Privacy Notice | Privicy Advisory Services

Privacy Notice 01

Website Privacy Policy

Last updated: 3 January 2025

1. Introduction

Privicy Advisory Services ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit and use this website.

This policy is designed to comply with the data protection laws of the jurisdictions we serve:

Jamaica: Data Protection Act, 2020
Barbados: Data Protection Act, 2019
Bermuda: Personal Information Protection Act, 2016 (PIPA)
Cayman Islands: Data Protection Act, 2017
Trinidad & Tobago: Data Protection Act, 2011

2. Data Controller

Privicy Advisory Services Limited is the data controller responsible for your personal data collected through this website.

Data Protection Officer
Privicy Advisory Services Limited
San Juan, Trinidad & Tobago
DPO@myprivicy.com

3. Information We Collect

3.1 Information You Provide

When you contact us or use our services, we may collect:

Contact Information: Name, email address, phone number, company name, country
Communication Data: The content of messages you send us via email or our contact form
Assessment Data: Where you use our Free Readiness Assessment, responses to compliance questionnaires (see the separate Assessment Notice below)

3.2 Information Collected Automatically

When you access this website, we may automatically collect:

Device Information: Browser type, operating system, device identifiers
Usage Data: Pages visited, time spent, features used
Log Data: IP address, access times, referring URLs
Cookies and Similar Technologies: See our cookie notice for details

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

Consent: Where you have given us explicit consent, for example when submitting a contact form
Contract: To provide the services you have requested from us
Legitimate Interest: To improve our website, prevent fraud, and ensure security — where this does not override your rights
Legal Obligation: Where processing is required to comply with applicable Caribbean data protection law

5. How We Use Your Information

We use the personal data we collect to:

Respond to your enquiries and provide advisory support
Schedule and manage consultation appointments
Deliver our compliance assessment services
Communicate updates about our services where you have consented
Analyse website usage to improve user experience
Detect and address technical issues and security threats
Comply with our legal obligations under applicable law

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence where our service providers operate. When we transfer your data internationally, we implement appropriate safeguards including:

Data processing agreements incorporating appropriate contractual protections
Ensuring recipients maintain adequate data protection and security measures
Minimising the data transferred to only what is necessary for the purpose

8. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected, or as required by law:

Data Type	Retention Period	Basis
Contact & enquiry data	3 years	Legitimate interest / contract
Assessment data	12 months	Consent (see Assessment Notice)
Communication records	3 years	Legal obligation / legitimate interest
Website log data	12 months	Legitimate interest / security

Data subject to a legal hold or required for regulatory compliance may be retained for longer. Upon expiry, data is securely deleted or anonymised.

9. Your Rights

Under the data protection laws applicable in your jurisdiction, you have the following rights in relation to your personal data:

Right of Access

Request a copy of the personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your data in certain circumstances

Right to Restrict Processing

Request that we limit how we use your data

Right to Data Portability

Receive your data in a structured, portable format

Right to Object

Object to processing based on legitimate interest

Right to Withdraw Consent

Withdraw consent at any time, without affecting prior processing

Right Not to Be Discriminated Against

Exercising your rights will not result in any disadvantage to you

To exercise any of these rights, contact our DPO at DPO@myprivicy.com. We will respond within 30 days, or within the timeframe required by your applicable jurisdiction's law.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

Encryption

Data is encrypted in transit (TLS) and at rest

Access Controls

Strict access controls limit who can view your data

Security Assessments

Regular reviews of our security posture and practices

Staff Training

All staff are trained in data protection obligations

No method of electronic transmission or storage is entirely secure. While we apply rigorous standards, we cannot guarantee absolute security. In the event of a breach affecting your rights and freedoms, we will notify you and the relevant authority as required by applicable law.

11. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us at DPO@myprivicy.com and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. Material changes will be communicated by updating this page and revising the "Last Updated" date at the top of the notice. We encourage you to review this page periodically. Continued use of our website following a material change constitutes acceptance of the updated policy.

