TrackMyRisks understands that your privacy is important to you and that you care how your data is used. We respect and value the privacy of everyone who visits this website (“Our Site”) and will only use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under law.
This privacy and cookies policy (together with the documents referred to in it) (this ‘Policy’) sets out the basis on which any personal data we collect from you, or that you provide to us through our website www.trackmyrisks.com or our web-based software as a service “TrackMyRisks” (together the “Service”), will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
You will be required to indicate your consent to the processing of your Information as set out in this Policy when you first submit Information through the Service. Further, by continuing to use the Service and/or submit any personal information to us you confirm such consent.
We may update this Policy from time to time in accordance with clause 16 below. Date of Last Revision: 16th January 2019.
This Policy does not apply to practices of companies that we do not own or control, or to individuals that we do not employ or manage.
We will only collect and process information about you in accordance with this Policy.
If you have any concerns about privacy, or this Policy, please contact us at firstname.lastname@example.org for the attention of the Data Protection Officer.
1. ABOUT THE SERVICE AND THIS PRIVACY/COOKIES POLICY
2. DATA PROTECTION
2.1. References in this Policy to:
2.1.1. “Data Protection Law” means the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and/or the EU Regulation 2016/679 (the ‘General Data Protection Regulation’) (as applicable), (collectively, “the Data Protection Legislation”) each as amended and/or replaced from time to time, and all other applicable privacy and data protection laws and regulations, as well as any guidance and/or codes of practice issued from time to time by the Information Commissioner;
2.1.2. “Personal Data“, “Data Controller” and “Data Processor” and “processing” shall have the meanings given under applicable Data Protection Law; and
2.1.3. “Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
2.2. We will only use information collected about you in accordance with applicable Data Protection Law.
2.3. For the purpose of the Data Protection Act 2018, the data controller is Continuity Partner Ltd, a company registered in England and Wales under company number 09048129 and with our registered office at 31 Cattle Market Street, Norwich, Norfolk, NR1 3DY, and therefore we are responsible for, and control the processing of, your Personal Data in accordance with Data Protection Law. Personal Data has a legal definition but, in brief, it refers to information from which a living person can be identified. Personal covers information such as your name and contact details, and also less obvious information such as identification numbers, electronic location data and other online identifiers. Such information must be protected in accordance with Data Protection Law.
3. DATA WE MAY COLLECT
3.1. We may ask you for, or you may submit, certain personal and non-personal information and data to us through the Service and we may also automatically collect information about your use when you use the Service (the “Information”). This includes:
3.1.1. your name and address;
3.1.2. the name of your company;
3.1.3. your username and password;
3.1.4. your email address;
3.1.5. your telephone number;
3.1.6. your Internet Protocol (“IP”) address;
3.1.7. your device name (whether laptop, mobile phone, tablet and/or any other hardware);
3.1.8. information surrounding your business sector and operations;
3.1.9. any other content you submit to us via the Service (collectively, “Your Content”), such as comments and marketing preferences and other information concerning your use of the Service; and
3.1.10. any other information, including personal information and data, from third parties and sources other than the Service, such as advertisers or social media networks for which you have approved our access to information.
4. LEGAL BASIS FOR PROCESSING YOUR INFORMATION
4.1. Under Data Protection Law, we may only process your Information if we have a “legal basis” (i.e. a legally permitted reason) for doing so. We For the purposes of this Policy, our legal basis for processing your Information is:
4.1.1. your consent (for which see clause 5 below); or
4.1.2. subject to your rights set out in clause 7 below, the legitimate interest of providing the Services, which requires the processing of your Information.
5. YOUR CONSENT
5.1. As noted above, you will be required to give consent to the processing of your Information as set out in this Policy. We will seek this consent from you when you first submit Information through the Service.
5.2. If you do not consent to such processing you should not submit any Information through the Service.
5.4. If you withdraw your consent, and if we do not have another legal basis for processing your information (see clause 4 above), then we will stop processing your Information. If we do have another legal basis for processing your information then we may continue to do so subject to your legal rights (for which see clause 8 below).
5.6. Please note that if we need to process your Information in order to operate the Service and/or provide our services, and you object or do not consent to us processing your Information, the Service and/or those services may not be available to you.
6. USES OF DATA
6.1. All Information we hold will be kept securely in accordance with an internal security policy. We may process Information held about you for the following purposes:
6.1.1. name, company name, and email address: to register your interest and to administer your user account for the “TrackMyRisks” Service;
6.1.2. username and password: to register and administer your user account for the “TrackMyRisks” Service;
6.1.3. email address: to contact you with news, to offer you additional services, or to provide you with updates to the Service and products or services that you have ordered and purchased through the Service;
6.1.4. sector and operational information: to enable subscribers to the Service to create business risk reports;
6.1.5. phone number: to contact you about matters requiring your urgent attention, to verify your identity or to provide other services with your consent (such as text message notifications); and
6.1.6. Your Content: to process and make available Your Content through the Service and to market to you in accordance with your instructions.
