This Policy applies as between you, the User of this Web Site and Risk Advisory, the owner and provider of this Web Site, and the controller of your Personal Data under Data Protection Laws. This Policy applies to our use of any and all Personal Data collected by us in relation to your use of the Web Site and any Services or Systems therein.
1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
|“Account”||means collectively the personal information, payment information and credentials used by Users to access material and / or any communications System on the Web Site;|
|“Content”||means any text, graphics, images, audio, video, software, data compilations and any other form of information capable of being stored in a computer that appears on or forms part of this Web Site;|
|“Data”||means collectively all information that you submit to the Web Site or which we collect about you through, or as a result of your visit to, the Web Site. This includes, but is not limited to, Account details and information submitted using any of our Services or Systems;|
|“Data Protection Laws” "Personal Data"||means the General Data Protection Regulation 2016/679 ("GDPR") and any applicable implementation of GDPR (including the Data Protection Act 2018 in the UK), Directive 2002/58/EC and applicable national implementations of it, and any other applicable privacy laws, as any of the same may be amended, superseded or replaced from time to time; means any Data relating to an identified or identifiable natural person;|
|“Risk Advisory”||means The Risk Advisory Group Ltd trading as Risk Advisory 3 More London Riverside London SE1 2AQ;|
|“Service”||means collectively any online facilities, tools, services or information that Risk Advisory makes available through the Web Site either now or in the future;|
|“System”||means any online communications infrastructure that Risk Advisory makes available through the Web Site either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;|
|“User” / “Users”||means any third party that accesses the Web Site and is not employed by Risk Advisory and acting in the course of their employment; and|
|“Web Site”||means the website that you are currently using (www.riskadvisory.com) and any sub-domains of this site (e.g. subdomain.www.riskadvisory.com) unless expressly excluded by their own terms and conditions.|
2. Data Collected
We will collect and process Data about you in the following ways:
Information you provide to us such as when you create an account on the Web Site, sign up to a mailing list, apply for a job vacancy, sign up for an event, use the Services and Systems, get in touch with us by phone, email or otherwise or give us feedback. Such information may include your name, address, e-mail address, job title, phone number, financial and credit card information.
Information we receive from other sources. We may receive information about you from event partners if you sign up to an event we are involved in and the registration is through the partner's site. We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies ) and may receive information about you from them.
We may hold the following Personal Data for the purposes set out in this Policy:
- date of birth;
- job title;
- contact information such as email addresses and telephone numbers;
- demographic information such as post code, preferences and interests;
- financial information such as credit / debit card numbers;
- IP address (automatically collected);
- web browser type and version (automatically collected);
- operating system (automatically collected);
- a list of URLS starting with a referring site, your activity on this Web Site, and the site you exit to (automatically collected); and
3. Our Use and Storage of Data
Any Personal Data you submit or which is collected via the Web Site will be retained by Risk Advisory for as long as you use the Services and Systems provided on the Web Site and then for a period in accordance with our retention policy. For example, contact details and collected data such as IP address, web browser type and operating system will generally be deleted after two years if there is no further engagement with Risk Advisory.
Unless we are obliged or permitted by law to do so, and subject to Clause 4, your Personal Data will not be disclosed to third parties. We may however share your Data with other companies within our group and, where you sign up for events we run in collaboration with third party partners, with those partners.
All Personal Data is stored securely in accordance with the principles of the Data Protection Laws. For more details on security, see Clause 10 below.
Any or all of the above Personal Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Web Site. Specifically, Personal Data may be used by us for the following reasons:
- internal record keeping;
- provision of products/services;
- improvement of our products / services;
- transmission by email of promotional materials that may be of interest to you (provided we have your consent to do so or, where applicable, you have not opted out of receiving such materials) ;
- contact for market research purposes which may be done using email, telephoneor mail. Such information may be used to customise or update the Web Site.
4. Third Party Web Sites and Services
Risk Advisory may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, providers of web hosting services, customer relationship management (CRM) systems, marketing automation services, data analytics, events management, recruitment software, payment handling, search engine facilities, advertising and marketing. We may share your Personal Data with the third party providers of such services. Any Personal Data used by such parties is used only to the extent required by them to perform the services that Risk Advisory requests. Any use for other purposes is strictly prohibited. Furthermore, any Personal Data that is processed by third parties must be processed within the terms of this Policy and in accordance with the Data Protection Laws.
