By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
DeclineAccept

Privacy Policy

Last updated: 30th January 2026

About Us

Sindri Consulting Limited (registration number 162740) (we, us or our) is an AI consultancy incorporated in Jersey. We help professional services firms, particularly those in financial services, adopt AI safely and compliantly.

We are the controller of personal data collected through our website and while providing our services. We are subject to the Data Protection (Jersey) Law 2018.

Data Protection Contact

If you have questions about this notice or wish to exercise your rights, please contact:

Rory Forrest
Email: rory@sindriconsulting.com

What We Collect

We collect personal data in the following ways:

Through Our Website

Information you give us: your name, email address, organisation, role and enquiry details when you submit a contact form, complete a questionnaire or readiness assessment, sign up for a newsletter, or otherwise request information about our services.

Technical information: your IP address, browser type, device information, pages visited and how you interact with our website, collected automatically through cookies. See the Cookies section below for details.

Through Our Marketing and Business Development

Contact information: your name, email address, job title, organisation and contact details of individuals who engage with us through networking, events, referrals, email correspondence, or other business development activities.

Relationship data: records of our interactions with you, including emails sent and received, meetings held and your areas of interest.

Through Social Media

Social media interactions: if you engage with us through social media platforms (such as LinkedIn), we may collect information from your public profile, messages you send us, and records of our interactions. Your use of social media platforms is also subject to those platforms’ own privacy policies.

Through Our Consulting Services

Client contact information: name, email address, job title and contact details of individuals at client organisations with whom we work.

Project information: information you provide to us or that we generate while delivering our services, which may include details about your organisation, systems, and processes.

Meeting and workshop records: notes, recordings (with consent) and outputs from meetings, workshops, and training sessions.

We do not collect sensitive personal data unless specifically required for a client engagement, in which case we will inform you separately.

How We Use Your Data

We use your personal data for the following purposes (in each case with the appropriate legal basis set out alongside):

Responding to your enquiries – Legitimate interests (operating our business)

Providing our consulting services to you or your organisation – Performance of a contract; Legitimate interests (provision of our services)

Managing our client relationships – Legitimate interests (client relationship management)

Sending you information about our services, insights, or events (where you have consented or we have a legitimate interest) – Consent; Legitimate interests (business development)

Maintaining our business records – Legitimate interests (business administration)

Improving our website and services – Legitimate interests (improving our services)

Complying with our legal and regulatory obligations – Legal obligation

Where we rely on consent, you can withdraw it at any time by contacting us.

Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms. You can contact us for more information about our assessment.

Our Consulting Services

We are the controller of personal data we collect for our own purposes (managing our website, marketing, and client relationships).

When we provide consulting services, we typically work within client systems and infrastructure. We do not ordinarily receive, store or process personal data belonging to our clients’ customers or end users. Any automations or AI solutions we develop are implemented in client environments using client infrastructure.

Where our work does require access to client systems containing personal data, such access is governed by our engagement terms and appropriate security controls. We do not retain copies of client data beyond what is necessary for the specific engagement.

Our Use of AI Tools

As an AI consultancy, we use AI tools to support our work. This may include using AI to assist with research, analysis, drafting and other tasks while delivering our services. We rely on our legitimate interest in delivering services efficiently and effectively. We only use AI tools that have been approved under our internal governance framework.

When we use AI tools:

  • We use enterprise versions where feasible, and in all cases disable data sharing and model training features
  • We remain responsible for the quality and accuracy of our work
  • We do not input confidential client information into AI tools without appropriate safeguards or client consent
  • We do not fine-tune or train AI models on client data
  • We apply the same governance principles we advise our clients to adopt
  • Human review and judgement is applied to AI-assisted outputs

Who We Share Your Data With

Our IT systems are based on Microsoft 365, with data hosted in European data centres. Microsoft acts as a processor of data stored in these systems.

We may also share your personal data with:

  • Service providers who assist us with website hosting (Webflow), email, newsletter services, and other business tools (including AI tools)
  • Professional advisers (such as lawyers and accountants) where necessary
  • Other parties with your consent or at your direction
  • Regulators or law enforcement where required by law

We require all service providers to keep your data secure and only process it on our instructions.