6.2. Information submitted to us via the Service may also be used to:
6.2.1. enable our compliance with applicable laws and regulations;
6.2.2. enable your use of the Service;
6.2.3. provide you with up to date, efficient and reliable services;
6.2.4. process and make available Your Content through the Service;
6.2.5. monitor the use of the Service; and
6.2.6. generally run and improve the Service.
6.3. Google Analytics and advertising cookies and anonymous identifiers may be used to conduct analytics on your access to the Service, including by recording and analysing user behaviour, location, audience, demographic and interest data. This information may be used in order to enable marketing to you and/or may be shared with Google in accordance with clause 13 below.
6.4. We might collect sensitive information about you, but we will never collect sensitive information about you without your explicit consent.
7. YOUR RIGHTS
7.1. If you are an individual, this section sets out your legal rights in respect of any of your Personal Data that we are holding and/or processing. If you wish to exercise any of your legal rights you should put your request in writing to us giving us enough information to identify you and respond to your request.
7.2. You have the right (subject to the payment of a small fee) to request information about Personal Data that we may hold and/or process about you, including: whether or not we are holding and/or processing your Personal Data; the extent of the Personal Data we are holding; and the purposes and extent of the processing.
7.3. You have the right to have any inaccurate information we hold about you be corrected and/or updated. If any of the Information that you have provided changes, or if you become aware of any inaccuracies in such Information, please let us know in writing giving us enough information deal with the change or correction.
7.4. You have the right in certain circumstances to request that we delete all Personal Data we hold about you (the ‘right to be forgotten’). Please note that this right to be forgotten is not available in all circumstances, for example where we need to retain the Personal Data for legal compliance or regulatory purposes. If this is the case we will let you know.
7.5. You have the right in certain circumstances to request that we restrict the processing of your Personal Data, for example where the Personal Data is inaccurate or where you have objected to the processing.
7.6. You have the right to request a copy of the Personal Data we hold about you and to have it provided in a structured format suitable for you to be able to transfer it to a different data controller (the ‘right to data portability’). Please note that the right to data portability is only available in some circumstances. If you request the right to data portability and it is not available to you we will let you know.
7.7. You have the right to object to direct marketing under clause 13 below.
8. CONTACT DETAILS
8.1. To contact us about anything to do with your personal data and data protection, including making a personal/subject data request, please use the following details for the attention of the Data Protection Officer:
Phone: 01252 560331
Postal address: 31 Cattle Market Street, Norwich, Norfolk, NR1 3DY
9.1. If you have any concerns about how we collect or process your Information then you have the right to lodge a complaint with a supervisory authority, which for the UK is the UK Information Commissioner’s Office (“ICO”). Complaints can be submitted to the ICO through the ICO helpline by calling 0303 123 1113. Further information about reporting concerns to the ICO is available at https://ico.org.uk/concerns/.
9.2. We use reasonable efforts to protect your personal data. However, the Internet is an insecure medium and any transmission of personal data to us via our Service is at your own risk. Once we have received your Information, we will use strict procedures and security features to try to prevent unauthorised access.
9.3. When you get in contact with us (for example by email or via instant message) we will keep records of what is communicated. This is to ensure we have a record of our discussion for future reference and so we can improve the Service.
9.4. We may anonymise information about you (so that you cannot be identified from it by third parties) and provide that anonymised information to third parties for the purposes of marketing analysis or to market the Service.
10. OVERSEAS TRANSFERS
10.1. We will only store or transfer your personal data within the European Economic Area, which comprises the EU member states plus Norway, Iceland and Liechtenstein (“EEA”). This means that your personal data will be fully protected under the Data Protection Legislation, GDPR and/or equivalent standards by law.
10.2. From time to time we may need to transfer your Information to countries outside the European Economic Area, which comprises the EU member states plus Norway, Iceland and Liechtenstein (“EEA”).
10.3. Such countries may not have similar protections in place regarding protection and use of your data as those set out in this Policy. Therefore, if we do transfer your Information to countries outside the EEA we will take reasonable steps in accordance with Data Protection Law to ensure adequate protections are in place to ensure the security of your Information.
10.4. By submitting your Information to us in accordance with this Policy you consent to these transfers for the purposes specified in this Policy.
11. INFORMATION ABOUT OTHER INDIVIDUALS
11.1. If you give us information on behalf of a third party, you confirm that the third party has appointed you to act on his/her/their behalf and has agreed that you can: give consent on his/her/their behalf to the processing of his/her/their Information; receive on his/her/their behalf any data protection notices; and give consent to the transfer of his/her/their Information abroad (if applicable).
