Riskable

Privacy Policy

About this Notice

RISKABLE LTD offers accessible cyber security benchmarking through promoting safe sharing and use of data. With strong information security and privacy at the heart of our business we only collect personal data necessary to enable us to provide and further develop our services and products. This privacy notice explains what personal data we collect and use and, how we ensure this data is kept secure and confidential.

Please note this privacy notice does not cover non-personal data such as data you may upload or generate through use of the Riskable platform and applications. Where such data contain personal data (as entered by you into the Service) we will undertake reasonable steps to anonymise such data prior further use as described in our Terms of Service ensuring no customer identifiable information is stored

For information about how processes this type of data please see our terms of service.

From time to time we may need make changes to this privacy notice to reflect regulatory changes or, changes in our use of personal data. Where reasonably possible we will notify you any material changes to how we use your personal data and to this privacy notice. We suggest you check our website regularly to stay up to date. You should also share this notice with anyone else whose personal data you share with us.

Who we are

RISKABLE LTD (Riskable, we, us, our) are the organisation responsible for processing your personal information.

What personal data we collect

  • Directly from you:
  • Full name
  • Contact details (phone, email, address etc.)
  • Financial information (to facilitate payments)
  • Demographic data (such as organisation you are connected to)
  • Feedback on our services/products/organisation (as provided by you)
  • Technical information – for example: IP address, browser type or, cookie collated data. For more information on how we use cookies please see Cookies and Similar Technologies section of this notice.
  • From third parties:
  • Full name and Contact details provided by your organisation to use our services/products

How/When we collect personal data

  • When you use our website
  • when you visit our website – for example cookie collated data
  • when you subscribe to our newsletters or automatic updates
  • When you interact with us – for example fill product enquiry form or use our chatbot service
  • When you access/use our services/products
  • When you participate or access our blogs, webinars or other RISKABLE created resources
  • When you sign up to emails, newsletters or, events organised by us

Cookies and Similar Technologies

We use cookies and other cookie-like technologies to collect information that helps us to maintain security and effective operation of our website. We may also use these technologies to understand how users interact with our website.

Cookies are small data files stored on your hard drive or memory of the device used to access our website. They are commonly used on websites to help keep the websites functioning safely and properly and also may provide additional information about the website use.

We only use essential cookies that enable our website to function properly. These cookies enable security and proper functioning of our website. You may disable these cookies by turning off the cookie function, but this may also affect proper functioning of our website.

Purposes and Lawful bases for processing personal data

As part of our activities, we use personal data for following purposes:

  • Administering your relationship with us and your use of our services:

    When you or your organisation can provide you with our services and products. In certain circumstances it is contractually necessary for us to use your data e.g. when setting up a contract with you. Or, where the use of your personal data is in our legitimate interest and may be reasonably expected for example when your organisation shares your personal data with us to allow you to access the services or products they obtain from us.

  • Marketing:

    We only use your personal data for marketing where you gave us your consent. For example, when you ask us to send you information or tick a box to receive future emails/invites or notifications from us. You may withdraw the consent at any time by letting us know using any of the contact options in this notice.

  • Ensuring Information Security:

    It is in our legitimate interest to take measures to protect our information and systems (including personal data) against unauthorised access, misuse, corruption or, loss. We only use the data that is relevant and necessary to do this.

    In certain circumstances e.g. when sharing personal information with law enforcement agencies we may also be required by law to use your personal data.

  • Business analysis and product development:

    Constantly developing, improving, and optimising our services and product is an essential part of our business.

    It is in our legitimate interest to take measures to protect our information and systems (including personal data) against unauthorised access, misuse, corruption or, loss. We only use the data that is relevant and necessary to do this. Where possible using pseudonymised or anonymised datasets to reduce risk to personal data.

Who we share your personal data with:

  • Suppliers and/or sub-contractors acting on our behalf and subject to appropriate contractual agreements in place.
  • Payment providers (when facilitating payments)
  • Other companies within Riskable Group
  • Regulators, law enforcement or government agencies – when we are required to disclose responding to requests from such bodies.

Information security

We use technical and organisational measured to protect personal data we use against unauthorised access, misuse, corruption or loss. If you like to find out more about our Information Security practices or, you are concerned about security of your personal data please contact us using the details in how to contact us section of this notice.

Processing personal data outside the UK

We may transfer personal data outside the UK and the European Economic Area (EEA). When transferring your personal data we ensure that the data is given the equivalent level of protection. For example, we put in place appropriate contractual agreements with any third parties. We also ensure that any international transfers of personal data are subject to appropriate safeguards.

How long we keep your personal data

We will only keep your personal data for as long as it is necessary for the purposes the data was collected for, ensuring that our retention period align to the applicable legal and regulatory requirements. The length of time we hold the data varies depending on the purposes the data was collected for.

Once your personal data is no longer necessary, we will either anonymise the data so that you can no longer be identified directly or indirectly from this data or, we dispose of this data securely applying the best industry standards.

If you would like more information about our data retention practices, please contact us using the details in how to contact us section of this notice.

Your rights

The UK GDPR gives you the following rights in relation to your personal information:

  • a right to be informed – you have a right to know about what personal data we process, for what reasons and how. We make this information readily available through this privacy notice
  • a right of access – you have a right to know whether we process your personal data and to request copies of the data
  • a right to rectification – you have a right to ask us to correct or update any personal data we hold that is inaccurate or incomplete
  • a right to erasure – you have a right to ask us to delete all personal data we hold about you. This means that we will remove your personal data from our records, except where we need to retain your personal data to fulfil our contract with you or comply with law
  • a right to restrict processing – in certain circumstances such as where there is a concern that the personal data we use is incorrect you have a right to ask us to pause processing your personal data 
  • a right to data portability – you have a right to ask us to pass your personal data to another party 
  • a right to object – you have a right to object to us processing your personal data where we rely on legitimate interest
  • a right to withdraw consent – where we rely on your consent to process your personal data you have a right to withdraw your consent at any time

Please note that these rights are not absolute and there may be situations where we cannot comply with your request. If we decide not to comply with your request, we will explain our reasons for rejecting your request to you.

You also have the right to complaint about the way we handle your personal data. To make a complaint please contact us directly using the details in how to contact us section of this notice.

You can also refer your complaint to the Information Commissioner at any time. Information Commissioner's Office website: https://ico.org.uk/your-data-matters/

How to contact us:

If you have any questions about this privacy notice, how we use your personal data, or your rights please contact us

By email: [email protected]

By post: Riskable Ltd, 71-75 SHELTON STREET, COVENT GARDEN, LONDON, WC2H 9JQ 

Version:

This Privacy Notice was last updated: 31/10/2022

[email protected]
Copyright © 2024 Riskable Ltd|Privacy Policy|Terms of Service