Privacy Policy

Who we are

Our website address is:

This website is the property of Ares Risk Management Limited. We take the privacy of all visitors to this Website very seriously. In this privacy and cookies policy we have set out our position regarding certain privacy matters and the use of cookies on this Website.

This policy covers all data that is shared by a visitor with us when visiting our website or when contacting us directly by email or by phone.  This policy has been created by the Cyber Division & Senior Management of Ares Risk Management Limited and is occasionally updated by us, to reflect changes in Data Protection & Online Privacy Legislation, therefore, we suggest you review this page from time to time.

This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you either directly via this Website, by phone or via email.

We are required under the Data Protection Act 1998 and General Data Protection Regulation 2016 to have a data controller. For the purpose of the Data Protection Act 1998 and General Data Protection Regulation 2016 our data controller is Anna M Heim and can be contacted via email at

What personal data we collect and why we collect it


When visitors leave comments on the site (in our blog) on our we collect the data shown in the comments form. This data might include the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

We do not use contact forms on our website and invite you to either phone or email us with your service requests or enquiries.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behave in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


We use Google Analytics to understand how visitors use our website. The analytics data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of service use. The legal basis for this processing is consent and our legitimate interests, namely monitoring and improving our website and services. You can read Google’s Privacy Policy here:

Who we share your data with

In the main, we do not share your data, unless it is absolutely necessary to do so in order to provide our services to you. In situations where this might be the case, this will be clearly and fully explained in your contracted Services Agreement with us. Your Service Agreement explains

  1. What data we might have to share.
  2. Why we might have to share it.
  3. How your data might be shared.
  4. Who we might have to share your data with.

All data which we might have to obtain from you in order to provide you with our services and which may need to be shared is protected by Confidentiality and Non-Disclosure Agreements.

When you sign up to our Mailing List, you will be asked to provide us with your name and your email address which will be stored with our Mailing List Service Provider, MailChimp. Mailchimp is a US-based service provider and data sharing is undertaken in line with the EU-US Privacy Shield Framework.  You can read Mailchimps’ Privacy Policy here: in this context Ares Risk Management is the Data Controller and MailChimp is the Data Processor.

Our Email System is provided to us By Microsoft 365 – we do not store your contact details in Outlook 365. Your contact details are stored in our Customer Management System – HubSpot, which is integrated into Outlook 365. Only legitimate contracted customers, clients, subcontractors and supplier contact details are held in this system.

All enquiry data which you might have shared with us through the Booking Form which is provided to us through our Microsoft 365 Office Applications is irretrievably deleted from all our systems within 24-hours unless you become a customer, client, subcontractor or supplier.

When you purchase one of our online training courses or purchase tickets to one of our Workshops, Seminars or Events, we use PayPal to transact your payments. When using PayPal for this purpose you have the choice of

  1. Sign-up for a PayPal account
  2. Use your PayPal account if you are a pre-existing user of the PayPal Service or
  3. Use PayPal as a “one-time-only” service.

PayPal have their own Privacy Policy which can be found here:

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. If you at any time decide that you no longer want your comment to be featured on our blog, drop us a note and your comment will be permanently and irretrievably deleted.

If you sign up to our mailing list, you will find an unsubscribe link in the footer of every email we send. You are free to unsubscribe from our mailing list at any time. The minute you confirm that you want to unsubscribe your name and email address will automatically, instantly and irretrievably be removed from the list.

Transaction data which is processed for us by PayPal will be downloaded to our secure systems and retained for 7-years in accordance with UK Tax Law. PayPal will retain the transaction data they have processed on our behalf in accordance with Banking and Financial Regulations which are detailed in their Privacy Policy

If you are a customer or client of Ares Risk Management and have purchased services from us the data retention period will be indicated in the Data Retention & Deletion Section of your Service Agreement. Please refer to your Service Agreement or contact us directly by email quoting the Service or Project Reference for more information. []

What rights you have over your data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

In addition, all our clients, subcontractors and suppliers have the following rights to their data under the Data Protection Act 2018 & GDPR 2016:

  1. the right to access;
  2. the right to rectification;
  3. the right to erasure;
  4. the right to restrict processing;
  5. the right to object to processing;
  6. the right to data portability;
  7. the right to complain to a supervisory authority; and
  8. the right to withdraw consent.

Should you at any time wish to exercise your data rights please email us with your request at:

Where we send your data

With the exclusion of visitor comments which may be checked through an automated spam detection service; we don’t send your data anywhere, we keep it safely and securely on our hybrid in-house systems or locked away in hard-copy in our filing cabinets.

Your contact information

If you have left a comment on our website which has been approved for publication in addition to the body of your comment, your published entry may include the user name you created when you registered to leave the comment.

If you email us directly we will keep your name, email address and any other contact details you have provide in a secure manner on our systems so that we can respond to your enquiry efficiently and effectively.

If you phone us with a service enquiry, we will ask you for your name, phone or mobile number and email address so that we can respond and deal with your service enquiry efficiently and effectively.

If you sign up to our mailing list, we will collect your name and email address only.

Additional information

How we protect your data

Website: In addition to Secure Socket Layer (SSL) We utilise SiteLock security on our website as provided as a paid-for service by our hosting company, which provides our website with advanced layered threat detection to protect the integrity of our website and any personal data you might submit when you choose to register to leave comments, or when using the booking form.

Mailing List: We have done our due diligence and trust Mailchimp to protect your data in accordance with the highest standards in Cybersecurity – you can find out more about MailChimp’s Cyber Security measures here

Internal Systems: Ares Risk Management utilises CyberSmart Technologies, the guideline offered by UK’s Cyber Essentials Certification Scheme, advance Firewall and file-locking systems to protect any and all data which we might store and process on our internal computer systems.

Our cloud systems utilise VPN and encryption on all data when in transit and at rest – our cloud and SaaS providers are ISO27001 compliant as a minimum standard.

What data breach procedures we have in place

In the event of a data breach, you and the UK Regulatory Authority (The Information Commissioners Office) will be notified within 72 hours of such an event occurring and provided with detailed information on

  1. what happened,
  2. how it happened
  3. what we have or are doing to put things right
  4. what steps you might need to take (if any).

What third parties we receive data from

We do not accept personal data from third parties unless they can prove they have a contractual agreement with you and you have consented to them sharing your data with us.

What automated decision making and/or profiling we do with user data

Ares Risk Management does not undertake any automated decision making neither do we use any data you might have provided to us for profiling.

Industry regulatory disclosure requirements

Ares Risk Management is Registered with the Information Commissioners Office. Our Registration Number is: ZA110791
Ares Risk Management is a Limited Company Registered in England & Wales, our Registered address is: Donnington House, 33 High Street, Shoeburyness, Southend-on-Sea. Essex SS3 9AW UK our Company Registration Number is: 09456375
All our Consultants & Operators are Licenced & DBS checked by the Security Industry Authority (SIA).
Our contact details are in the footer of every page on this website.

Updated: 27 October 2020