Defend against supply chain attacks with Defend-As-One.
No organisation is an island.
Last updated March 21, 2024
Risk Ledger is a global service provider and, correspondingly, it collects Personal Data from individuals in different locations globally. This requires diverse privacy (personal data protection) laws to be applied to Risk Ledger’s usage of your Personal Data. Risk Ledger strives to follow the highest standards of protection of your personal data while, at the same time, respecting local differences in applicable regulation. This Privacy Policy applies to Risk Ledger’s processing of Personal Data globally.
Risk Ledger commits to processing your personal data fairly, securely and only for the specific purposes described below.
We do not share your data with any third parties other than those (described below) that enable us to provide our services to you.
Unless definitions are provided below, all terms starting with a capital letter shall have the meaning defined in Risk Ledger Terms of Use.
As the contracting entity, Risk Ledger Ltd is the Data Controller of Risk Ledger Service User’s Personal Data.
The information below indicates the different purposes for which your Personal Data, may be processed as a Risk Ledger Service User by Risk Ledger, as well as their different categories, the legal basis the processing is based on, categories of their recipients, and information about the period for which we process your Personal Data for the particular processing purpose (the retention period).
In addition to the purposes listed below, Risk Ledger may also process personal data as required by applicable law.
Analytics of user behaviour within the Risk Ledger product.
Manual analysis of customer usage of Risk Ledger product and communication with the customer by Success Managers.
Analyzing registration, usage, access, and other metrics across Risk Ledger systems; Identifying and assessing suspicious activity suggesting fraudulent use of the services or account takeover (such as repetitive use of information for registration; unusual outbound connections; sudden increase in account activity); implementing proactive and reactive security measures.
Preparation of invoice based on a customer's usage of the Risk Ledger product.
Administration of billing and cash collection, including handling requests from customers regarding payments and invoices and any other billing-related requests.
Personal data storage for potential questions, disagreements, disputes or claims, and its use to help resolve any question, disagreement, dispute or claim that may arise as required by English law and regulation.
As a service provider, Risk Ledger is obliged by the laws of certain countries to:
For this reason, we collect and store the required data for statutory period.
If you are a Site Visitor, the Personal Data we process about you are the cookies and similar online identifiers (further on collectively referred to as “cookies”).
Please note that the information in this Section only applies to Risk Ledger’s usage of cookies on the Site. If you are an Risk Ledger Service User and you access Risk Ledger Services via a browser, Section 1 of this Privacy Policy (Risk Ledger Service User’s Personal Data Processing) applies. Risk Ledger’s cookie usage as per this Section does not apply to you when you are signed in to your Risk Ledger Service User account and you access the Risk Ledger Services via a browser.
The Data Controller of Site Visitor's cookies is Risk Ledger Ltd. The identity and the contact details of Risk Ledger can be found at the end of this page.
Cookies are alphanumeric identifiers or trackers that are transferred to the device you use to access the Services via your browser. Cookies are widely used to make websites work, or work more efficiently, as well as to provide additional features for a better user experience and to provide information to site owners.
Risk Ledger uses both its own and third-party cookies, including:
Further details about cookies are provided in Section 6
At your first visit to the Site, a cookie banner will appear, unless you’re visiting the Site from the Americas (if you are visiting the Site from the Americas, please see the section “How do I change my cookie settings?” below). The cookie banner allows you to express your cookie choice for the statistic cookies:
The strictly necessary (technical) cookies are automatically deployed to the device upon your first visit to the Site. We do not provide you with options for this cookie type, as disabling these cookies would affect how the Site functions. You may still disable these cookies in your browser setting (see the next paragraph).
We encourage you to change your cookie preferences for statistic and marketing cookies at any time by clicking on the “Cookies” link at the bottom of the Site. The cookie banner will reappear and you can update your cookie choices from there.
Note: Changes will be applied when you navigate to a different page on the Site or you refresh your browser tab.
Alternatively, most web browsers allow some control of most cookies through the browser settings. The default settings for Internet browsers are usually set to accept cookies, but you can easily change your browser’s settings.
For more information, please visit: http://www.aboutcookies.org/.
Risk Ledger Ltd is the Data Controller touchpoint for requests or complaints regarding the processing of your Personal Data in relation to Risk Ledger's outbound sales development and marketing activities.
If we contact you with an email marketing campaign and/or as a part of our outbound sales development activities, it means we have your contact details listed in our database for these purposes. We collect contact details for our database from the following sources:
You can find an "Unsubscribe" link in every email marketing communication sent by Risk Ledger. Using this link is a reliable way to make sure we do not contact you with marketing emails anymore. Please note that it may take us up to 3 working days to process your "Unsubscribe" choice, so you may receive other marketing emails from us in the meantime. Thank you for understanding.
