Please read the following carefully to understand our views and practices regarding your data and how we will treat it.
For the purpose of the Data Protection Act 2018, our nominated representative is our Data Protection Officer. We hold four registrations on the Data Protection Register administered by the Information Commissioner’s Office (ICO), as follows:
- Risk First (Holdings) Limited – Registration Number ZA126476
- Risk First Group Limited – Registration Number ZA126470
- Risk First Limited – Registration Number Z997395X
- Risk First Management Services Limited – Registration Number 1781205
Details of our Data Protection Register entries can be accessed at www.ico.org.uk and then navigating to “Search the register”.
Scope of this policy
This policy is relevant and applies to any persons, including clients, suppliers and other persons. Generally and subject to the following paragraph, RiskFirst is a data processor and not a data controller in relation to your data. We will only process that data to the extent reasonably necessary for our interactions with your organisation, and we will follow the instructions of the data controller. Our arrangements with your organisation, such as NDAs and licences or other commercial contracts, may contain contractual terms that limit our access to personal or other data in this context, and prevent you or your organisation from furnishing personal data to us.
If you are a RiskFirst employee or contractor (or a candidate to become one), there may be additional data that we, as data controller, collect and hold about you for recruitment, HR, payroll and other legitimate purposes. There are supplemental data protection provisions applicable to RiskFirst personnel, which can be accessed via our internal systems or documents, the details of which have been advised to our personnel.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms on our internet sites, including riskfirst.com, pfaroe.com and any sub-domains (our site). This includes information provided at the time of registering to use our site, subscribing to our services, posting material or requesting further services or information.
- We may also ask you for information when you report a problem with our site or our services.
- If you contact us, we may keep a record of that correspondence (including your business contact details, such as email address and telephone number).
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site (including traffic data, location data, weblogs and other communication data) and the resources that you access.
IP addresses and cookies
We may retain information about your computer, including where available your IP address, operating system and browser type, for system administration and to collect and assess aggregate information (statistical data about users' browsing actions and patterns). We may also obtain information about you by using a cookie described further in the following paragraph.
Where we store your data
All information you provide to us is stored securely. If you have a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. Please do not share your password with anyone.
Transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your risk. Once we have received your information, we will use procedures and security to try to prevent unauthorised access.
Uses made of the information
We use information held about you to:
- Ensure that content from our site is presented in the most effective manner for you and for your computer.
- Provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- Carry out our obligations arising from any contracts entered into between you and us.
- Allow you to participate in interactive features of our service, if you choose to do so.
- Allow us (or third parties acting on our behalf) to send marketing materials to you.
- Notify you about changes to our service.
We may use information in different or additional ways in the future. If we do so, we will post the updated disclosure on this page or elsewhere on our site. However, we will not sell your information to third parties for their own use, nor will we disclose it to third parties other than as described in the following section.
Disclosure of your data
We may disclose your data to any company in our group, and to our staff. We may disclose your information to third parties.
- Who provide services to RiskFirst (for example, those who conduct marketing campaigns to our clients on our behalf).
- In the event that we sell or buy any business or assets, in which case we may disclose your data to a prospective seller or buyer (including in any sale of RiskFirst, in which case data held by it about its clients may be transferred).
- If we must disclose or share your data in order to comply with any legal obligation, or in order to enforce or apply our Access Rules (if these apply to you) and other agreements; or to protect the rights, property, or safety of RiskFirst, our clients or others. This includes exchanging information with other companies and organisations for fraud protection and risk reduction.
You have the right to ask us not to process your data, in which case we may also unsubscribe you from our site and delete your account and data. You can exercise this right at any time by:
- Writing to our Data Protection Officer (details below under “Contact”)
- Following links from marketing emails.
Our site may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these may have their own privacy policies; we do not accept any responsibility or liability for these policies. Please review these policies before you submit any personal or other data to these websites.
Access to data
Data protection law in the UK gives you the right to access personal data held about you, and your right of access can be exercised in accordance with that law. Any access request may be subject to a fee to meet our costs in providing you with details of the information we hold about you.
RiskFirst does not normally record telephone conversations. In certain limited circumstances (for example, for training or quality assurance purposes), RiskFirst personnel are able to record telephone calls; when doing so, they will inform all other parties to the call that it is being recorded and the reasons for recording it. We will make reasonable efforts that no personal data is communicated over the telephone.
Last Revised and Approved: March 2019