Privacy

This notice covers personal data handled through the e20 marketing site (www.eighty20risk.com), including anyone who contacts us through the form on this site.

Using one of our products? The privacy notice for the e20 platform and apps is separate — see www.e20risk.io/privacy.

Who we are

Eighty20 Risk Systems Ltd. (“e20”, “we”, “us”) is the data controller for personal data collected through this site. We are registered in the United Kingdom. Questions about this notice or your data can go to our Data Protection Officer at dpo@eighty20risk.com.

Summary

• This site does not set tracking, advertising, or marketing cookies.
• We use Cloudflare Web Analytics to count page views in aggregate. It is cookieless, does not fingerprint visitors, and stores no individual visitor data.
• Browser language is read from the request to pick a default locale; nothing is stored.
• If you submit the contact form, we use what you give us to reply and to follow up about a possible engagement, nothing else.

What the contact form collects

When you submit the contact form we receive the fields you fill in: name, work email, company, message, and (optionally) phone number and sector. We also receive a short-lived bot-check token from Cloudflare Turnstile, which uses your IP address and basic browser signals only to decide whether the submission is automated.

How we use it and our lawful basis

• Replying to your enquiry and arranging a demo or follow-up. Lawful basis: legitimate interests (responding to a request you sent us) and, where relevant, steps taken at your request prior to entering a contract.
• Protecting the form from spam and abuse. Lawful basis: legitimate interests in keeping the site secure.

We do not use contact-form data for marketing lists, profiling, or automated decision-making, and we do not sell or share it with third parties for their own marketing.

Who processes the data on our behalf

• Cloudflare, Inc. — hosts the site and provides the Turnstile bot check. Cloudflare may briefly process your IP address and request metadata.
• Mailjet (Sinch Email) — delivers the contact-form submission to our inbox as an email.
• Google Workspace — receives and stores the resulting email in our company mailboxes.

These providers act as our processors under written agreements. Some are based outside the UK; where that is the case we rely on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or an equivalent approved transfer mechanism.

How long we keep it

Contact-form emails are retained in our mailboxes and CRM for as long as the conversation is active and for up to 24 months afterwards, so we can pick up where we left off if you come back to us. We delete or anonymise sooner on request.

Your rights

Under UK GDPR you can ask us to access, correct, delete, or restrict processing of your personal data, to object to processing, or to receive a copy in a portable format. Email dpo@eighty20risk.com and we will respond within one month. You also have the right to complain to the UK Information Commissioner’s Office at ico.org.uk.

Changes to this notice

If we change this notice we will update the date below. Material changes will be highlighted on this page.

Contact

Eighty20 Risk Systems Ltd., United Kingdom. Email dpo@eighty20risk.com.

Last updated: 7 May 2026.