Privacy Policy

Effective Date: February 23, 2023
Last Updated: September 8, 2025

The Cadris Group, (“Cadris,” “The Cadris Group,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit our website, contact us, submit an inquiry, apply for pro bono support, subscribe to communications, participate in a consultation, or otherwise interact with our services.

This Privacy Policy applies to our website, communications, forms, resources, consultations, and general business operations. It does not replace any specific privacy, confidentiality, or data protection terms that may be included in a separate written agreement with a client.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

The Cadris Group is a strategic consulting, research, supply chain advisory, sourcing strategy, sustainability-informed business support, and organizational advisory firm based in the United States.

For purposes of applicable privacy laws, Cadris may act as a “controller,” “business,” or similar role when we determine the purposes and means of processing personal information. In some client engagements, we may process information on behalf of a client under a separate agreement.

2. Information We Collect

We collect personal information in several ways, depending on how you interact with us.

a. Information You Provide Directly

You may provide personal information when you contact us, submit a form, book a consultation, apply for pro bono services, subscribe to updates, send documents, or communicate with us by email, phone, video call, or other channels.

This information may include:

  1. Name.

  2. Email address.

  3. Phone number.

  4. Organization or company name.

  5. Job title or professional role.

  6. Country, region, or business location.

  7. Project details, business needs, or inquiry information.

  8. Documents, files, images, or materials you choose to submit.

  9. Billing, payment, invoice, or tax-related information.

  10. Communication preferences.

  11. Any other information you voluntarily provide.

b. Business and Consulting Information

In connection with consulting inquiries or engagements, we may collect information about your organization, goals, operations, suppliers, strategy, market position, sustainability priorities, leadership needs, research questions, or other business matters.

This may include non-public business information. While some of this information may not be personal information, it may still be treated as confidential depending on the context.

c. Pro Bono Application Information

If you apply for pro bono or reduced-fee support, we may collect information needed to evaluate your request, such as your organization’s mission, project needs, available resources, eligibility details, contact information, and supporting documents.

We ask that you not submit sensitive personal information unless it is necessary for your request.

d. Information Collected Automatically

When you visit our website, we may automatically collect certain technical and usage information, including:

  1. IP address.

  2. Browser type and version.

  3. Device type.

  4. Operating system.

  5. Pages viewed.

  6. Time spent on pages.

  7. Referring website or source.

  8. Approximate location derived from IP address.

  9. Date and time of visit.

  10. Interactions with website content, forms, links, or downloads.

  11. Cookie identifiers or similar technologies.

This information helps us operate, secure, analyze, and improve our website.

e. Information from Third Parties

We may receive information from third-party service providers, analytics tools, referral partners, public sources, professional platforms, payment processors, scheduling tools, email platforms, or other sources where permitted by law.

For example, we may receive confirmation of a scheduled meeting, payment status, form submission details, email engagement data, or publicly available business information relevant to an inquiry.

3. Sensitive Personal Information

We do not intentionally seek or require sensitive personal information through our website. Sensitive information may include health data, biometric data, precise geolocation, government identification numbers, financial account details, racial or ethnic origin, religious beliefs, political opinions, union membership, sexual orientation, or similar categories under applicable law.

Please do not submit sensitive personal information unless it is necessary for the specific service or inquiry and you are comfortable sharing it with us.

If sensitive information is provided, we will process it only as reasonably necessary for the purpose for which it was provided, with your consent where required, or as otherwise permitted by law.

4. How We Use Personal Information

We may use personal information for the following purposes:

  1. To respond to inquiries and communications.

  2. To evaluate project requests, consultation needs, or pro bono applications.

  3. To provide consulting, research, advisory, sourcing, supply chain, organizational, or related services.

  4. To schedule meetings, calls, workshops, or consultations.

  5. To prepare proposals, statements of work, estimates, invoices, or engagement materials.

  6. To process payments and maintain business records.

  7. To send service-related communications.

  8. To send newsletters, insights, updates, or marketing communications where permitted by law.

  9. To improve our website, content, services, and user experience.

  10. To understand website traffic, engagement, and performance.

  11. To protect the security and integrity of our website, systems, records, and services.

  12. To comply with legal, tax, accounting, regulatory, or contractual obligations.

  13. To establish, exercise, or defend legal rights.

  14. To prevent fraud, misuse, unauthorized access, or unlawful activity.

  15. To support business administration, internal reporting, and operational planning.

We do not sell your personal information in the ordinary sense of exchanging it for money.

5. Legal Bases for Processing Personal Information

If you are located in the European Economic Area, United Kingdom, Switzerland, or another jurisdiction that requires a legal basis for processing, we may process your personal information based on one or more of the following legal bases:

  1. Contractual necessity: To provide services, respond to requests, or take steps before entering into an agreement.

  2. Consent: To send certain communications, use certain cookies, or process information you voluntarily provide where consent is required.

