Get in Touch

Privacy Policy

LAST UPDATED

Last updated: 25 June 2026

INTRODUCTION

PhoenixRize Consulting (“we”, “us”, or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website phoenixrize.com (the “Site”) or engage our services.

This policy applies to:

  • Visitors to our website
  • People who contact us via email, phone, or booking system
  • Clients who engage our consulting and training services
  • Subscribers to our newsletter (if applicable)

We are the data controller responsible for your personal data. We are based in Dublin, Ireland and Lagos, Nigeria, and we comply with the General Data Protection Regulation (GDPR) and Irish Data Protection Acts.

Key points:

  • We only collect information necessary to provide our services
  • We never sell your personal data to third parties
  • You have full control over your data and can request deletion at any time
  • We use industry-standard security measures to protect your information

WHO WE ARE

Business name: PhoenixRize Consulting
Nature of business: DEI (Diversity, Equity, and Inclusion) consulting, training, and culture audits
Operating locations: Dublin, Ireland and Lagos, Nigeria
Contact email: info@phoenixrize.ie
Website: phoenixrize.ie

WHAT PERSONAL DATA WE COLLECT

We collect different types of information depending on how you interact with us:

  1. INFORMATION YOU PROVIDE DIRECTLY

When you contact us via email or contact form:

  • Name
  • Email address
  • Organisation name (optional)
  • Job title (optional)
  • Phone number (if provided)
  • Message content and any information you choose to share

When you book a discovery call via Calendly:

  • Name
  • Email address
  • Phone number (optional)
  • Organisation name (if provided)
  • Time zone
  • Booking preferences and any notes you provide

When you engage our services (become a client):

  • Full name and contact details
  • Organisation name and address
  • Job title and department
  • Billing information (organisation invoice details, not personal payment cards)
  • Contract and agreement documentation
  • Communication history (emails, meeting notes, phone conversations)
  • Any information you share during consultations, training, or focus groups

When you participate in our services (e.g., workshops, focus groups, culture audits):

  • Participation records (attendance, feedback)
  • Survey responses (where anonymized unless you choose to identify yourself)
  • Focus group contributions (confidential and handled according to agreed protocols)
  • Training evaluation feedback

When you subscribe to our newsletter (if applicable):

  • Name (optional)
  • Email address
  • Subscription preferences
  1. INFORMATION WE COLLECT AUTOMATICALLY

When you visit our website:

  • IP address (anonymized in Google Analytics)
  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Operating system
  • Pages visited and time spent on pages
  • Referring website (how you arrived at our Site)
  • Geographic location (city/country level, not precise location)
  • Date and time of visit

This information is collected via:

  • Cookies (see our Cookie Policy for details)
  • Server logs
  • Google Analytics (anonymised data)
  1. SENSITIVE PERSONAL DATA

In the course of providing DEI consulting services, you or your organisation may share information about:

  • Race or ethnicity
  • Gender identity or sexual orientation
  • Disability or health conditions
  • Religious beliefs
  • Other protected characteristics

How we handle sensitive data:

  • We only collect sensitive data when necessary for our services (e.g., during culture audits, EDI policy development, focus groups)
  • We obtain explicit consent before collecting sensitive data
  • Sensitive data is anonymized wherever possible
  • We apply enhanced security measures to protect this information
  • We never share sensitive data without explicit consent
  • Focus group and survey data is typically aggregated and anonymized in reports

HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

  1. TO PROVIDE OUR SERVICES

Legal basis: Contract performance, Legitimate interests

  • Respond to your enquiries and booking requests
  • Schedule and conduct discovery calls and consultations
  • Deliver consulting services, training, workshops, and culture audits
  • Facilitate focus groups and stakeholder interviews
  • Prepare reports, recommendations, and deliverables
  • Manage project communications and documentation
  • Issue invoices and manage payments
  1. TO IMPROVE OUR SERVICES