12. COOKIES, BEACONS AND TRACKING
12.1. Our Service uses ‘cookies’ and similar technologies. Cookies are small text files that are placed on your computer and mobile device by software that you install. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may also be stored in your internet browser by or on behalf of third parties, such as Google or providers of advertising services.
12.2.1. learn about how the Service is being used and which types of individuals are using it;
12.2.2. record which other websites and/or platforms have referred users to the Service;
12.2.3. optimise and improve the Service;
12.2.4. make it easier for you to fill in forms via the Service;
12.2.5. enable the Service to remember your preferences; and
12.2.6. provide you with relevant advertising in accordance with clause 13.
12.3. We use analytics to collect and store anonymous statistical data about our users’ use of the Service. Some of the cookies we use are essential for parts of the Service to operate and have already been set. You may delete and block all cookies, but parts of the Service may not work properly.
12.4. We may also collect information about your computer, mobile phone (or other portable or static device used to access the Service) and your visit to the Service, including where available your IP address, operating system, login, device name, screen name and browser type, for system administration and to report aggregate, anonymised information to our partners and if necessary our advertisers.
12.5. We may use other technologies such as pixel tags, clear GIFs and web beacons on the Service.
13. MARKETING AND EMAIL COMMUNICATIONS
13.1. If you have given permission, we may send you marketing emails about products or services which are similar to or related to those available via our Service, or contact you by email with information about updates to the Service. We will inform you (before collecting your data) and seek your permission if we intend to use your data for such purposes. If you prefer not to receive any direct marketing communications from us, or you no longer wish to receive them, you can opt out at any time (see below).
13.2. We will not send you any other marketing emails or pass your information onto third parties for marketing purposes unless you give your consent to us doing so, or you have given such consent already and have not later opted out (see below).
13.3. You have the right at any time to ask us, or any third party, to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to email@example.com, or contact the relevant third party using their given contact details, giving us or them enough information to identify you and deal with your request. Alternatively you can follow the unsubscribe instructions in emails you receive from us or them.
13.4. If, by completing and submitting our specially designed web form, you specifically request us to contact one or more of our expert partners to help with an issue that you discover through using the Service we shall ask you to confirm via such web-form whether or not you want those partners to contact you regarding them providing assistance to you with such issue.
13.5. You may wish to sign up to one or more of the preference services operating in the UK such as the Telephone Preference Service, the Corporate Telephone Preference Service and the Mailing Preference Service. These may help you prevent unsolicited marketing but note, they will not prevent you from receiving marketing communications that you have consented to receiving.
14. DISCLOSURE OF YOUR INFORMATION
14.1. We may disclose personal information about you:
14.1.1. to other companies within our group of companies (which means our subsidiaries, our ultimate holding company, its subsidiaries and affiliates, as defined in section 1159 of the UK Companies Act 2006);
14.1.2. to our business partners, service providers or third-party contractors to enable them to undertake services for us and/or on our behalf (and we will ensure they have appropriate measures in place to protect your Information); or
14.1.3. if we buy or sell any businesses or assets, in which case your Information may be disclosed to our advisers and any prospective sellers or purchasers and their advisers and will be passed on to the new owners of the business or assets in accordance with such purchase or sale; or
14.1.4. with a view to preventing fraud or reducing credit risk; or
14.1.5. if we are obliged to do so to comply with law, regulations or a court order; or if it is necessary to enforce any other agreements to which we are a party; or if it is necessary to protect our rights, property or the safety of our customers or users.
14.2. If we share your personal information with other companies or entities as above, those companies or entities may contact you by email and they may be based inside or outside of the EEA.
15. DATA RETENTION
15.1. We will only hold data about you for as long as necessary for the purposes set out in clause 6, bearing in mind the purpose for which that data was collected.
16. CHANGES TO THIS POLICY
16.1. We keep this Policy under regular review and may change it from time to time. If we change this Policy we will post the changes on this page, and place notices on other pages of the Service as applicable, so that you may be aware of the Information we collect and how we use it at all times. You are responsible for ensuring that you are aware of the most recent version this Policy as it will apply each time you access the Service.
17.1. If you follow a link from the Service to any third-party websites you should be aware that those websites may have their own privacy policies. We do not accept any responsibility or liability for those websites. Please check the policies of any third-party websites before submitting any personal data to those websites.
17.2. You may request deletion of your account by sending an email to firstname.lastname@example.org.
17.3. All questions, comments or enquiries should be directed to us. We will try to respond to you within 2 business days.
CONTINUITY PARTNER LTD t/a TRACKMYRISKS
31 Cattle Market Street, Norwich, Norfolk, NR1 3DY