What we do

Privacy policy

This policy was last updated in April 2026

1. Introduction

Cathedral Risk is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This Privacy Policy explains how personal data is collected, used, and protected.

2. Data controller

The data controller is Cathedral Risk Advisory Limited. The address for our registered office is stated at the bottom of this page. You can also contact us by email.

3. Personal data collected

Anonymous usage data

Basic analytics data is collected automatically by the website hosting provider. This may include:

• the pages you visit;
• the time you spend on the site; and
• your general geographic region.

This data is:

• aggregated and anonymised;
• not used to identify individuals; and is
• used solely to improve website performance.

Information you provide voluntarily

When you use the Contact or Careers pages, the following personal data may be collected:

• name;
• email address; and
• any additional information you choose to provide.

4. Legal basis for processing

Personal data is processed on the following lawful bases.

• Legitimate interests (Article 6(1)(f)) – to respond to enquiries, manage communications, and improve the website.
• Steps prior to entering a contract (Article 6(1)(b)) – for reviewing and responding to communications received via the Careers page.

5. How Your data is used

We used your data to:

• respond to messages submitted through the contact form;
• assess expressions of interest in careers;
• communicate with you where relevant; and to
• maintain appropriate records of correspondence.

Anonymous analytics data is used to understand and improve website performance.

6. Data retention

We retain your data for the following periods of time.

• Contact enquiries: retained for as long as necessary to respond and for reasonable record-keeping.
• Careers submissions: retained for current and potential future opportunities, unless you request deletion.
• Analytics data: retained only in anonymised, aggregated form.

7. Cookies

This website does not use cookies or similar tracking technologies.

8. Data sharing

Personal data is not sold or shared with third parties, except:

• where required by law; or
• where necessary to operate the website (e.g. hosting provider processing anonymised analytics).

All processing is carried out in accordance with GDPR requirements.

9. International data transfers

If any data is processed outside the European Economic Area (EEA) (which is not currently the case), appropriate safeguards will be put in place, such as standard contractual clauses or equivalent protections.

10. Data security

Appropriate technical and organisational measures are implemented to protect personal data against unauthorised access, alteration, disclosure, or destruction. However, no internet transmission is completely secure.

11. Your rights Under GDPR

You have the following rights under GDPR.

• Right of access – to request a copy of your personal data.
• Right to rectification – to correct inaccurate or incomplete data.
• Right to erasure – to request deletion of your data.
• Right to restrict processing.
• Right to data portability.
• Right to object to processing based on legitimate interests.

To exercise any of these rights, please contact us.

12. Complaints

If you believe your data has been handled improperly, you have the right to lodge a complaint with your local supervisory authority. In Ireland, this is the Data Protection Commission.

13. Changes to This Policy

This privacy policy may be updated periodically. Any changes will be posted on this page with an updated revision date.