Privacy
Privacy Notice
Last updated: 10 November 2025
Who we are (data controller)
CNRY Group Ltd is the data controller for personal data collected via this website and our marketing activities in the UK/EU. You can contact us at privacy@cnrygroup.com or by post at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.
How to contact us about privacy
Email: privacy@cnrygroup.com
Postal: Privacy Team, CNRY Group Ltd, 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
CNRY Group (the “Company”, “CNRY”, “we”, “us”) operates this website. If you are in the UK/EU, the controller is CNRY GROUP LTD, registered in JURISDICTION at REGISTERED OFFICE ADDRESS. How to contact us about privacy
Email: privacy@cnrygroup.com
Postal: Privacy Team, CNRY, 71–75 SHELTON STREET, COVENT GARDEN, LONDON, WC2H 9JQ
What data we collect
Identifiers/contact details (name, email, phone, employer) when you request a consultation, download a resource, or subscribe.
Business info you share in forms/calls (industry, equipment, project needs).
Usage data (pages viewed, interactions) for site performance and aggregated analytics.
Communication preferences and consent choices.
Why we use your data (purposes)
To respond to inquiries, book consultations, and deliver services/products.
To send operational emails (e.g., scheduling, deliverables, account notices).
To send marketing updates you opt into (you can unsubscribe any time).
To improve our website and content (aggregated analytics).
To meet legal, tax, and compliance obligations.
Lawful bases (UK/EU/UK GDPR)
Contract (responding to requests; preparing/performing a contract).
Consent (email marketing, placing non‑essential cookies/analytics).
Legitimate interests (site security, fraud prevention, basic aggregated analytics after consent).
Legal obligation (records, compliance).
Do we sell or share personal information? (US)
We do not sell or share your personal information as those terms are defined by US state privacy laws (including California). We also honor Global Privacy Control (GPC) signals. If our practices change, we will update this Notice and provide an opt‑out mechanism.
CASL (Canada) marketing
We only send commercial electronic messages to Canadians with consent or as otherwise permitted. All marketing emails include a working unsubscribe link.
Retention
We keep personal data only as long as necessary for the purposes above. Typical periods: inquiries (24 months), client files (7 years), consent logs (minimum banner‑vendor default or 24 months), analytics events (per tool configuration).
Sharing & service providers
We use trusted vendors to operate our website, CRM, email, scheduling, and analytics. We require appropriate confidentiality, security, and (where applicable) data processing terms. We maintain a list of key processors on request.
International transfers
Where data moves outside your country (e.g., UK/EU → Canada/US), we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or UK IDTA/UK Addendum, plus vendor security reviews.
Your rights
UK/EU: access, rectification, erasure, restriction, portability, and objection (including to direct marketing).
US (state laws): right to know, correct, delete, and to opt‑out of sale/share/targeted ads (not currently applicable as we do not sell/share).
Canada (PIPEDA): access and correction; contact us for questions or complaints.
To exercise rights, email privacy@cnrygroup.com and tell us which right you wish to exercise. We may need to verify your identity. If we cannot resolve your concern, you can contact your local authority (e.g., ICO in the UK; OPC in Canada; your US state AG).
Children
Our site is for business audiences and not directed to children.
Changes
We will update this Notice when our practices change. The “Last updated” date shows the latest version.