5. Changes of Business Ownership and Control
Risk Advisory may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Personal Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Personal Data for the purposes for which it was supplied by you.
In the event that any Personal Data submitted by Users will be transferred in such a manner, you will be contacted in advance and informed of the changes.
6. Lawful grounds for processing your Data
Under Data Protection Laws, there are a limited number of lawful grounds for processing Personal Data, and we are required to inform you of which lawful grounds we are relying upon to process your Personal Data.
Necessary for performance of a contract: where we are using your Personal Data to provide you with access to Services, such as webinar or seminar registration or where you sign up for newsletters, we will be processing your Personal Data on the basis that it is necessary for us to do so in order to perform a contract between us. We will not be able to provide you with requested Services if we are not provided with certain basic information about you, which will be indicated by the mandatory fields in online forms.
Legitimate Interests: for most other processing purposes (as identified in Clause 3 above), we will be relying on the "legitimate interests" ground under Data Protection Laws. This means that the processing of your Personal Data is necessary for the purpose of pursuing our legitimate interests, and that in our judgement the processing does not result in any impact on your rights and freedoms, including your right to privacy, which would override our interests. This requires us to carry out an impact assessment to ensure that we are processing your Personal Data fairly. The legitimate interests that we pursue are summarised in the Clause 3 above.
Consent: for certain processing purposes, we may request your consent to authorise the processing. For example, if you are not a customer of Risk Advisory and have not enquired about our products or services, we may need a clear consent from you in order to send any communications to you about our products or services.
7. Your Rights
You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your Personal Data, by clicking on the "unsubscribe" link in any communications you receive or by contacting us at either of the addresses shown below.
Rights of Rectification, Erasure, Restriction and Portability: Subject to the limitations set out in Data Protection Laws, you have the following additional rights in relation to Personal Data we hold about you:
- the right to have inaccurate Personal Data rectified and to have incomplete personal data completed;
- the right to have your Personal Data erased in certain circumstances (e.g. if the Data is no longer necessary in relation to the purposes for which they were collected);
- the right to restrict our processing to limited purposes in certain circumstances (e.g. whilst a challenge to the accuracy of the Personal Data is verified);
- the right to access your Personal Data (see section 8 below);
- the right to receive your Personal Data in a structured, commonly used and machine-readable format; and
- to the extent that we are relying on your consent to process Personal Data, the right to withdraw your consent.
Right to Object: Where we are processing your Personal Data on the basis of our legitimate interests (see Clause 6 above), you have the right to object at any time to our processing, and we will be obliged to stop processing your Personal Data unless there are compelling legitimate grounds for us continuing to do so, and where such grounds override your right to object. In addition, you have the right to object at any time to our use of your Personal Data for direct marketing purposes. To exercise any of the rights referred to above, please contact us at firstname.lastname@example.org, or write to us at Data Protection, The Risk Advisory Group, 3 More Riverside, London SE1 2AQ.
8. Accessing your own Data
You may access your Account at any time to view or amend the Personal Data. You may need to modify or update your Personal Data if your circumstances change. Additional Data as to your marketing preferences may also be stored and you may change this at any time.
Data Protection Laws give you the right, free of charge, to access Personal Data held by us about you, and to be provided with information about matters such as the purposes of the processing, the categories of Personal Data, third party recipients and the Data retention period. Your right of access can be exercised in accordance with the Data Protection Laws and by contacting us at the above e-mail or postal addre
Data security is of great importance to Risk Advisory and to protect your Personal Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Personal Data collected online.
11. Transfers outside EEA
Risk Advisory may transfer your Personal Data to affiliates or third party service providers based outside the European Economic Area ("EEA") for the purposes of receiving third party services such as those identified in section 4 above (e.g. customer relationship management (CRM) systems, marketing automation services, data analytics) particularly as the servers for such service providers may be located outside the EEA. If we transfer any of your Personal Data outside the EEA, we shall ensure that lawful transfer mechanisms are in place in accordance with Data Protection Laws, such as Privacy Shield (for US transfers) or the EU Commission-approved Model Clauses.
12. Changes to this Policy
If you have any concerns about our processing of your Personal Data, you may also lodge a complaint with the Information Commissioner's Office (ICO), which is the UK regulator in relation to Data Protection Laws. The contact details for the ICO can be found at www.ico.org.uk.