Legal basis: Legitimate interests

  • Analyse website usage to improve user experience
  • Gather feedback on training and consulting services
  • Develop new services based on client needs
  • Improve our content and resources
  1. TO COMMUNICATE WITH YOU

Legal basis: Consent (for marketing), Legitimate interests (for service communications)

  • Send confirmation emails for bookings and enquiries
  • Provide updates on projects and engagements
  • Share relevant resources or information related to services you’ve engaged
  • Send occasional newsletters with EDI insights (only if you subscribe)
  • Respond to your questions or concerns

You can opt out of marketing communications at any time by clicking “unsubscribe” in emails or contacting us at [your@email.com].

  1. TO COMPLY WITH LEGAL OBLIGATIONS

Legal basis: Legal obligation

  • Maintain business records as required by Irish and Nigerian law
  • Comply with tax and accounting requirements
  • Respond to legal requests or court orders
  • Protect our legal rights and interests
  1. TO PROTECT SECURITY AND PREVENT FRAUD

Legal basis: Legitimate interests

  • Maintain website security
  • Prevent fraudulent activity
  • Protect against misuse of our services
  • Maintain backup systems for business continuity

LEGAL BASIS FOR PROCESSING

Under GDPR, we must have a legal basis to process your personal data. We rely on:

Consent: When you voluntarily provide information (e.g., booking a call, subscribing to newsletter)

Contract: When processing is necessary to fulfill our services to you

Legitimate interests: When we have a legitimate business reason (e.g., improving services, preventing fraud), balanced against your rights

Legal obligation: When required by law (e.g., tax records, legal compliance)

Vital interests: In rare cases where processing is necessary to protect someone’s life

Public interest: When processing is necessary for reasons of substantial public interest (e.g., promoting equality)

WHO WE SHARE YOUR DATA WITH

We do not sell, rent, or trade your personal data to third parties. We only share your information when necessary:

  1. SERVICE PROVIDERS (DATA PROCESSORS)

We use trusted third-party services that may process your data on our behalf:

Google Analytics

  • Purpose: Website analytics (anonymized data)
  • Data shared: Anonymized browsing behavior, device info, location (city/country)
  • Location: United States (Google LLC)
  • Safeguards: EU-US Data Privacy Framework, Google’s privacy commitments
  • Privacy Policy: https://policies.google.com/privacy

Calendly

  • Purpose: Booking system for discovery calls
  • Data shared: Name, email, phone (optional), booking details
  • Location: United States (Calendly LLC)
  • Safeguards: Standard Contractual Clauses, GDPR compliance
  • Privacy Policy: https://calendly.com/privacy

Google Workspace (Gmail, Google Drive, Google Docs)

  • Purpose: Email communication, document storage, project management
  • Data shared: Emails, documents, project files shared with us
  • Location: European data centers (for EU clients), with Google’s global infrastructure
  • Safeguards: Google Cloud’s GDPR compliance, encryption at rest and in transit
  • Privacy Policy: https://policies.google.com/privacy

Web Hosting Provider

  • Purpose: Website hosting and maintenance
  • Data shared: Website visitor data, server logs
  • Location: [Specify your hosting provider and location – e.g., “European servers”]
  • Safeguards: [Hosting provider’s security measures]

Email Marketing Platform (if applicable – e.g., Mailchimp, ConvertKit)

  • Purpose: Newsletter distribution
  • Data shared: Email address, name (optional), subscription preferences
  • Location: [United States or EU, depending on provider]
  • Safeguards: GDPR compliance, Standard Contractual Clauses
  • Privacy Policy: [Link to provider’s privacy policy]

All third-party processors:

  • Are contractually obligated to protect your data
  • Process data only according to our instructions
  • Meet GDPR standards for data protection
  • Use appropriate technical and organizational security measures
  1. CLIENT ORGANISATIONS

When you engage our services on behalf of an organisation:

