CareersContact

Looking for something?

Privacy

FRA Privacy notice

HomePrivacy

Forensic Risk Alliance (FRA) recognizes the importance of your privacy. This privacy notice is meant to inform you about the Personal Data we collect, use, share, or otherwise process in connection with your business relationship with FRA. If you have additional questions about FRA’s data collection practices after reading this notice, please contact us at privacy@forensicrisk.com.

General

Please also use the Glossary at the end of this document to understand the meaning of some of the terms used in this privacy notice.

1. IMPORTANT INFORMATION AND WHO WE ARE

2. WHAT PERSONAL DATA WE COLLECT?

3. HOW DO WE COLLECT YOUR PERSONAL DATA?

4. FOR WHAT PURPOSES DO WE COLLECT, HOLD, AND USE YOUR PERSONAL DATA?

5. TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?

6. INTERNATIONAL TRANSFERS

7. INFORMATION SECURITY AND ACCURACY

8. HOW LONG WILL WE RETAIN YOUR INFORMATION?

9. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

1. Important Information and Who We Are

Purpose of this Privacy Notice

This Privacy Notice explains how FRA collects, uses, shares and otherwise processes your Personal Data in connection with your relationship with us in accordance with applicable data privacy laws. We may provide supplemental privacy notices on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your Personal Data.

Personal Data

The term “Personal Data” as used in this privacy notice means any information relating to you from which you can be identified, such as your name, contact details, bank account details etc. Personal Data does not include data from which you can no longer be identified such as anonymized aggregate data.

FRA may process your Personal Data where we provide services to our clients. On certain client engagements, we are required to process your data on our client's behalf and per their instructions and, in such circumstances, we are acting as a “processor”. In such a situation, the data controller of your Personal Data is the company or other business entity which is our client and which instructs us to process your data in connection with using our services. This notice does not cover the processing of your personal data that we carry out as a "processor".

10. GLOSSARY

2. What Personal Data Do We Collect?

3. How Do We Collect Your Personal Data?

Please note that this notice covers the processing that we carry out as a “controller” of your Personal Data. FRA is made up of different legal entities which make up the FRA Group, details of which can be found here (http://www.forensicrisk.com/legal/). This privacy notice is issued on behalf of the FRA Group so when we mention "FRA", "we", "us" or "our" in this privacy notice, we are referring to the relevant company in the FRA Group responsible for processing your data. The EU representative of the FRA Group is Forensic Risk Alliance Limited. Forensic Risk Alliance, Inc. is responsible for this website.

  • Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you visit our physical sites and locations; participate in an event we organize or at which we are present; or contact us (online or offline) or through our Contact Us forms.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. This may be collected through the use of cookies. For more information about our cookies please click http://www.forensicrisk.com/cookies/
  • Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources such as:

    - Technical Data from analytics providers; advertising networks; or search information providers;

    - Contact, Financial and Transaction Data from providers of technical, payment and delivery services.

    - Identity, Contact, and Employment Data from our clients, prospective clients and vendors.

    - - Identity, Contact, Technical and Marketing and Communications Data from publicly available sources.

We use different methods to collect Personal Data from and about you including through:

We have appointed a global data privacy manager who is responsible for overseeing all questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your privacy rights, please contact us by email atprivacy@forensicrisk.com. If you are based in the European Union (EU) you also have the right to make a complaint at any time to your national data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the regulator so please contact us in the first instance.

Where you click on any third-party social networking sites, eg LinkedIn, on our website, the third-party social networking site controls the information it collects from you. For information about how they may use and disclose your information, including any information you make public, please consult their respective privacy policies. FRA is not responsible for the content or privacy practices of those other third-party websites.

4. For What Purposes Do We Collect, Hold, and Use Your Personal Data?

We may collect different types of Personal Data about you which we have grouped together as follows: Identity Data, Contact Data, Employment Data, Financial Data, Transaction Data, Technical Data, Usage Data and Marketing and Communications Data.

We collect Personal Data about you for various purposes including so that we can perform our business activities and functions, comply with our legal, regulatory and contractual obligations, and to provide our services to you.

Most commonly, we will use your Personal Data:

  • To perform the contract we are about to enter into or have entered into with you or the company that you represent.
  • For our legitimate interests (or those of a third party) and where your interests and fundamental rights do not override those interests, including to send you marketing information.
  • To comply with a legal obligation.

