risual Limited offer consulting, solutions and managed services in IT and in doing so we engage with our clients, employee’s, third-party suppliers (data processors), current and former employee applicants who may hold and process your personal data on our behalf. This policy (together with our Terms of Conditions and other documents referred to on it) sets out the basis of our approach on safeguarding the privacy of your personal data when we collect, or that you provide to us, and how this will be processed by us.
risual is responsible for collecting, processing, storing and safe-keeping personal and other information as part of our business activities. We manage personal information in accordance with the Data Protection Act 2018 and are registered (registration number ZA004209) as a Data Controller with the Information Commissioner’s Office (ICO).
risual takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact: firstname.lastname@example.org
We collect and process personal data about you when you interact with us and when you purchase goods and services from us. The personal data we process includes but is not limited to:
Visiting our websites:
When you visit one of our websites, we collect standard internet log information for statistical purposes.
Our websites contain links to various third-party websites. We are not responsible for the content or privacy practices of any external websites that are linked from our sites.
We use your information to respond to your enquiries, provide you with services and manage your relationship with us. We may also use your personal information for technical administration, research and development, customer administration, marketing and to identify areas where we can improve the services we provide. We only collect or use personal information for those purposes indicated in our notification with the Information Commissioner’s Office.
We will regularly review the personal information we hold about you and make changes to any service or information-handling processes when the law or the Information Commissioner request such changes.
We process the personal data listed in section 2 above for the following purposes:
Direct marketing will only be made where you have given your consent to receive it or in accordance with our legitimate interests. You have the right to object to direct marketing at any time.
risual will make contact via the telephone, as a direct way to contact and share information about the services we can deliver, only to business numbers that are not registered on the Telephone Preference Service (TPS) or the Corporate TPS (CTPS) and haven’t objected to our calls.
We may share your personal data with the below third parties:
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers who will process it on behalf of risual for the purposes above. Such third parties include, but are not limited to, providers of website hosting, maintenance and identity checking.
In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.
We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
Where you are a customer, we will keep your information for the length of any contractual relationship you have with us and after that in line with our retention policies or contractual terms.
Where you are a prospective customer and you have expressly consented to us contacting you, we will only retain your data (a) until you unsubscribe from our communications; or, if you have not unsubscribed, (b) while you interact with us and our content; or (c) for 12 months from when you last interacted with us or our content.
We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require risual to hold certain information for specific periods other than those listed above.
The personal data that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, in which case the third country’s data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place.
We will be as open as possible with you about the personal information we hold about you, and if something is wrong we want to work with you to put it right. The GDPR provides the following rights for individuals:
Should you have any queries regarding this Privacy Notice, about risual’s processing of your personal data or wish to exercise your rights you can contact risual via email at: email@example.com. If you are not happy with our response, you can contact the Information Commissioner’s Office: https://ico.org.uk/.
As part of any recruitment process, risual collects and processes personal data relating to job applicants. risual is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
As a job applicant, risual collects a range of information about you. This includes but may not be limited to:
risual may collect this information in a variety of ways. For example, data might be contained in CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment. We may also collect personal data about you from third parties, such as references supplied by former employers or our recruitment partner agencies. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so.
risual has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
risual utilises the services of third-party suppliers (recruitment agencies) when recruiting new employees. In this case we will ensure that any such supplier adheres to at least the same obligations of security with regard to your data as undertaken by us.
We will not share your data with any other third parties, unless the law allows or requires us to do so.
If we make an employment offer to you, we will provide further information about our handling of your personal information in an employment context separately.
If your application for employment is unsuccessful, risual will hold your data on file for six months after the end of the relevant recruitment process. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed. The periods for which your data will be held if your application for employment is successful will be provided to you in a new privacy notice.
As a data subject, you have a number of rights. You can:
If you would like to exercise any of these rights, please contact the HR mailbox (firstname.lastname@example.org) with the subject ‘Subject Access Request’. risual will respond to your request within one month of receipt. This deadline can be extended where there are a number of requests or the request is complex.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
You are under no statutory or contractual obligation to provide data to risual during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.