  • We share project deliverables (reports, recommendations) with designated client contacts
  • We may share aggregated, anonymized data in reports (e.g., culture audit findings)
  • Individual identifiable information from focus groups or interviews is kept confidential unless explicit consent is given

Confidentiality commitments:

  • Focus group participants’ identities are protected
  • Survey responses are anonymized in reports
  • Sensitive disclosures are handled according to agreed confidentiality protocols
  • We follow professional standards for consulting confidentiality
  1. LEGAL REQUIREMENTS

We may disclose your information if required by law:

  • In response to court orders or legal process
  • To comply with tax, accounting, or regulatory requirements
  • To protect our legal rights or defend against legal claims
  • To prevent fraud or criminal activity
  • To protect someone’s safety or vital interests
  1. BUSINESS TRANSFERS

If PhoenixRize is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you of any such change and ensure your data remains protected.

INTERNATIONAL DATA TRANSFERS

Our operating locations: We operate from Dublin, Ireland (EU) and Lagos, Nigeria (outside EU).

Data transfers:

  • Data may be transferred between our Ireland and Nigeria operations
  • Some third-party services (Google, Calendly) transfer data to the United States
  • Website hosting may involve data storage outside Ireland

Safeguards for international transfers:

  • EU to Nigeria: We apply appropriate safeguards including contractual protections and encryption
  • EU to US (Google, Calendly): These providers comply with EU-US Data Privacy Framework and use Standard Contractual Clauses
  • Nigeria clients: Data is processed according to Nigerian Data Protection Regulation (NDPR) and international best practices

Your rights remain protected regardless of where data is processed.

HOW LONG WE KEEP YOUR DATA

We retain personal data only as long as necessary for the purposes outlined in this policy:

Enquiry and booking data:

  • General enquiries: Up to 2 years after last contact
  • Unsuccessful bookings/enquiries: Up to 1 year
  • Reason: To maintain service records and improve our processes

Client data (active engagements):

  • Duration of project/engagement plus up to 7 years after completion
  • Reason: Legal obligations (tax, accounting, contract records), professional standards

Past client data:

  • Up to 7 years after final engagement
  • Reason: Business records, potential future collaboration, legal requirements
  • Anonymized case studies: Indefinitely (with client permission)

Focus group and culture audit data:

  • Aggregated, anonymized reports: Indefinitely (internal learning and benchmarking)
  • Individual identifiable responses: Destroyed after report delivery or within 2 years (whichever is shorter), unless different retention is agreed in client contract
  • Audio/video recordings (if any): Deleted immediately after transcription unless otherwise agreed

Newsletter subscribers:

  • Until you unsubscribe or up to 2 years of inactivity
  • Reason: To maintain mailing list and respect your preferences

Website analytics data:

  • Google Analytics: Automatically deleted after 26 months
  • Reason: Website improvement and performance analysis

After retention periods expire:

  • Data is securely deleted or anonymized
  • Backups are overwritten according to backup cycles
  • Physical records (if any) are securely destroyed

You can request earlier deletion of your data at any time (see “Your Rights” section).

HOW WE PROTECT YOUR DATA

We take data security seriously and implement appropriate technical and organizational measures:

TECHNICAL SECURITY MEASURES

Encryption:

  • HTTPS/SSL encryption for website (data in transit)
  • Encrypted email communications where possible
  • Encrypted cloud storage (Google Drive, etc.)
  • Encrypted device storage (laptops, phones)

Access controls:

  • Password-protected accounts with strong password requirements
  • Two-factor authentication (2FA) on critical systems
  • Limited access to personal data (need-to-know basis)
  • Regular access reviews and removal of unnecessary permissions

Data backups:

  • Regular encrypted backups of essential business data
  • Secure backup storage with access controls
  • Tested restoration procedures

Security software:

  • Antivirus and anti-malware protection
  • Firewall protection
  • Regular software and system updates
  • Security monitoring and logging

ORGANIZATIONAL SECURITY MEASURES

Policies and procedures:

