Data Privacy Notice

Introduction

Risk Decisions is committed to protecting and respecting your privacy. This Privacy Notice together with our terms and conditions explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we will store and handle that data, and keep it safe. The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”). We hope the following sections will answer any questions you have but if not, please do get in touch with us.

1.    Definitions

Data controller – A controller determines the purposes and means of processing personal data.

Data processor – A processor is responsible for processing personal data on behalf of a controller.

Data subject – Natural person

Categories of data: Personal data and special categories of personal data

Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2.    Who are Risk Decisions?

Risk Decisions Ltd is the Data Controller. This means we decide how your personal data is processed and for what purposes. Our contact details are on our website www.riskdecisions.com/contact. For all data matters contact privacy@riskdecisions.com

3.    When do we collect your personal data

  • When you visit our website
  • When you fill in any forms on our website or at an event.
  • When you contact us by any means with queries, complaints etc.
  • When you ask us to email you information about a product or service.
  • When you purchase a product or service
  • When you engage with us on social media
  • When you book any kind of appointment with us or book to attend an event
  • When you choose to complete any surveys we send you.
  • When you comment on or review our products and services.
  • Pure Offices, our office landlords usually have CCTV systems operated for the security of both visitors and employees. These systems may record your image during your visit.

4.    How and why do we use your personal data

We will use your personal data for the following purposes:

  • To respond to your queries and feedback on the products and services that we offer. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service, and to enable us to understand how we can improve our products and services based on your experience.
  • With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, telephone and post about relevant products and services.
  • To send you survey and feedback requests to help improve our products and services. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
  • To send you communications required to inform you about updates to this Privacy Notice.
  • We will monitor your browsing activity on our website to quickly identify and resolve any problems and protect the integrity of our website. We do this on the basis of your consent for our website to place cookies or similar technology on your device. We will do this as part of our legitimate interest.
  • To share data with law enforcement.

We know how much data security matters to all our customers. We will, therefore, treat your data with the utmost care and take all appropriate steps to protect it.

5.    The sort of personal data we collect

With reference to the category of personal data described in the definitions section, we only process the following category of your data:

  • Your name, title, work address, work telephone number(s), work email address, your social media username and LinkedIn profile address.
  • Details of your interactions with our Customer Support, Sales and Account Management Teams. For example, notes from our conversations with you, details of any feedback you give or comments you make, and how and when you contact us.
  • We collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, and any search terms you entered.
  • Your image may be recorded on CCTV when you visit our office.
  • Your car number plate may be recorded when you park in our car park

6.    Our legal basis for processing your personal data?

See article 6 of GDPR.

Our lawful basis for processing your general personal data: Examples
Consent of the data subject; For example, when you complete a form on our website to receive email newsletters.
Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract Our commercial contracts, such as our Software Licence Agreement, Support Contract
Processing necessary for compliance with a legal obligation We pass on any details of people we suspect are involved in fraud to law enforcement
Processing necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject We require your data to pursue our legitimate interests in a way that might be reasonably expected as part of running our business and which does not materially impact your rights, freedoms or interests. For example, we may use your personal data to send you an invitation to event or other products that may interest you.

7.    Sharing your personal data

We will treat your personal data as strictly confidential.

With your prior consent, we may sometimes share your personal data with Risk Decisions’ overseas subsidiaries and trusted third parties. We only provide the information they need to perform their services. Our contract with them specifies they must follow our data protection policy. If we stop using their services, any of your data held by them will be deleted.

For example, we may share your contact details with our marketing agency to enable them to contact you regarding writing an article with you.

Other examples of third parties we work with are the IT companies who support our website and other business systems.

8.    How long do we keep your personal data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. After that we will delete your data completely.

For example, we may share your contact details with our marketing agency to enable them to contact you regarding writing an article with you. Other examples of third parties we work with are the IT companies who support our website and other business systems.

9.  Providing us with your personal data

You are under no statutory or contractual requirement or obligation to provide us with your personal data. Without sharing your personal data we will be unable to fulfil your request for information on our products and services.

10.  Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date or incomplete;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • That if you withdraw consent we stop any consent-based processing of your personal data.
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

To ask for a copy of any information we hold about you, please contact Data Protection Officer privacy@riskdecisions.com. To ask for your information to be amended contact our Customer Support team. Please note there is will be a £10 charge for any information we provide.

There are several ways you can stop direct marketing communications from us:

  • Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails.
  • Contact our Customer Support Team or your Account Manager.

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

11.  Transfer of Data Abroad

Sometimes we may transfer personal data to our subsidiary companies and sales agents outside the European Economic Area (EEA), such as Australia or the USA. We will only do so with your specific prior consent.

12.  Automated Decision Making

We do not use any form of automated decision making in our business.

13.  Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

14.  Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

15.  How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact our contact Data Protection Officer on privacy@riskdecisions.com

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

If you are based outside the UK

For all non-UK customers – by using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.

Sometimes we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK.

By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.

This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK.

We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.