Legal & Compliance

Privacy Policy

CassConsult is committed to protecting your personal data and respecting your privacy. This policy explains what information we collect, why we collect it, and how we handle it.

Effective date: 3 July 2026. This policy applies to CassConsult and the personal data we process in connection with our website and consultancy services. It is reviewed periodically and updated as required by applicable law.

1

Who We Are

CassConsult ("we", "us", "our") is a specialist business consultancy operating in the payments industry, banking regulation and compliance, and process-flow improvement and automation. We act as the data controller for the personal information collected through this website and our professional services.

For any privacy-related enquiry, please contact us at cassconsulting.eu@gmail.com. Our correspondence address is provided upon request for verified business purposes.

2

What Personal Data We Collect

We collect only the minimum information necessary to deliver our services and respond to enquiries. The categories of data we may process include:

We do not collect sensitive personal data (e.g. health information, political opinions, biometric data) through this website. We do not process the personal data of children under 16.

3

How We Use Your Data

We use personal data for the following purposes:

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

4

Legal Basis for Processing

Where the UK GDPR and EU GDPR apply, we rely on the following legal bases to process your personal data:

For clients in jurisdictions subject to the Gramm-Leach-Bliley Act (GLBA) or other US federal or state privacy frameworks, we apply equivalent safeguards and provide required notices separately as part of the client onboarding process.

5

Cookies & Tracking Technologies

Our website uses cookies — small text files stored on your device — to ensure functionality and to help us understand how the site is used. The cookies we use fall into two categories:

All fonts used on this website are hosted on our own servers rather than loaded from a third-party font provider. Visiting this site therefore does not cause your browser to contact Google Fonts or any comparable external font service, and no data is transmitted to such providers for this purpose.

For website analytics, we use Cloudflare Web Analytics, a privacy-first service that does not use cookies and does not track individual visitors across websites. It collects only aggregated, anonymised metrics (e.g. page views, page load performance), so no cookie consent banner is triggered by its use.

You can manage or disable cookies through your browser settings at any time. Note that disabling certain cookies may affect your experience of the site.

6

Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to any third party. We may share your data only in the following limited circumstances:

Where data is transferred outside the UK or European Economic Area (EEA) — for example, to Netlify, Inc. or Cloudflare, Inc. in the United States — we ensure appropriate safeguards are in place before any transfer takes place. Both Netlify and Cloudflare are certified under the EU-U.S. Data Privacy Framework (and its UK and Swiss extensions) and are bound by Standard Contractual Clauses, both recognised transfer mechanisms under the GDPR.

7

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

When data is no longer required, it is securely deleted or anonymised in a manner that prevents reconstruction of personal information.

8

Your Rights

Under the UK GDPR and EU GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at cassconsulting.eu@gmail.com. We will respond within 30 days and will not charge a fee for reasonable requests.

Access

Request a copy of the personal data we hold about you and information about how we use it.

Rectification

Ask us to correct inaccurate or incomplete personal data we hold about you.

Erasure

Request deletion of your personal data where there is no longer a lawful basis for us to retain it.

Restriction

Ask us to restrict how we process your data while a complaint or accuracy dispute is being resolved.

Portability

Receive your data in a structured, machine-readable format and transfer it to another controller.

Objection

Object to processing based on legitimate interests, including profiling for direct marketing purposes.

You also have the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing. If you believe we have not handled your data correctly, you have the right to lodge a complaint with the relevant supervisory authority — in the UK, this is the Information Commissioner's Office (ICO); in the EU, your national data protection authority.

9

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, disclosure, alteration, or destruction. These include:

While we take all reasonable steps to protect your data, no method of internet transmission or electronic storage is completely secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform you directly without undue delay.

10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the services we offer. Any material changes will be indicated by a revised effective date at the top of this page. Where required by law or where changes are significant, we will provide additional notice (e.g. by email to active clients).

We encourage you to review this page periodically to stay informed about how we protect your information.

Questions about this policy?
Our team is happy to clarify any aspect of how we handle your data. Reach us directly and we will respond within 2 business days.

Contact Us