Skip to Content

Privacy Policy

Last updated: June 2026 | Effective Date: June 2026

1. Introduction

Tony Ridley MSc CSyP FSyI SRMCP ("we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at riskmanagement.odoo.com and use our services.

This policy is designed to comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) for individuals in the European Economic Area (EEA) and United Kingdom.

By using our website, you consent to the data practices described in this policy.


2. Who We Are

The data controller responsible for your personal information is:

Tony Ridley MSc CSyP FSyI SRMCP
Enterprise Risk, Security & Resilience Advisory
Website: riskmanagement.odoo.com
Contact: Contact Form

This website is hosted and powered by Odoo SA (Chaussée de Namur, 40, 1367 Grand Rosière, Belgium). For information on how Odoo processes data as our platform provider, please refer to Odoo's Privacy Policy.


3. Information We Collect

We collect information you voluntarily provide to us and information automatically collected when you use our website.

3.1 Information You Provide

Contact & Enquiry Data: When you submit our contact form or sign up for our newsletter, we collect your name, email address, and any message you provide. This information is used solely to respond to your enquiry and, if requested, to provide you with relevant updates and publications.

Subscription Data: If you subscribe to our LinkedIn newsletter or mailing list, we collect your email address and name to send you our publications on enterprise risk, security, and resilience.

3.2 Automatically Collected Information

Browser & Device Data: When you visit our website, our servers and third-party analytics tools may automatically record information including your IP address, browser type and version, operating system, pages visited, time and date of your visit, referring URL, and geographic location (country/region). This data is collected for security, performance monitoring, and to improve our services.

Cookies & Tracking Technologies: We use cookies and similar technologies to enhance your experience. Please see Section 8 (Cookies) for more detail.


4. How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to enquiries and provide services: We use contact data to communicate with you and deliver the advisory services or resources you have requested.
  • To send publications and updates: With your consent, we may send you newsletters, articles, and updates on enterprise risk, security, and resilience topics. You may unsubscribe at any time.
  • To improve our website: We analyse anonymised usage data to understand how visitors use our site and to enhance the user experience.
  • For security and fraud prevention: We process technical data to protect the integrity of our website and services.
  • To comply with legal obligations: We may process your data where required by Australian law, EU law, or other applicable regulations.

4.1 Legal Bases for Processing (GDPR)

If you are located in the EEA or UK, we process your personal data on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent — for example, subscribing to our newsletter.
  • Legitimate Interests (Art. 6(1)(f) GDPR): For website security, analytics, and improving our services, where these interests are not overridden by your rights.
  • Legal Obligation (Art. 6(1)(c) GDPR): Where processing is necessary to comply with applicable law.
  • Performance of a Contract (Art. 6(1)(b) GDPR): Where processing is necessary to provide services you have requested.

5. How We Share Your Information

Payments. Membership and subscription payments are processed by our payment provider, Stripe. Card details are entered directly with Stripe and are not stored by us. Stripe processes your payment information under its own privacy terms and applicable payment-card-industry standards. We receive confirmation of payment and limited billing details needed to manage your membership and meet our tax and record-keeping obligations.

We do not sell, trade, or rent your personal information to third parties. We may share data in the following limited circumstances:

  • Odoo SA (Platform Provider): Our website operates on the Odoo platform. Odoo processes data on our behalf as a data processor in accordance with their Privacy Policy. Odoo's infrastructure providers include OVH S.A.S. and Google Cloud EMEA Ltd, with servers located in Europe and Australia (for Oceania region customers).
  • LinkedIn: If you subscribe via our LinkedIn newsletter, your data is subject to LinkedIn's Privacy Policy.
  • Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or where necessary to protect our legal rights.

We require all third-party service providers to respect the security of your personal data and to treat it in accordance with applicable privacy law.


6. Cross-Border Data Transfers

Australian Privacy Act Compliance: Where your personal data is disclosed to overseas recipients (including our platform provider Odoo SA in Belgium), we take reasonable steps to ensure that such recipients handle your data in a manner consistent with the Australian Privacy Principles (APP 8). By using our website, you acknowledge that your information may be transferred to and processed in countries outside Australia, including Belgium and other EU member states.

GDPR Compliance: For transfers of personal data from the EEA or UK to countries outside those regions, we rely on appropriate safeguards such as EU Standard Contractual Clauses (SCCs) as used by Odoo SA, or adequacy decisions by the European Commission.


7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Contact form data: Retained for up to 3 years from last contact, unless you request earlier deletion.
  • Newsletter subscription data: Retained until you unsubscribe or request deletion.
  • Website analytics data: Retained in anonymised or aggregated form for up to 12 months.
  • Legal and compliance records: Retained for the period required by applicable law.

After the applicable retention period, your data will be securely deleted or anonymised.


8. Cookies

Our website uses cookies — small text files stored on your device — to improve your browsing experience and to help us understand how our site is used. We use the following types of cookies:

  • Essential Cookies: Necessary for the website to function properly (e.g., session management). These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). These are only set with your consent.
  • Preference Cookies: Remember your settings and preferences (e.g., language).

You can control and/or delete cookies at any time through your browser settings. Disabling cookies may affect some functionality of our website. For more information on managing cookies, visit allaboutcookies.org.

This website is powered by the Odoo platform. Odoo's cookie policy, including a full list of cookies used, is available at odoo.com/privacy.


9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

9.1 Under the Australian Privacy Act (All Users)

  • Right of Access (APP 12): You may request access to the personal information we hold about you.
  • Right to Correction (APP 13): You may request that we correct inaccurate, incomplete, or out-of-date personal information.
  • Right to Complain: You have the right to complain about our handling of your personal information to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

9.2 Under the GDPR (EEA and UK Users)

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal obligations.
  • Right to Restrict Processing (Art. 18): Request that we limit how we use your data.
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority, such as the UK ICO or a relevant EU Data Protection Authority.

To exercise any of these rights, please contact us using the details in Section 11 below. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling a request.


10. Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. Our website uses HTTPS encryption, and our platform provider Odoo maintains comprehensive security measures in accordance with their Security Policy, including infrastructure certified to ISO 27001, SOC 1 TYPE II, SOC 2 TYPE II, and PCI-DSS standards.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. If you have concerns about the security of your data, please contact us immediately.


11. How to Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have a privacy concern or complaint, please contact us:

Tony Ridley MSc CSyP FSyI SRMCP
Enterprise Risk, Security & Resilience Advisory
Website: Contact Form

We take all privacy enquiries seriously and aim to respond within 30 days. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant regulatory authority as outlined in Section 9 above.


12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will indicate the date of the most recent update at the top of this page. We encourage you to review this policy periodically.

Continued use of our website after any changes to this policy constitutes your acceptance of the updated policy.


This Privacy Policy has been prepared to comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and the EU General Data Protection Regulation (GDPR) 2016/679. It draws on privacy standards aligned with those adopted by Odoo SA, our platform provider. For Odoo's full privacy policy, visit odoo.com/privacy.