Privacy Policy

Risk Ledger collects and processes personal data relating to visitors to this website, in relation to the services we provide, and as part of our general business operations. The data we process, how we process it, and who receives it, varies depending on your interactions with us (details of which are set out below).

For circumstances in which Risk Ledger is a controller of personal data, the following items apply.

Details of controller and data protection officer
Risk Ledger Limited is the controller, is registered as a controller with the UK’s Information Commissioner’s Office (“ICO”) under number A8430342 and has its registered office at Adam House, 7-10 Adam Street, London WC2N 6AA. Our data protection officer can be contacted by email at data@riskledger.com.

Transfers outside of the EEA
Our group operations and supply chain mean that we sometimes need to send personal data outside of the EEA. Where we do so, we ensure the use of appropriate safeguards including adequacy decisions made, or standard contractual clauses approved, by the European Commission. To request copies of the appropriate safeguards used for such transfers, email data@riskledger.com.

Your rights
You can request that we correct, erase, or grant you access to personal data we hold relating to you. Where processing is based on your consent, you can withdraw that consent to our processing of your personal data at any time. To ask questions about your rights, or to request to exercise them, email data@riskledger.com.

If you’re concerned that Risk Ledger is handling your personal data improperly, you have the right to make a complaint to the ICO, which is our data protection supervisory authority.

What we collect and use

Our processing of personal data as a controller falls into the categories below:

  • Visitors to riskledger.com;
  • Users of Risk Ledger’s services;
  • Candidates for jobs and other engagements with Risk Ledger;
  • Business contacts.

Visitors to riskledger.com
When you browse this website, we collect and use data in the following ways.

Data we process
Data on how you use the site. What pages you visit, the means you use to visit (browser version, time zone, OS, etc.), the length of your visit, how often you visit, and information on how you navigate the site.

Identifying information
Your IP address and unique identifiers tied to cookies.

What we do with that data
Site optimisation (analysing aggregated data to update the site’s content and layout to improve visitors’ experience).

Basis for processing
Legitimate interests (better understanding user behaviour to improve the way users can access the site).

Processing period
Data holding periods are determined by cookie expiry times.

Data recipients
Website analytics vendors and marketing automation providers.

Risk Ledger users

Data we process
Name, email address, phone number, your employer and job role, your platform activity and IP address.

What we do with that data
Name and job details we use for account creation and management within your organisation’s account on Risk Ledger. Contact details we use for account authentication (including multi-factor authentication) and emails with critical product updates. If you opt into marketing communications, we’ll use your email address to send broader updates on Risk Ledger. Platform activity data we use for retaining audit trails for security monitoring, logging activity to maintain software quality, and site analytics to help us to improve our services.

Basis for processing
Other than marketing communications, which rely on consent, we process this data on the grounds of our legitimate interest in providing a secure service with user attribution and industry-standard software logs.

Processing period
All personal data associated with the service is deleted upon request by the user. The data may be held in backups for a period of 1 month after the deletion request.

Data recipients
Our back-end infrastructure and hosting providers, logging providers, service desk software providers, and email marketing tools.

Job candidates
This includes all recruitment related data that candidates provide to us.

What we do with that data
Contact you about your candidacy, assess your suitability for the role applied for, and to assess your suitability for relevant future roles.

Basis for processing We conduct this processing on the basis of our legitimate interest in finding and selecting the most suitable candidates to join our team.

Processing period
We store your information for 12 months after we disqualify your candidacy for the role applied for. Successful candidates’ information becomes subject to our employee privacy policy/notice.

Data recipients
Our applicant tracking system provider, testing providers used in the assessment process, and our business communication/storage providers.

Business contacts
This includes all data that is provided to us during the normal course of business (business cards, email addresses of leads etc.).

What we do with that data
Corresponding with you in relation to our services before and after a sale.

Basis for processing
If you request that we contact you to provide more information on our services to you, we’ll process your data and contact you based on your request prior to entering into a contract.

Otherwise, we rely on legitimate interests for contracting and billing as part of our business operations, retaining copies of our business correspondence, and tracking consents and other notices given for data protection purposes. If at some point you opt into marketing emails, we’ll rely on your consent for processing related to that process.

Processing period
We hold this data for 6 years from the date of the last correspondence.

Data recipients
Cloud storage providers, marketing automation tools, our accounting providers, e-signature providers, and customer support/servicing tools.