Last Updated: May 22nd, 2018
1.1. “European data protection law” – means the EU Regulation 2016/679 General Data Protection Regulations, as amended, consolidated or replaced from time to time;
1.2. “personal data” – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
1.3. “processing” – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. What information does RISCO collect and how is this information used?
2.1. Contact Information
When you contact us through our online ‘Contact Us’ form, we process the contact information that you provide to us, including your name, business/company name, phone number, email address and country of residence. This contact information may be processed for the purposes of communicate with you, for example, to respond to enquires or requests from you for additional information about RISCO products and/or services or any other pre-sale marketing inquiries. We also use this contact information to monitor customer/potential customer communications. You do not need to provide this information to us but if you don't, we will not be able to respond to your communication. The legal basis for this processing is our legitimate interests, namely the business and communications with customers/potential customers.
When you register online or sign up for RISCO customer through our ‘Create New Account’ form and choose to subscribe to our Marketing Notifications, we process the contact information that you provide to us, including your name, business/company name, phone number, email address country of residence and mailing address. This contact information may be processed for the purpose of sending you from time to time (by email, SMS text message, telephone, post or other electronical means) marketing information about RISCO products and services which may be interest to you, such as newsletters, offers, new marketing brochures, product launches, technical updates, promotions and more (“Marketing Notifications”). The legal basis for this processing is consent. You may decline to receive Marketing Notifications from us by contacting us using the details in Section 12 or through our online ‘Contact Us’ form, available at: https://www.riscogroup.com/content/contact-gdpr or by following any instructions we may include in the Marketing
Notification we send to you (for example, an unsubscribe or opt-out mechanism will appear at the foot of any Marketing Notification we send you).
2.3. Customer Relationship
When you contact us through our online ‘Contact Us’ form with a post-sale inquiry or interact with our customer support representatives via email, telephone or in person, we may process contact information, such as your name, business/company name, phone number, email address, and country of residence; and we may also collect information about the RISCO products or services you or your employer or a third party has purchased. We use this information for purposes of managing our relationships with customers, communicating with customers and to provide with customer support. The legal basis for this processing are in performing the contract that we have entered into with you or your employer or a third party and our legitimate business interest in managing our relationships with customers.
2.4. Visitor’s Usage Log Information
2.5. Legal Requirements
3. How we share your personal data?
3.2. We may sometimes contract with third parties to supply products and services to us and/or to you on our behalf, such as with suppliers, subcontractors, vendors or installers that assist us in marketing and customer service, integration services, customer support, and cloud hosting services. Such service providers are required by contract to keep confidential and secure the information received on our behalf and may not use it for any purpose other than to carry out the services they are performing for us. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
3.3. We may compile statistics about the use of our Service including data on traffic, usage patterns, user number, sales and other information. All such data will be anonymized and will not include any personally identifying data, or nay anonymized data that can be combined with other data and used to identify you. We may from time to time share such
data with third parties such as prospective affiliates or partners or advertisers. Data will only be shared and used within the bounds of the law.
3.4. In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal obligations, a court order, or a governmental authority.
4. What happens if our business changes hands?
5. Retaining and deleting personal data
5.1. This Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes for which that data is collected, held and processed, and as permitted or required by law.
5.3. Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. All such retention will be subject to the implementation of appropriate technical and organizational measures to protect the rights and freedoms of data subjects, as required by applicable law.
6. Where does RISCO store your personal data?
6.1. We store your personal data on third-party servers operated by xGlobe server farm, located in London, UK.
6.2. Your personal data may be transferred to a country outside the European Economic Area (EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein), which the European Commission has made an "adequacy decision" with respect to the data protection laws of such country. We will take all steps to ensure that any personal data which is transferred to country outside the EEA is treated as safely and securely at the same levels of protection as it would be within the UK and in accordance with the applicable European data protection law.
7. How does RISCO protect the security of your personal data?
7.1. We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction.
7.2. Should despite of our security measures, a security breach occur that is likely to result in a risk to the data privacy of a data subject, we will inform the relevant data subjects and other affected parties, as well as relevant authorities when required by applicable European data protection law, about the security breach as soon as reasonably possible.
8. The rights you have over your personal data
8.1. We have listed below the rights you have under the European data protection law with respect to your personal data. You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights:
8.1.1. The right to be informed about our collection and use of personal data (see Section 8.2); 8.1.2. The right of access to the personal data we hold about you (see Section 8.2);
8.1.3. The right to rectification if any personal data we hold about you is inaccurate or incomplete; 8.1.4. The right to be forgotten (see Section 8.3);
8.1.5. The right to restrict the processing of your personal data (see Section 8.4);
8.1.6. The right to data portability (obtaining a copy of your personal data to re-use with another company);
8.1.7. The right to object us processing your personal data for particular purpose; 8.1.8. Rights with respect to automated decisions making and profiling; and 8.1.9. The right to withdraw consent (see Section 8.5).
8.2. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data in accordance to the European data protection law. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
8.3. In some circumstances you have the right to ask us to delete any personal data we hold about you without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
8.4. In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
8.5. To the extent that the legal basis for our processing of your personal information is consent (e.g., for marketing purposes), you have the right to withdraw that consent at any time. If you make such withdraw, we will cease to process your personal data for this purpose, provided that such withdrawal will not affect the lawfulness of processing before the withdrawal. If the processing is not based on consent, you have the right to object to the processing.
8.6. If you would like to exercise, or assistance with, any of the aforementioned rights, you may contact our Data Protection Officer at: [email protected] or by using the contact details as described in Section 12 below.
8.7. If you have any cause for complaint about our use of your personal data, please contact our Data Protection Officer at: [email protected] or by using the contact details as described in Section 12 below and we will do our best to solve the problem for you. If we are unable to help, you also have the right to make a complaint to the applicable data protection supervisory authority (if in the UK is to the Information Commissioner Office advice bureau at www.ico.org.uk).
9. Third Party Websites
10. Our Service are not intended for Children
Our Service and apps are meant for adults. We do not knowingly collect personal data from children. If you are a parent or legal guardian and think your child has given us information, you can contact us.