We do not sell your personal data.

International Transfers

Our primary IT infrastructure (Microsoft 365) is hosted in European data centres. However, some of our service providers process data in the United States, including Webflow (website hosting) and Google (analytics).

Where we transfer your data internationally, we ensure appropriate safeguards are in place. Our US-based service providers are certified under the EU-US Data Privacy Framework, which provides an adequate level of data protection. We periodically review the status of this framework and will implement additional safeguards (such as standard contractual clauses) if required.

Contact us if you would like more information about the safeguards we use.

Data Security

We use appropriate technical and organisational measures to protect your data, including access controls, encryption, and secure systems. However, no transmission over the internet is completely secure and we cannot guarantee absolute security.

How Long We Keep Your Data

We keep your personal data only for as long as necessary for the purposes for which it was collected. This means we consider:

  • The nature of the data and our relationship with you
  • Whether we have an ongoing business need to retain it
  • Any legal or professional obligations that require us to keep records.
  • Your preferences, including any request to delete your data

In general, we will delete or anonymise your data within a reasonable period after our relationship ends or you ask us to do so, unless we need to retain it for legal, accounting, or legitimate business purposes.

Website analytics data is retained in accordance with Google Analytics’ standard retention settings.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Ask us to correct inaccurate data
  • Ask us to delete your data (in certain circumstances)
  • Object to our processing of your data
  • Ask us to restrict processing of your data
  • Receive your data in a portable format (data portability)
  • Withdraw consent where we rely on it
  • Lodge a complaint with the supervisory authority (see Complaints below)

To exercise any of these rights, please contact us using the details above. We will normally respond within four weeks, however, if your request is complex, we may extend this period by a further eight weeks. If we do so, we will provide you with the reasons for the extension.

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Marketing

You will receive marketing communications from us only where you have consented or where we have a legitimate interest to contact you (for example, if you are an existing client or have previously engaged with us).

You can opt out at any time by:

  • Clicking “unsubscribe” in any marketing email
  • Contacting us directly

We will not share your data with third parties for their marketing purposes.

Cookies

Our website uses cookies - small text files stored on your device - to help the website function and to understand how visitors use our site.

Types of Cookies We Use

Cookie Purpose Duration Type
fs_cc (Finsweet) Stores your cookie consent preferences 1 year Essential
_ga (Google Analytics) Distinguishes unique visitors 2 years Analytics
ga* (Google Analytics) Maintains session state 2 years Analytics

Essential cookies: the Finsweet Cookie Consent tool stores your consent preferences so we can honour your choices. This cookie is necessary for the website to function properly and cannot be switched off.

Analytics cookies: we use Google Analytics to understand how visitors interact with our website. These cookies collect information that may constitute personal data (such as IP addresses and device identifiers) and are only set after you have given your consent. Google Analytics collects anonymised usage data to help us improve our website and services. No additional marketing or tracking cookies are set, and no social media pixels or other third-party trackers are loaded.

Your Cookie Choices

When you first visit our website, you will be asked to consent to non-essential cookies. You can change your preferences at any time through your browser settings or by clicking “Cookie Settings” in the website footer (if available).

Most browsers allow you to block or delete cookies. However, blocking essential cookies may affect how the website functions.

For more information about cookies, visit www.allaboutcookies.org.

Links to Other Sites

Our website may link to third-party sites. We are not responsible for their privacy practices. Please read their privacy notices.

Changes to This Notice

We may update this notice from time to time. Material changes will be highlighted on our website. The “Last updated” date at the top indicates when this notice was last revised.

Complaints

If you are unhappy with how we handle your data, please contact us first. You also have the right to complain to the Jersey Office of the Information Commissioner:

Website: www.jerseyoic.org
Email: enquiries@jerseyoic.org
Address: 2nd Floor, 5 Castle Street, St Helier, Jersey JE2 3BT
Telephone: +44 (0) 1534 716530

Before AI becomes a regulatory question, assess your AI exposure

Confidential. Designed for regulated firms. No obligation.

Get your AI Maturity Score