Privacy & Data Governance Policy
Seraphim Risk & Residence
Effective Date: 28.01.2026
Seraphim Risk & Residence (“Seraphim”) maintains a privacy and data-governance framework designed to meet the expectations of family offices, institutional clients, and ultra-high-net-worth principals. Data confidentiality, minimization, and controlled access are treated as operational risk-management functions.
1. Data Controller and Governance
Seraphim Risk & Residence acts as the data controller for personal data processed in connection with its services.
Data Governance Principles
• Purpose limitation
• Data minimization
• Confidentiality by design
• Access control based on operational necessity
• Documentation and auditability
Responsibility for privacy oversight rests with senior management.
2. Scope and Applicability
This policy governs personal data processed through:
• Website interactions and inquiries
• Client onboarding and advisory engagements
• Security planning, assessments, and briefings
• Counterparties, vendors, and professional intermediaries
Where contractual confidentiality or NDA provisions apply, those provisions supersede and augment this policy.
3. Categories of Data Processed
Seraphim processes only data necessary for the delivery of advisory and security services.
Typical Categories
• Identity and contact information
• Professional role or affiliation
• Engagement-specific operational information
• Risk, logistics, and security-related inputs provided by the client
Seraphim does not engage in systematic profiling, behavioral tracking, or commercial data enrichment.
Special category data is processed only when operationally required, subject to heightened safeguards and lawful basis.
4. Legal Basis for Processing
Processing is conducted under one or more of the following bases:
• Performance of a contract or pre-contractual engagement
• Legitimate interests relating to security, risk management, and fraud prevention
• Compliance with legal or regulatory obligations
• Explicit consent, where required
5. Data Security and Access Controls
Seraphim applies enhanced protective measures consistent with the sensitivity of security-related information.
Controls include:
• Restricted access on a need-to-know basis
• Segregation of sensitive engagement data
• Secure storage and controlled transmission
• Internal confidentiality obligations applicable to all personnel
Client-specific materials (e.g., assessments, plans, briefings) are handled as restricted information assets.
6. Data Sharing and Third Parties
Personal data is disclosed only when strictly necessary, including:
• Vetted professional counterparties essential to service delivery
• Legal or regulatory authorities where required by law
Seraphim does not sell, license, or monetize personal data.
Third parties are contractually bound by confidentiality and data-protection obligations aligned with this policy.
7. Cross-Border Data Transfers
Where data is transferred outside the EU/EEA, Seraphim implements appropriate safeguards, including:
• Adequacy determinations
• Standard Contractual Clauses (SCCs)
• Equivalent legal or contractual protections
8. Data Retention and Lifecycle Management
Data retention is governed by:
• Engagement scope and duration
• Legal and regulatory requirements
• Risk and liability considerations
Data is securely deleted, anonymized, or archived under restricted access once no longer required.
9. Rights of Data Subjects
Subject to applicable law, individuals may:
• Request access to personal data
• Request correction or erasure
• Restrict or object to processing
• Request data portability where applicable
Requests are handled in a controlled manner to prevent unauthorized disclosure.
10. Website Data and Cookies
Seraphim’s website uses minimal technical cookies required for:
• Secure operation
• Performance and stability
No third-party advertising or behavioral tracking is deployed.
11. Policy Review and Amendments
This policy is reviewed periodically to reflect:
• Regulatory developments
• Operational changes
• Institutional best practices
The most current version is maintained on the Seraphim website.
12. Contact and Oversight
Privacy-related inquiries should be directed to:
Seraphim Risk & Residence
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.