Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (the Act), our nominated representative is our Data Protection Officer. We hold four registrations on the Data Protection Register administered by the Information Commissioner’s Office (ICO), as follows:
- Risk First (Holdings) Limited – Registration Number ZA126476
- Risk First Group Limited – Registration Number ZA126470
- Risk First Limited – Registration Number Z997395X
- Risk First Management Services Limited – Registration Number 1781205
- Details of our Data Protection Register entries can be accessed at www.ico.org.uk and then navigating to “Search the register”.
Scope of this policy
This policy is relevant and applies to any persons other than our own personnel, including clients, suppliers and other persons. Generally, RiskFirst is a data processor and not a data controller in relation to your data. We will only process that data to the extent reasonably necessary for our interactions with your organisation. Our arrangements with your organisation, such as NDAs and licences or other commercial contracts, may contain contractual terms that limit our access to personal or other data in this context, and prevent you or your organisation from furnishing personal data to us.
If you are a RiskFirst employee or contractor, there may be additional data that we hold about you as data controller for HR and payroll purposes. There is a supplemental data protection policy applicable to RiskFirst personnel, which can be accessed via our internal systems, the details of which have been advised to our personnel.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms on our internet sites, including riskfirst.com, pfaroe.com and any sub-domains (our site). This includes information provided at the time of registering to use our site, subscribing to our services, posting material or requesting further services or information.
- We may also ask you for information when you report a problem with our site or our services.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site (including traffic data, location data, weblogs and other communication data) and the resources that you access.
IP addresses and cookies
We may retain information about your computer, including where available your IP address, operating system and browser type, for system administration and to collect and assess aggregate information (statistical data about users' browsing actions and patterns). We may also obtain information about you by using a cookie described further in the following paragraph.
Where we store your data
All information you provide to us is stored securely. If you have a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. Please do not share your password with anyone.
Transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your risk. Once we have received your information, we will use procedures and security to try to prevent unauthorised access.
Uses made of the information
We use information held about you to:
- Ensure that content from our site is presented in the most effective manner for you and for your computer.
- Provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- Carry out our obligations arising from any contracts entered into between you and us.
- Allow you to participate in interactive features of our service, if you choose to do so.
- Allow us (or third parties acting on our behalf) to send marketing materials to you.
- Notify you about changes to our service.
We may use information in different or additional ways in the future. If we do so, we will post the updated disclosure on this page or elsewhere on our site. However, we will not sell your information to third parties for their own use, nor will we disclose it to third parties other than as described in the following section.
Disclosure of your information
We may disclose your information to any member of our group. We may disclose your information to third parties:
Who provide services to RiskFirst (for example, those who conduct marketing campaigns to our clients on our behalf).
In the event that we sell or buy any business or assets, in which case we may disclose your data to a prospective seller or buyer (including in any sale of RiskFirst, in which case data held by it about its clients may be transferred assets).
If we must disclose or share your data in order to comply with any legal obligation, or in order to enforce or apply our Access Rules (if these apply to you) and other agreements; or to protect the rights, property, or safety of RiskFirst, our clients or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
You have the right to ask us not to process your data for marketing purposes in which case we may also unsubscribe you from our site and delete your account and data. You can exercise this right at any time by contacting us at mailto:firstname.lastname@example.org or by following links from marketing emails.
Our site may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please review these policies before you submit any personal or other data to these websites.
Access to information
The Act gives you the right to access personal information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee to meet our costs in providing you with details of the information we hold about you.
Last Revised and Approved: June 2017