Customers and General Users
risual Limited offer consulting, solutions and managed services in IT and in doing so we engage with our clients, employee’s, third-party suppliers (data processors), current and former employee applicants who may hold and process your personal data on our behalf. This policy (together with our Terms of Conditions and other documents referred to on it) sets out the basis of our approach on safeguarding the privacy of your personal data when we collect, or that you provide to us, and how this will be processed by us.
risual is responsible for collecting, processing, storing and safe-keeping personal and other information as part of our business activities. We manage personal information in accordance with the Data Protection Act 2018 and are registered (registration number ZA004209) as a Data Controller with the Information Commissioner’s Office (ICO).
risual takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact: firstname.lastname@example.org
2 What information do we collect?
We collect and process personal data about you when you interact with us and when you purchase goods and services from us. The personal data we process includes but is not limited to:
- your name;
- your home or work address, email address and/or phone number;
- your job title;
- your payment and delivery details, including billing and delivery addresses;
- and/or any other information you provide.
Visiting our websites:
When you visit one of our websites, we collect standard internet log information for statistical purposes.
- We do not make any attempt to identify visitors to our websites. We do not associate information gathered from our sites with personally identifying information from any source.
Our websites contain links to various third-party websites. We are not responsible for the content or privacy practices of any external websites that are linked from our sites.
3 How do we use this information and what is the legal basis for this use?
We use your information to respond to your enquiries, provide you with services and manage your relationship with us. We may also use your personal information for technical administration, research and development, customer administration, marketing and to identify areas where we can improve the services we provide. We only collect or use personal information for those purposes indicated in our notification with the Information Commissioner’s Office.
We will regularly review the personal information we hold about you and make changes to any service or information-handling processes when the law or the Information Commissioner request such changes.
We process the personal data listed in section 2 above for the following purposes:
- as required to establish and fulfil a contract with you, for example, if you order from us or enter into an agreement to provide or receive services. This may include verifying your identity, taking payments, communicating with you and arranging the delivery or other provision of products or services. We require this information in order to enter into a contract with you and are unable to do so without it;
- to comply with applicable law and regulation;
- in accordance with our legitimate interests in protecting risual’s legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);
- with your express consent to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website or our products or services;
- we may use information you provide to personalise (i) our communications to you; (ii) our website; and (iii) services for you, in accordance with our legitimate interests;
- to monitor use of our websites and online services. We may use your information to help us check, improve and protect our content, services and websites, both online and offline, in accordance with our legitimate interests;
- we may use your information to invite you to take part in market research or surveys.
Direct marketing will only be made where you have given your consent to receive it or in accordance with our legitimate interests. You have the right to object to direct marketing at any time.
risual will make contact via the telephone, as a direct way to contact and share information about the services we can deliver, only to business numbers that are not registered on the Telephone Preference Service (TPS) or the Corporate TPS (CTPS) and haven’t objected to our calls.
4 With whom and where will we share your personal data?
We may share your personal data with the below third parties:
- our professional advisors such as our auditors and external legal and financial advisors;
- marketing and communications agencies where they have agreed to process your personal data in line with this Privacy Notice;
- market research companies;
- our suppliers, business partners and sub-contractors.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers who will process it on behalf of risual for the purposes above. Such third parties include, but are not limited to, providers of website hosting, maintenance and identity checking.
In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.
5 How long will you keep my personal data?
We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
Where you are a customer, we will keep your information for the length of any contractual relationship you have with us and after that in line with our retention policies or contractual terms.
Where you are a prospective customer and you have expressly consented to us contacting you, we will only retain your data (a) until you unsubscribe from our communications; or, if you have not unsubscribed, (b) while you interact with us and our content; or (c) for 12 months from when you last interacted with us or our content.
We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require risual to hold certain information for specific periods other than those listed above.
6 Where is my data stored?
The personal data that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, in which case the third country’s data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place.
7 What are my rights in relation to my personal data?
We will be as open as possible with you about the personal information we hold about you, and if something is wrong we want to work with you to put it right. The GDPR provides the following rights for individuals:
- The right to be informed of how their personal data is being used – this right is fulfilled by the provision of ‘privacy notices’ as described above;
- The right of access to their personal data – accessing personal data in this way is usually known as making a ‘subject access request’;
- The right to have their inaccurate personal data rectified;
- The right to have their personal data erased where appropriate – known as the right to be forgotten;
- The right to restrict the processing of their personal data pending its verification or correction;
- The right to receive copies of their personal data in a machine-readable and commonly-used format – known as the right to data portability;
- The right to object: to processing (including profiling) of their personal data that proceeds under particular legal bases; to direct marketing; and to processing of their data for research purposes where that research is not in the public interest;
- The right not to be subject to a decision based solely on automated decision-making using their personal data
Should you have any queries regarding this Privacy Notice, about risual’s processing of your personal data or wish to exercise your rights you can contact risual via email at: email@example.com. If you are not happy with our response, you can contact the Information Commissioner’s Office: https://ico.org.uk/.
Job Applicant Privacy Notice
As part of any recruitment process, risual collects and processes personal data relating to job applicants. risual is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
2 What information do we collect?
As a job applicant, risual collects a range of information about you. This includes but may not be limited to:
- Your name, address and contact details, including email address and telephone number;
- Details of your qualifications, skills, experience and employment history;
- Information about your current level of remuneration, including benefit entitlements;
- Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process;
- Information about your entitlement to work in the UK.
risual may collect this information in a variety of ways. For example, data might be contained in CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment. We may also collect personal data about you from third parties, such as references supplied by former employers or our recruitment partner agencies. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so.
3 Why does risual process personal data?
risual has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
4 Who has access to data?
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
risual utilises the services of third-party suppliers (recruitment agencies) when recruiting new employees. In this case we will ensure that any such supplier adheres to at least the same obligations of security with regard to your data as undertaken by us.
We will not share your data with any other third parties, unless the law allows or requires us to do so.
If we make an employment offer to you, we will provide further information about our handling of your personal information in an employment context separately.
5 For how long does risual keep data?
If your application for employment is unsuccessful, risual will hold your data on file for six months after the end of the relevant recruitment process. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed. The periods for which your data will be held if your application for employment is successful will be provided to you in a new privacy notice.
6 Your rights
As a data subject, you have a number of rights. You can:
- Access and obtain a copy of your data on request;
- Require the organisation to change incorrect or incomplete data;
- Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- Object to the processing of your data where risual is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact the HR mailbox (firstname.lastname@example.org) with the subject ‘Subject Access Request’. risual will respond to your request within one month of receipt. This deadline can be extended where there are a number of requests or the request is complex.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
7 What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to risual during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.