Privacy Policy
Issue 01 – 01/02/2024
Why a Privacy Policy?
The Riskex privacy policy (the “Privacy Policy”) is all about letting you know that we take the protection and management of your personal information very seriously. As a UK based business our handling of your information is controlled by the UK Data Protection Act 2018). We therefore take great care to protect your personal information or anything which might identify you personally such as:
- Name
- Email address
- Organisation information (e.g. Name, Address, Telephone number)
How do we collect information about you?
Riskex offers services which can be accessed or signed-up for via the website and application online or offline. During the process we may require personal and organisation information.
How do we use your information?
Information we obtain from you is used to:
- Provide our licensed services
- Improve and extend our services
- Respond to your requests for specific services
- Analyse user/visitor interactions
- Market additional Riskex services
Legal requests for information
Riskex may be required under court order to provide personally identifiable information to government authorities. Providing such government departments/agencies have legal right to access our records and such enquiries are correctly made, we will supply such authorities with the information they require.
With whom do we share your information?
We would only share personally identifiable information with third parties if:
- You agree to us sharing this information.
- We are forced to bring legal actions against a subscriber who has breached our user
How long do we retain your information?
We retain your information so long as you remain a license holder and by default for 12 months prior to termination of your subscription. You can request earlier permanent deletion of your data if you wish but your data will reside in backups for a period of 3 months thereafter.
Information Security
The Riskex website and application have various security measures in place to protect the loss, misuse and alteration of the information under our control. Although no security measure is fool proof, we believe that these measures are consistent with good practice as modern technology permits and form part of our ISO9001 and ISO27001.
Email Privacy
We follow email marketing best practices at all time. A key aspect of these best practices is the operation of permission based emailing. If you receive emails from Riskex it will be because you have elected to receive such emails or they are communications related specifically to services requested.
Call Privacy
We record all incoming and outgoing calls for contractual and training purposes. Call recordings are retained for a period of 3 months and are never shared with third parties.
Outbound links
The Riskex website and application contain links to other websites. While links are reviewed at the time of publishing we are not responsible for the content of external links as they can be changed without our knowledge.
Your rights
You have various rights in respect of the personal information Riskex holds about you – these are set out in more detail below. If you wish to exercise any of these rights, you can do so by contacting Riskex. Please note that you will need to provide Riskex with evidence of your identity.
Request access to your personal information: You can ask Riskex to give you a copy of the personal information that Riskex holds about you.
Request correction: You can ask Riskex to change or complete any inaccurate or incomplete personal information held about you if not able to through your organisation.
Request erasure: You can ask Riskex to delete your personal information where it is no longer necessary for Riskex or your organisation to use it, you have withdrawn consent, or where Riskex has no lawful basis for keeping it.
Right to object: You can object to Riskex processing of your personal information where Riskex is relying on a legitimate interest and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where Riskex is processing your personal information for direct marketing purposes.
Request restriction: You can ask Riskex to restrict our use of your personal information in the following circumstances: a) if you want us to establish the data’s accuracy; (b) where Riskex’s use of the data is unlawful but you do not want Riskex to erase it; (c) where you need Riskex to hold the data even if Riskex no longer require it as you need it to establish, exercise or defend legal claims; or (d) if you have objected to our use of your data but Riskex needs to verify whether Riskex has overriding legitimate grounds to use it.
Request transfer: You can ask us to provide you or a third party with some of the personal information that Riskex holds about you in a structured, commonly used, electronic form, so it can be easily transferred.
Withdraw consent: If you have given Riskex your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, Riskex may charge a reasonable fee if your request is clearly unfounded, outside of subscription, repetitive or excessive.
Riskex tries to respond to all legitimate requests within one month. Occasionally it may take Riskex longer than a month if your request is particularly complex or you have made a number of requests. In this case, Riskex will notify you and keep you updated.
Contact information
If you have any issues with correcting this information in our database or queries concerning this policy please email helpdesk@riskex.co.uk . We endeavor to respond to all support requests within 48 hrs.
Policy changes
Riskex reserves the right to change its privacy policies at any time. Up to date policies are always available on our website.