Privacy and Cookies Policy
Risk Solved Privacy & Cookies Policy
We will never reveal any details that you give to us to any third party, except our professional advisors or as required by law, without your express consent. We do not collect your contact details simply for browsing the site; they are only collected for the purposes of responding to your requests for information. An anonymous cookie may be used to track your movements around the site. We cannot identify you from this.
Any details that are collected are stored in a secure, confidential database only accessible by Risk Solved staff. We respect the intentions of data protection law. If you would like to opt out of receiving any contact from Risk Solved email email@example.com with adequate information to help us identify you in our database or complete our form.
Data protection law in Europe changes on 25 May 2018 under the General Data Protection Regulation (GDPR). It adds significant protection for you over your Personal Data. It gives you:
- greater control of your data
- control over whether we can contact you, by what media and in what circumstances
- ability to change your mind at any time
- strong penalties for companies who suffer data security breaches.
Personal Data means any information relating to an identifiable person, directly or indirectly identifiable by any means whether electronic or on paper.
RSL act as Data Controller and Data Processor under GDPR.
Use of Personal Data
We will only use your Personal Data when we have your clear informed consent from you to do so, and only to:
- Fulfil our contract with you (if any)
- Fulfil our legal or regulatory obligations
- Satisfy our legitimate interests, i.e. a business or commercial reason to use your information which does not unfairly use it against your best interests
We do this to provide our services to you, to comply with our legal and regulatory obligations and to keep you informed about our products and services.
If you do not want us to use your Personal Data in this way now or in the future, please opt out by contacting us as set out herein.
Types of Personal Data Collected by RSL and Sources we use
We collect information about you when you enquire via our website, sign up as a user of our product, email or phone us, in meetings, seminars or webinars, social media, and whilst providing services to you, job applications (if relevant), and from customer surveys. We may also visit your website or other publicly available sources of information including social media to collect information about you. Types of information we collect about you:
- Your name, business address and business contact details
- Other people in your organisation
- Documents in different formats or copies of them
- Contact details re meetings, phones calls, emails and letters
- Via cookies when you visit our website or product
- Transaction data
Although our product can be configured by ours customers to collect almost any data which may or may not be classified as personal data under the GDPR, we act merely as data processor and not as data controller for this type of data, and do not access it or share it with any third party except sub-contractors providing technical services to us subject to appropriate checks and contractual safeguards. It is our customers’ responsibility under the GDPR to implement an appropriate policy for collection of any such data.
Disclosure of Personal Data
We may share your Personal Data within our company and with our suppliers and professional advisors where essential to provide our services to you, or where legally or regulatorily required.
We will never sell or transfer your data to any other third party. We will process your Personal Data lawfully and keep it safe and secure.
Processing Personal Data
All our data processing within our products and services is carried out within the UK. Our corporate systems are hosted by Microsoft on Office 365 also within UK data centres.
We will only send your data outside the UK if:
- You access our product from a location outside the UK
- You are based outside the UK – customers based outside the UK will also be hosted in our UK data centres unless they adopt an on-premise solution, in which case their and their customers’ Personal Data will be transferred over the internet internationally.
- All data transfer is carried out in encrypted form at all times (using SSL).
As we will never send your data overseas except at your request, we cannot vouch for the equivalency of data security laws in those international jurisdictions.
Personal Data Protection and Retention
RSL takes information security seriously and complies with our policies and procedures to ensure this at all times. Those policies and procedures include stringent controls to protect Personal Data and prevent loss or damage to it through accident, negligence or deliberate acts. Our policies are communicated to our staff through annual training.
We are subject to security audits by some of our customers who deem our security controls adequate and in line with good industry practice.
We will keep your Personal Data for as long as you are a customer of RSL plus seven years unless agreed otherwise, or for any longer period required legally or by a regulator.
Rights of the Data Subject
You (a Data Subject) or in the case of our customers, your own customers who may have Personal Data stored in our product, have certain rights in relation to our use of your information. These are:
- Right of access & portability: you can request access to a copy of all the information we hold on you at any time (to do so, email firstname.lastname@example.org). You may also request to transfer your data for your own purposes, in which case we will work with you to do so securely. Note that mass transfers of data from our product are not included in this right and would be subject to a fee due to the work involved.
- Right of rectification: If you discover we hold inaccurate or incomplete data about you, you have a right to have it corrected or deleted unless we have a compelling reason to keep it (to do so, email email@example.com)
- Right to restrict processing: you can ask to block or suppress the processing of Personal Data in certain circumstances. We will not delete your data in this case, so as to ensure we respect your request for suppression. (To do so, email firstname.lastname@example.org)
- Right to object: You can object to our processing of your Personal Data in certain circumstances.
- Rights to do with automated decision making: if we process your Personal Data by making automated decisions about you or to profile you for marketing or other purposes (which we currently do not) then you have the right to opt out of us doing so in your case. (To do so, email email@example.com)
Cookies are small text files that are placed on your computer by websites that you visit, including www.risksolved.com and our product. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
We only collect standard internet log information and details of patterns of visits. This helps us analyse the number of visitors. All such data gathered is anonymous and we cannot and do not attempt to identify anyone from it. If we try to collect personally identifiable information from any website, we will be open and upfront about it on the page(s) where we do so.
Enquiries, Complaints and Nominated Data Protection Officer
If you have any enquiry to make to us in accordance with this Policy, or a complaint about our processing of your Personal Data, please email firstname.lastname@example.org or write to the Data Protection Officer, Risk Solved Ltd, 6 Bevis Marks, London, EC3A 7BA. Our Chief Executive, Thomas Coles, holds responsibility as Data Protection Officer. We will do our best to respond as quickly as possible and to satisfy your request or complaint. However if we do not satisfy you, you can complain to the Information Commissioner who can be contacted via www.ico.org.uk.