INTRODUCTION

SIFA Strategy Limited ( ‘SIFA Strategy’, ‘we’, ‘us’ or ‘our’) values your privacy and is committed to safeguarding your personal data. This privacy policy explains how we collect, use, store, and protect your personal information when you visit our website or interact with us.

By using this website or engaging with us, you consent to the practices described in this privacy policy. We reserve the right to change this policy, and we may update this policy from time to time. Any changes will be posted on this page. We encourage you to review it periodically to ensure you remain informed. This policy was last reviewed and updated on 21.01.2025.

1.  WHO WE ARE

SIFA Strategy is a specialist ESG consultancy. We act as the data controller and we are responsible for your personal data in accordance with applicable data protection laws. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us at: info@sifastrategy.com

2. DATA WE COLLECT AND HOW WE USE IT

Personal data means any information about an individual from which that person can be identified.

2.1 Types of Data we collect

We may collect, use and store different kinds of personal data depending on your engagement with us.

• Marketing and Communications Data: correspondence, name, title, email address and preferences for receiving communications.
• Usage Data: information about how you interact with our products, services, publications, website, or events.
• Contact and Financial Data: For clients, suppliers, and employees, this may include names, email addresses, billing addresses, office addresses, phone numbers, and bank account details. This allows for the normal running of our business and the necessary interactions to meet our contractual obligations.
• Survey Data: names, contact details and responses to surveys and questionnaires issued on behalf of our clients or our firm. Individual responses are sometimes anonymised, but all responses are stored for analytical purposes. Contact details, including names and email addresses, for respondents will be stored for 18 months before they are deleted. This is to allow delivery of final analysis and product to the client.
• Technical Data: information about your browsing behaviour, collected via cookies (see Section 6).

Furthermore, we may be required to collect other personal data by law, or under the terms of a contract we have with you.

2.2 How we collect Data

We collect data through various methods, including:

• Direct communication via email, phone or post.
• Filling out forms on our website (e.g. contact forms, subscription to newsletters/ updates, downloading reports and other content).
• Participation in events or surveys run by us or in partnership with a third party or on behalf of our clients.
• Interactions with our website (e.g. cookies and analytics tools)
• Communication with us through a client, supplier or other third party.

2.3 How we use your Data

We will only use your personal data when permitted by law. Common uses include:

• Delivering services or responding to inquiries.
• Performing or entering into contractual obligations.
• Complying with legal or regulatory obligations or requirements.
• Sending marketing materials, subject to your consent or preferences which can be amended at any time.
• Sending communications on behalf of clients or third parties, in accordance with the law.
• Internal purposes, such as record-keeping or gathering feedback to improve our offerings or to better tailor marketing materials and reports.

We will not sell, distribute or lease your personal data to third parties unless we are required by law to do so. However, we may share your data with:

• External service providers: Such as IT, research, design or survey firms who may have access to some data as part of their engagement with us and who have a professional need to know.
• Other third parties: in the event of a business sale, transfer or merger which impacts parts or all of our business or assets.

All third parties and service providers are required to respect your data, use it only as instructed by us and treat it in accordance with the law.

3. DATA SECURITY

We are committed to ensuring that your information is secure. We prioritise the security of your personal data by implementing physical, electronic, and managerial safeguards. We also limit access to your data for employees or third parties with a professional need to know. They will only process your personal data in accordance with our instructions and are subject to a duty of confidentiality.

In the event of a data breach, we will notify affected individuals and the UK Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, as required by law.

4. DATA RETENTION

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including legal or reporting requirements. Retention periods consider the nature and sensitivity of the data, the potential risk from unauthorised access or disclosure, the purposes for which we collected your personal data, and the related and applicable legal or contractual obligations.

Unless you opt-out or we receive a request to delete personal data or cease communication with you we will keep and periodically update Marketing and Communications Data, as well as Contact and Financial Data required to enable us to provide services in accordance with our contractual obligations.

5. YOUR RIGHTS AND CHOICES

5.1 Opting out

You may opt out of receiving marketing communications by contacting us on info@sifastrategy.com, in writing, at any time; adjusting preferences when filling out relevant website forms; or utilising the opt-out link embedded in some email communication.

Opting out of marketing does not apply to necessary communications related to contracts, transactions or the agreed delivery of a service.

5.2 Accessing and controlling your data

You have rights under data protection laws which are best summarised by the ICO here. This includes:

• Accessing your personal data.
• Requesting corrections to inaccurate data.
• Requesting deletion of your data under certain circumstances.

We will respond to legitimate requests for your personal data within one month, where possible, and assuming the request is not overly complex, or you have made a number of requests. In some cases, additional verification may be required to confirm your identity. We may also contact you to ask you for further information in relation to your request to accelerate our response.

You will not have to pay a fee to access your personal data, or to exercise any of the other fundamental rights. However, we do reserve the right to charge a reasonable fee if your request is unfounded.

To exercise your rights or request information, contact us at info@sifastrategy.com.

5.3 Making a complaint

You have the right to make a complaint at any time to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

6. COOKIE POLICY

When interacting with our website, Technical Data about your browsing actions and behaviours may be automatically collected through the use of cookies. Cookies are small files stored on your device that enhance website functionality and user experience. We use cookies to analyse website traffic, usage patterns and to improve website performance and tailor content to user preferences.

Most web browsers will automatically accept cookies, but it is sometimes possible to modify browser settings to decline cookies. Please be aware that this may prevent you from taking full advantage of the websites you interact with in terms of functionality and user experience.

7. Links to other websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of external sites. Please review their privacy policies before providing any data.