  • Confidentiality agreements with any staff or contractors
  • Clear data handling procedures
  • Incident response plan for data breaches
  • Regular security awareness and training

Physical security:

  • Secure office environments
  • Locked storage for physical documents (if any)
  • Secure disposal of documents (shredding)
  • Device security (locked screens, full disk encryption)

Confidentiality protocols for sensitive work:

  • Focus group confidentiality agreements
  • Anonymous reporting mechanisms
  • Secure handling of sensitive disclosures
  • Professional ethics and standards adherence

THIRD-PARTY SECURITY

All third-party service providers:

  • Are carefully selected for security and privacy standards
  • Have appropriate data processing agreements
  • Comply with GDPR requirements
  • Use industry-standard security measures

DATA BREACH PROCEDURES

In the unlikely event of a data breach:

  1. We will investigate and contain the breach immediately
  2. We will assess the risk to affected individuals
  3. We will notify the Data Protection Commission within 72 hours (if required by law)
  4. We will notify affected individuals without undue delay if there is a high risk to their rights
  5. We will document the breach and our response
  6. We will take steps to prevent future breaches

YOUR RIGHTS UNDER GDPR

You have the following rights regarding your personal data:

  1. RIGHT TO ACCESS

You can request a copy of the personal data we hold about you.

How to exercise: Email info@phoenixrize.ie with “Data Access Request” in the subject line

Response time: Within 1 month (may extend to 3 months for complex requests)

What you’ll receive: A copy of your data in a commonly used electronic format

  1. RIGHT TO RECTIFICATION

You can request correction of inaccurate or incomplete personal data.

How to exercise: Email us with details of the corrections needed

Response time: Within 1 month

  1. RIGHT TO ERASURE (“Right to be Forgotten”)

You can request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where processing was based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • Legal obligations require deletion

Exceptions: We may retain data if required by law (e.g., tax records, legal claims)

How to exercise: Email [your@email.com] with “Data Deletion Request”

Response time: Within 1 month

  1. RIGHT TO RESTRICT PROCESSING

You can request that we limit how we use your data in certain circumstances:

  • You contest the accuracy of the data
  • Processing is unlawful but you don’t want data deleted
  • We no longer need the data but you need it for legal claims
  • You’ve objected to processing pending verification of legitimate grounds

How to exercise: Email us explaining why you want processing restricted

  1. RIGHT TO DATA PORTABILITY

You can request your data in a structured, commonly used, machine-readable format and have it transferred to another controller.

Applies when:

  • Processing is based on consent or contract
  • Processing is automated

How to exercise: Email [your@email.com] with “Data Portability Request”

  1. RIGHT TO OBJECT

You can object to processing of your data:

  • Based on legitimate interests (including profiling)
  • For direct marketing purposes (we will stop immediately)
  • For research or statistical purposes

How to exercise: Email us with your objection and reasons

Marketing opt-out: Click “unsubscribe” in any marketing email or email info@phoenixrize.ie 

  1. RIGHT TO WITHDRAW CONSENT

Where processing is based on consent, you can withdraw it at any time.

How to exercise: Email us or use the unsubscribe link in emails

Effect: We will stop processing your data (unless we have another legal basis)

  1. RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

HOW TO EXERCISE YOUR RIGHTS

Email: info@phoenixrize.ie 

Subject line: Include the specific right you’re exercising (e.g., “Data Access Request”)

Information to provide:

  • Your full name
  • Email address used when contacting us
  • Details of your request

Verification: We may ask for proof of identity to protect your data from unauthorized access

Response time: Within 1 month (we’ll inform you if we need more time)

Cost: Free (we may charge a reasonable fee for excessive or repetitive requests)

RIGHT TO COMPLAIN

If you believe we’ve mishandled your personal data, you have the right to lodge a complaint with:

Data Protection Commission (Ireland) 21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

Phone: +353 (0)761 104 800
Email: info@dataprotection.ie
Website: www.dataprotection.ie
Online complaint form: https://forms.dataprotection.ie/contact

For Nigeria-based concerns:

Nigeria Data Protection Commission (NDPC) Email: info@ndpc.gov.ng
Website: www.ndpc.gov.ng

We encourage you to contact us first so we can address your concerns directly.