13. Complaints

If you have concerns about how we handle your personal data, please contact our DPO in the first instance. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:

Jurisdiction	Supervisory Authority
Jamaica	Office of the Information Commissioner
Barbados	Data Protection Commissioner
Bermuda	Privacy Commissioner for Bermuda
Cayman Islands	Ombudsman (Data Protection)
Trinidad & Tobago	Information Commissioner

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us:

Privicy Advisory Services Limited
San Juan, Trinidad & Tobago
General enquiries: info@myprivicy.com
Data protection matters: DPO@myprivicy.com
Telephone: +1 868 461 4572

Privacy Notice 02

Free Readiness Assessment Privacy Notice

Applicable to: Free High-Level Caribbean Data Protection Readiness Assessment Specialist notice — assessment service only

1. Scope of This Notice

This notice applies specifically to the Free High-Level Caribbean Data Protection Readiness Assessment offered by Privicy Advisory Services. It is a specialist notice and should be read alongside our Website Privacy Policy above.

The assessment is designed to help organisations benchmark their alignment with Caribbean data protection frameworks — including the laws of Jamaica, Barbados, Trinidad & Tobago, the Cayman Islands, and Bermuda. This notice explains exactly what data we collect during that process and why.

2. Data Minimisation & Collection

In accordance with the principle of Privacy by Design, we strictly limit our collection to what is necessary to deliver your assessment results. We collect:

User Identity: Your name and business email address, used solely to deliver your readiness report
Compliance Responses: Your answers to high-level governance and process questions (presented as Yes / No / Partial)
Jurisdictional Context: The specific Caribbean jurisdiction or jurisdictions relevant to your organisation

What we do not collect: We do not request or collect company financial data, employee records, sensitive personal data belonging to your staff or customers, internal documentation, or any information beyond what is necessary to generate your readiness score and action plan.

3. Confidentiality & Purpose

Your assessment data is used for one purpose only: to generate your organisation's readiness score and accompanying action plan. We do not:

Sell, share, or trade your assessment results with any third party
Use your responses for benchmarking or research without your explicit consent
Disclose your organisation's name or responses in any published form

Identifiable assessment data is accessible only to the authorised advisory team at Privicy Advisory Services who are responsible for producing your report. All team members are subject to confidentiality obligations.

4. Security

We apply to the Free Assessment the same security standards we advise our clients to implement and maintain. Specifically:

All responses are encrypted in transit using TLS and encrypted at rest
Access to assessment data is restricted to authorised advisory staff only
Our systems are subject to regular security review
Staff with access to assessment data are trained in data protection obligations

As a data protection and AI governance advisory firm, we regard the security of your data as a direct reflection of the standards we hold our clients to. We do not apply lower standards to our own operations.

5. Retention & Deletion

Standard Retention 12 months Assessment results are retained for 12 months from completion, allowing you to track your compliance progress over time

On Request Immediate You may request deletion of your assessment data at any time. We will action deletion requests within 5 working days

Following the 12-month retention period, assessment data is securely and permanently deleted. We do not archive or anonymise it for secondary use without your explicit consent.

6. Your Data Rights

In relation to the data collected during your assessment, you have the right to:

Access a copy of the responses and data we hold about you
Correct any inaccurate information in your assessment record
Delete your assessment data at any time, on request
Withdraw consent for us to hold your data — this will result in deletion of your assessment record
Object to any use of your data beyond delivering your assessment report

All rights requests in relation to assessment data are responded to within 5 working days — ahead of the 30-day statutory timeframe — because we recognise that assessment data is sensitive in context.

7. Data Protection Officer

For any questions about how we handle your assessment data, or to exercise your rights in relation to it, contact our Data Protection Officer directly:

Data Protection Officer
Privicy Advisory Services Limited
DPO@myprivicy.com

General enquiries: info@myprivicy.com
Telephone: +1 868 461 4572

If you are not satisfied with our response, you have the right to complain to the data protection authority in your jurisdiction. A list of the relevant authorities for each Caribbean jurisdiction is provided in Section 13 of the Website Privacy Policy above.