We have set out below, in a table format, a description of the ways we plan to use your Personal Data, and, information on which of the legal bases we rely on to do so. Where we rely on legitimate interests as the legal basis, we have also identified what our legitimate interests are, where appropriate.

We provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. You can view and make certain decisions about the use of your Personal Data at our preference center.

We collect or generate information about you for the purposes of client relationship management, including marketing, business development and event management. Specifically information regarding email and/ or mailing preferences, event and meeting attendance, areas of business interest, records of correspondence with you and individuals connected to your business via post, telephone, email or online. Most information we collect about you comes from our direct interactions with you or publicly available information.

We may send you marketing communications if you have asked to receive such communications, if you are a client or if you are a business contact on the basis of legitimate interests and if you have not opted out of receiving that marketing.

We may share your Personal Data with third parties we work with for the purposes of hosting events.

You can ask us to stop sending you marketing messages at any time by unchecking relevant boxes to adjust your marketing preferences through our preference center, by following the opt-out links on any marketing message sent to you, or by contacting us at any time by sending us an email at privacy@forensicrisk.com.

Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of service purchase, service experience or other transactions.

Marketing and Business Development

5. To Whom Do We Disclose Your Personal Data?

We may share your Personal Data with the parties set out below for the purposes for which we will use your Personal Data as set out in Section 4.

  • We may disclose your personal data to other members of the FRA Group, to the Boards of the members of the FRA Group, to third parties who are providing services to us, including IT service providers, event management, PR and marketing service providers, background and/or credit reference services, printers, telephone service providers and to document storage providers, backup and disaster recovery service providers.
  • Insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims.
  • We may disclose your personal data to law enforcement, taxation, legal and regulatory bodies and authorities, if we are under a duty to share your personal information in order to comply with any legal obligation; and/ or
  • We may disclose your personal data to with third parties in the event that we sell any business or assets, including any shares of a member of the FRA Group, in which case we may disclose personal data we hold about you to the prospective and actual buyer of such business or assets.

We have implemented appropriate physical, administrative and technical safeguards to help us protect your Personal Data from unauthorized access, use and disclosure. We also require that our service providers apply similar protections. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We may have to transfer your Personal Data from the country in which you are based to an FRA office or a third party outside of your base country. When we do we will always ensure that there is a legal basis and a relevant safeguard method for such data transfer so that your Personal Data is treated in a manner that is consistent with applicable laws and regulations on data protection.

6. International Transfers

We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Please contact us at privacy@forensicrisk.com if you want further information on the specific mechanism used by us when transferring your Personal Data internationally.

7. Information Security and Accuracy

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

Upon expiration of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.

You may have additional rights applicable to you under local law. If you wish to exercise any of the rights set out above, please contact us by email at privacy@forensicrisk.com

8. How Long Will We Retain Your Information?

You have rights you can exercise under certain circumstances in relation to your Personal Data that we hold, such as:

  • Request access to your Personal Data.
  • Request correction of your Personal Data.
  • Request erasure of your Personal Data.
  • Object to processing of your Personal Data.
  • Request restriction of processing your Personal Data.
  • Request transfer of your Personal Data.
  • Right to withdraw consent.

9. Your Rights in Relation To Your Personal Data

What we may need from you

We may need to request specific information from you from time to time to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed by sending us an email at privacy@forensicrisk.com if your Personal Data changes during your relationship with us.

Changes to this Privacy Notice
We reserve the right to update this privacy notice at any time, and we will make an updated copy of such privacy notice available on our website.

10. GLOSSARY

Types of Personal Data:

  • Identity Data may include first name and last name, gender and/or ethnicity.
  • Contact Data may include physical address, mailing address, email address, social media handle and telephone numbers.
  • Employment Data may include details of your employment history, i.e., profession, occupations, membership, skills or job titles, immigration information or travel history.
  • Financial Data may include bank account or payment card details.
  • Transaction Data may include details about payments to and from you and other details of services you have purchased from us.
  • Technical Data may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data may include information about how you use our website and services.
  • Marketing and Communications Data may include your preferences in receiving marketing from us and our third parties and your communication preferences.

Lawful Basis:

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your Personal Data where it is necessary for compliance with a legal obligation that we are subject to.

Questions and Comments

If you have questions or concerns regarding this Privacy Policy, related notices and how we process your information, please contact Forensic Risk Alliance at: privacy@forensicrisk.com

Or write to:

Privacy

Forensic Risk Alliance

3rd Floor Audrey House

16-20 Ely Place

London EC1N 6SN, UK

Last updated: January 2026