points.

 

We will send an initial acknowledgement within ten (10) business days upon our receipt of your request, at which point we may ask you to provide additional information. We will typically complete your request within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.

 

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

 

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons why we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

We will not discriminate against you for exercising any of your rights set forth above.

 

Table 1: Personal Data Category Definitions

 

Categories of Personal Data Definition GDPR Special /Sensitive Classification California Classification /Sensitive
Account Access Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, recovery information, password, credentials allowing access to an account   Identifiers; Sensitive
Advertisements Ad interaction data, impressions, ad clicks, how many times an ad is served, what page the ad appears on   Internet Activity Info
Audio Visual Audio, electronic, visual, thermal, olfactory, or similar information like call recordings, voicemails, CCTV   Audio Visual Data
Biometric An individual’s genetic, physiological, biological or behavioral characteristics, including DNA, that can be used (singly or in combination with other data) to establish identity.  For example, imagery of fingerprints, face, hand, and voice recordings; iris or retina scans; keystroke, gait, or other physical patterns; and sleep, health, or exercise data Sensitive Biometric Info; Sensitive
Criminal History Non-publicly available information related to a data subjects criminal arrests or convictions Sensitive Does not apply if covered by U.S. Fair Credit Reporting Act
Commercial Transaction records and contractual details including the products and services provided, billing information, customer service information, personal property records, history of products/services purchased or considered   Commercial Information
Compliance Status of individuals on sanctions or other official lists issued by national governments, international agencies, law enforcement agencies or financial regulators; designation as a politically exposed person; individuals associated with marijuana related businesses as owners, shareholders, or senior executives; individuals who are license holders of money services businesses; information from public sources about specific types of crimes; information about ownership of companies.   Identifiers
Demographic For example, race, color, ancestry, national origin, citizenship, religion or creed, religious or philosophical beliefs, sex (including gender, gender identity, gender expression, sex life, sexual orientation, veteran or military status, union membership Sensitive Protected Characteristics; Sensitive
Device Identifiers Internet Protocol address; cookies and tracking identifiers; device information, browser type, domain name   Identifiers
Employment Performance Employee performance plans, performance reviews, utilization rates, profitability metrics, customer feedback and other similar information regarding an employee’s job performance   Identifiers; Professional Information
Education Education information that is not publicly available personally identifiable information such as admissions history, test scores, transcripts, disciplinary records, but does not include name, degree, dates of attendance, sport team participation   Education Information
Family Names and contact information for family members of Employees or Directors   Identifiers
Financial Bank account details, debit/credit card information, income, or any other financial information   Customer Records
Geolocation For example, GPS data, precise location, non-precise location or movements   Geolocation Data; Sensitive
Government ID Social security number, driver’s license number, passport number, national or state identification card number, resident registration number, alien registration number, or other national or local government identifier   Identifiers; Sensitive
Health Medical, genetic (including familial genetic information), and health information, medical condition, physical or mental disability, pregnancy or childbirth and related medical conditions), health insurance information Sensitive Customer Records; Sensitive
Interests/Preferences Personal interests expressed on a CV, hobbies, work habits, personal likes or dislikes, a website user’s preferences, an event attendees preferences such as food restrictions   Inferences
Mail, email, text message content (not directed to business) Mail, email, or text message content, if the business is not the intended recipient of the communication   Identifiers; Sensitive
Mail, email, text message, other communication content (directed to business) Mail, email, or text message, and other communication content directed to the business   Identifiers; Customer Records
Online User Activity Internet / site usage, analytics, metrics, search, browsing and other activity or history information from user interactions with our websites, applications, and online services including server and application logs, clicks, navigations, white paper downloads, pages visited, items clocked, time spent on a page   Internet Activity Information
Opinions / Commentary / Market Reputation Information regarding a data subject’s reputation in terms of net worth, corruption allegations, other personal matters from public and private sources   Inferences
Personal Details Name, alias, email or mailing address, prior email or mailing address, telephone number, physical characteristics/description, preferred language, signature, marital status, date of birth, age, images/photos, publicly available education information such as school attended, graduation dates and degrees   Identifiers; Consumer Records
Political Opinions Political opinions (information on an individual’s membership in a political party, on the individual joining any petitions, on the participation in a demonstration, political reunion or similar events, the support of certain political idea as well as rejection) Sensitive Protected Characteristics; Sensitive
Professional Information Business title, position, email or mailing address, telephone number, employer name, current or past employment history   Professional Information
Profiling / inferences Inferences drawn from other personal information to create for example, a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes   Inferences
Public Posts / Comments / User-generated content Content of communications and other user generated content through interactive site/application features (chat, commenting functionality, forums, blogs, social media pages) provided by site users   Internet Activity Information
Research, survey, interests, and feedback data Responses to surveys and questionnaires and feedback   Commercial Information

 

©2026 Sigma7 :: All Rights Reserved :: Site by 2NDST