CHILDREN’S PRIVACY

Our services are not directed at children under 16. We do not knowingly collect personal data from children.

If you are under 16, please do not:

  • Use our website
  • Provide any personal information to us
  • Book consultations or subscribe to communications

If we become aware that we’ve collected data from a child under 16 without parental consent, we will delete it promptly.

Parents/guardians: If you believe your child has provided us with personal data, contact us immediately at [your@email.com].

LINKS TO OTHER WEBSITES

Our Site may contain links to third-party websites (e.g., LinkedIn, resource sites, client websites).

Please note:

  • We are not responsible for the privacy practices of other websites
  • This Privacy Policy applies only to phoenixrize.ie
  • We encourage you to read the privacy policies of any websites you visit

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

  • Changes in our business practices
  • New legal requirements
  • Feedback from users
  • Changes in technology or services we use

When we make changes:

  • We update the “Last updated” date at the top of this page
  • For significant changes, we may notify you via email or a banner on our Site
  • Continued use of our Site after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

SPECIFIC SCENARIOS: HOW WE HANDLE YOUR DATA

WHEN YOU BOOK A DISCOVERY CALL

Data collected: Name, email, phone (optional), organisation (optional), date/time preferences

Purpose: Schedule and conduct the consultation

Retention: Up to 2 years if no engagement follows; 7 years if you become a client

Third parties: Calendly (booking system)

Your rights: You can cancel or reschedule at any time; request deletion of booking data

WHEN YOU ENGAGE OUR SERVICES

Data collected: Full contact details, organisation info, project communications, meeting notes, deliverables

Purpose: Deliver consulting, training, or audit services

Retention: Duration of engagement plus 7 years

Confidentiality: Professional consulting standards apply; sensitive information handled with enhanced security

Your rights: Access to project records; request anonymization after project completion (subject to legal requirements)

WHEN YOU PARTICIPATE IN FOCUS GROUPS OR CULTURE AUDITS

Data collected: Your contributions, feedback, responses to questions

Purpose: Gather insights for organisational culture work

Anonymization: Your individual responses are typically anonymized in reports unless you give explicit consent to be identified

Confidentiality: Handled according to agreed protocols with client organisation

Retention: Anonymized aggregate data may be retained; individual identifiable data deleted after report delivery or within 2 years

Your rights: Request to see how your contributions were used; request deletion of identifiable data

WHEN YOU SUBSCRIBE TO OUR NEWSLETTER 

Data collected: Email address, name (optional)

Purpose: Send occasional EDI insights and updates

Frequency: [Specify – e.g., “Monthly maximum” or “Occasional, no more than 12 per year”]

Opt-out: Click “unsubscribe” in any email or email [your@email.com]

Retention: Until you unsubscribe or 2 years of inactivity

WHEN YOU CONTACT US VIA EMAIL

Data collected: Your email address, name, message content, any attachments you send

Purpose: Respond to your enquiry

Retention: Up to 2 years for general enquiries; longer if it leads to a client relationship

Your rights: Request deletion of email correspondence

CONTACT US ABOUT PRIVACY

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data:

Email: info@phoenixrize.ie

Subject line: “Privacy Query” or specify your request type

Postal address: PhoenixRize Consulting
Avondale Park,
Dublin, Ireland

Response time: We aim to respond within 5 business days for general queries, within 1 month for formal rights requests

ACKNOWLEDGMENT AND CONSENT

By using our Site or engaging our services, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You consent to the collection, use, and processing of your personal data as described
  • You understand your rights and how to exercise them
  • You can withdraw consent or object to processing at any time