  3. Legitimate interests: To operate our business, improve services, respond to inquiries, secure our website, evaluate applications, and communicate with prospective or current clients, provided those interests are not overridden by your rights.

  4. Legal obligation: To comply with tax, accounting, regulatory, legal, or governmental requirements.

  5. Vital interests or public interest: Where applicable and legally permitted, though these bases are not expected to be common for our services.

You may withdraw consent at any time where processing is based on consent.

6. How We Share Personal Information

We may share personal information with third parties only as reasonably necessary for legitimate business, operational, legal, or service-related purposes.

a. Service Providers

We may share information with trusted service providers who help us operate our business, including providers of:

  1. Website hosting.

  2. Email communication.

  3. Contact forms.

  4. Analytics.

  5. Scheduling.

  6. Customer relationship management.

  7. Cloud storage.

  8. Secure file sharing.

  9. Payment processing.

  10. Invoicing and accounting.

  11. Legal, tax, compliance, or professional advisory services.

  12. Cybersecurity, fraud prevention, or technical support.

These providers are authorized to use personal information only as needed to provide services to us or as otherwise permitted by law.

b. Professional Advisors

We may share information with lawyers, accountants, auditors, insurers, consultants, or other professional advisors where necessary for business, legal, tax, insurance, or compliance purposes.

c. Clients and Engagement Participants

Where services involve multiple stakeholders, we may share relevant information with authorized representatives of the client organization or project participants as reasonably necessary to perform the services.

d. Legal and Compliance Purposes

We may disclose personal information if required or permitted by law, regulation, subpoena, court order, governmental request, law enforcement request, or legal process.

We may also disclose information where we believe it is necessary to protect our rights, safety, property, users, clients, business operations, or others.

e. Business Transfers

If Cadris is involved in a merger, acquisition, restructuring, financing, sale of assets, transfer of business operations, or similar transaction, personal information may be transferred as part of that transaction, subject to applicable law.

7. Cookies, Analytics, and Similar Technologies

Our website may use cookies, analytics tools, pixels, tags, log files, or similar technologies to operate the website, remember preferences, understand visitor behavior, measure content performance, improve user experience, and support security.

Cookies may include:

  1. Essential cookies: Necessary for website functionality and security.

  2. Analytics cookies: Used to understand website traffic and usage.

  3. Preference cookies: Used to remember user choices.

  4. Marketing or communication cookies: Used to understand engagement with content or campaigns, where applicable.

Where required by law, we will request consent before placing non-essential cookies. You can usually manage cookies through your browser settings or through any cookie preference tool made available on our website.

If we use Google Analytics or similar tools, those tools may collect information about your device, browser, website activity, and approximate location. You can learn more about managing analytics preferences through the relevant provider’s settings and browser tools.

8. Email Communications and Marketing

If you subscribe to updates, download a resource, submit an inquiry, or otherwise opt in to communications, we may send you emails about insights, services, events, resources, or updates that may be relevant to you.

You may unsubscribe from marketing emails at any time by using the unsubscribe link in the email or contacting us directly.

Even if you unsubscribe from marketing communications, we may still send non-marketing communications, such as responses to inquiries, service updates, scheduling messages, invoices, legal notices, or administrative information.

9. Payments and Billing

If you purchase paid services, we may collect billing information, payment details, invoice information, tax information, and related business records.

Payment information may be processed by third-party payment processors. We generally do not store full credit card numbers or complete payment card details on our own systems unless expressly stated and handled through appropriate safeguards.

Payment processors are responsible for their own handling of payment data according to their privacy policies and applicable payment security requirements.

10. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may depend on:

  1. The nature of the information.

  2. The purpose for which it was collected.

  3. Whether there is an active or potential client relationship.

  4. Legal, tax, accounting, reporting, or regulatory requirements.

  5. Dispute resolution, audit, security, or recordkeeping needs.

  6. Consent withdrawal or deletion requests.

  7. Our legitimate business needs.

When personal information is no longer needed, we will delete, anonymize, or securely retain it in accordance with applicable law and reasonable business practices.

11. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These safeguards may include access controls, secure storage, limited access permissions, reputable service providers, secure communication tools, and internal handling practices.

No method of transmission or storage is completely secure. We cannot guarantee absolute security of personal information, but we take reasonable steps to protect it.

12. International Data Transfers

Cadris is based in the United States. If you access our website or services from outside the United States, your personal information may be transferred to, stored in, or processed in the United States or other countries where we or our service providers operate.

These countries may have data protection laws that differ from those in your country of residence.

Where required by applicable law, we use appropriate safeguards for international transfers, which may include contractual protections, standard contractual clauses, vendor due diligence, or other lawful transfer mechanisms.

13. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. These rights may include the right to:

  1. Access the personal information we hold about you.

  2. Request correction of inaccurate or incomplete information.

  3. Request deletion of personal information.

  4. Request restriction of certain processing.

  5. Object to certain processing.

  6. Withdraw consent where processing is based on consent.

  7. Request a copy of your information in a portable format.

  8. Opt out of certain marketing communications.

  9. Opt out of certain sales, sharing, or targeted advertising activities where applicable.

  10. Limit the use of sensitive personal information where applicable.

  11. Lodge a complaint with a data protection authority or supervisory authority.

To exercise your rights, please contact us using the contact details listed below.

We may need to verify your identity before responding to a request. We will respond within the time required by applicable law.

14. Privacy Rights for California Residents

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, if the law applies to Cadris.

These rights may include:

  1. The right to know what categories of personal information we collect, use, disclose, sell, or share.

  2. The right to request access to specific pieces of personal information.

  3. The right to request deletion of personal information.

  4. The right to request correction of inaccurate personal information.

  5. The right to opt out of the sale or sharing of personal information.

  6. The right to limit the use or disclosure of sensitive personal information, where applicable.

  7. The right not to be discriminated against for exercising privacy rights.

Cadris does not sell personal information for money. If our use of analytics, cookies, pixels, or advertising technologies is considered “sharing” or “selling” under California law, you may have the right to opt out.

To submit a California privacy request, contact us at [Insert Privacy Email]. If required, we will provide additional methods for submitting requests.

Authorized agents may submit requests on behalf of California residents where permitted by law. We may require proof of authorization and identity verification.

15. Privacy Rights for EEA, UK, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have rights under applicable data protection laws, including the right to access, correct, delete, restrict, object to processing, withdraw consent, and request data portability.

You may also have the right to lodge a complaint with your local data protection authority.

If GDPR, UK GDPR, or Swiss data protection law applies, Cadris will process personal data in accordance with applicable legal bases and safeguards.

16. Privacy Rights for Canadian Residents

If you are located in Canada, you may have rights under the Personal Information Protection and Electronic Documents Act, provincial privacy laws, or other applicable privacy legislation.

These rights may include the right to access personal information, request correction, withdraw consent subject to legal or contractual restrictions, and challenge our privacy practices.

17. Do Not Track and Global Privacy Controls

Some browsers or devices may transmit “Do Not Track” signals. Because there is not a uniform industry standard for responding to these signals, our website may not respond to all Do Not Track signals.

Where required by applicable law, we will honor legally recognized opt-out preference signals, such as Global Privacy Control, if our website or service providers are configured to detect and apply them.

18. Children’s Privacy

Our website and services are intended for adults and business users. They are not directed to children under the age of 13, and we do not knowingly collect personal information from children.

If you are under 18, you should not submit personal information to us without appropriate parental or guardian consent.

If we learn that we have collected personal information from a child in a manner not permitted by law, we will take reasonable steps to delete it.

19. Third-Party Websites and Services

Our website, emails, or materials may include links to third-party websites, platforms, resources, tools, reports, vendors, suppliers, or publications.

We are not responsible for the privacy practices, security, content, policies, or data handling of third parties. When you interact with a third-party website or service, your information is governed by that third party’s privacy policy and terms.

20. Publicly Available Information

If you engage with us through public channels, such as social media, comments, public posts, event platforms, or online communities, information you share may be visible to others.

Please use care when sharing information publicly. We are not responsible for how other users or third parties use information that you choose to make public.

21. Client Confidentiality and Business Information

This Privacy Policy addresses personal information. Separately, we may receive confidential business information from clients, prospective clients, or partners.

We take reasonable care to protect non-public business information shared with us. Additional confidentiality obligations may be addressed in proposals, statements of work, non-disclosure agreements, or other written agreements.

22. Automated Decision-Making

We do not use personal information submitted through our website to make decisions that produce legal or similarly significant effects through solely automated processing.

We may use analytics, filters, forms, or operational tools to help organize inquiries, understand website use, or manage communications, but human judgment is involved in substantive business decisions.

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, technologies, legal obligations, or business operations.

When we update this Privacy Policy, we will revise the “Last Updated” date above. Material changes may also be communicated through the website or by other reasonable means.

Your continued use of our website or services after an updated Privacy Policy is posted means you acknowledge the updated policy.

24. Contact Us

If you have questions about this Privacy Policy, wish to exercise privacy rights, or want to contact us about how your information is handled, please reach out to:

The Cadris Group
Website: www.cadris.org
Mailing Address: 99 Wall St. #3163, New York, NY 10005

For privacy requests, please include your name, contact information, location, the nature of your request, and enough information for us to reasonably verify and respond to the request.