If we call you as a part of Risk Ledger's outbound sales development activities, you can inform our outbound sales representative that you do not wish to be contacted in this way anymore at any time. We will make sure not to call you again.
You can contact data@riskledger.com at any time to request us to remove your details from our Lead database.
When we process your data as a Lead —depending on your particular circumstance— we use all or just some of the following Personal Data:
We also use certain data about your company, such as company size and whether you or your company is a Risk Ledger Customer.
The information below indicates the different purposes your Personal Data as a Lead may be processed by Risk Ledger, the legal basis the processing is based on, categories of their recipients, and information about the period for which we process your Personal Data for the particular processing purpose (the retention period).
If we believe that Risk Ledger product and services may suit the needs of your company, our outbound sales representative may email and/or call you to introduce and discuss our product with you.
We perform internal data analysis to have better overall information (aggregate statistics) about our Customers and Leads and a better understanding of the market, to better address their needs.
The information below indicates the purpose for which your Personal Data may be processed as an Risk Ledger Contact by Risk Ledger as a Data Controller, as well as their different categories, the legal basis the processing is based on, categories of their recipients, and information about the period for which we process your Personal Data for the particular processing purpose (the retention period). In addition to the purposes listed below, Risk Ledger may also process personal data as required by applicable law.
Analysis of the Risk Ledger product performance on your communication with the Risk Ledger agents, including testing of new features, troubleshooting, identifying and removing bugs, and investigating and deploying ways to improve them. These activities may include machine learning, use and optimisation of artificial intelligence.
The information below indicates the purpose for which your Personal Data may be processed as an Candidate by Risk Ledger as a Data Controller, as well as their different categories, the legal basis the processing is based on, categories of their recipients, and information about the period for which we process your Personal Data for the particular processing purpose (the retention period). In addition to the purposes listed below, Risk Ledger may also process personal data as required by applicable law.
Role application information may be provided to us directly from the Candidate or from an agent acting on the Candidate’s behalf. The information is processed to assess the Candidate’s suitability for defined role requirements and to progress the Candidate through the recruitment or contracting process.
Only our personnel and our contracted third party service providers may process your Personal Data.
Personal Data may also be disclosed in response to lawful requests made by government agencies or public authorities —including public officers— to meet national security, law enforcement, or any other legal requirements.
Depending on where you are located, we might have to enforce local regulations and requirements in the event we should receive an official request from a competent local authority.
Risk Ledger a transfers limited subset of Personal Data to countries located outside of the United Kingdom and the European Economic Area, Switzerland (collectively, “Europe”).
Personal Data can also be processed by mere access by individuals working outside Europe who work for us or for one of our trusted service providers (Third Party Data Processors listed in Section 6).
We have implemented suitable safeguards designed to transfer Personal Data outside Europe in a secure manner and in compliance with the applicable regulations, most significantly with the UK and EU data protection regulation. We also require the importers of the Personal Data to comply with, above all, the security requirements of the EU GDPR. We execute appropriate contractual arrangements to deal with such transfers, namely the Standard Contractual Clauses adopted by the Commission of the European Union.
Risk Ledger also monitors the legislative development and guidance in relation to the personal data transfers outside Europe and commits to cooperate with UK and EU data protection authorities (DPAs) and comply with the advice given by such authorities.
We retain Personal Data when we have an ongoing legal basis to do so. When we no longer have legal basis to process Personal Data, we will either delete or aggregate it or, if this is not possible (for example, because Personal Data has been stored in backup archives) then we will securely store it and isolate it from any further processing until deletion is possible.
We may retain Personal Data to comply with our legal or regulatory obligations. In any case, upon ceasing or lifting of such obligations, Personal Data shall be removed from our systems and records, as well as that of our contracted suppliers, if any, or otherwise archived or anonymised so that individuals can no longer be identified.
Data retention policy is described above in Sections 1—6 for each use case.
Our Site and Services may include links to and from the websites of our partners, and affiliates. If you follow a link to any of these websites, please note that these companies have their own privacy policies and that Risk Ledger is not responsible or liable for any use of Personal Data by such third parties. We advise that you check their policies before you disclose information on these websites.
We implement precautions —including organisational and technical measures— designed to maintain the security, integrity, and confidentiality of Personal Data, and, in particular, to help prevent them from being modified or damaged and stop any unauthorised party from accessing them. As an example, our employees’ accounts are secured by strong passwords with multi-factor authentication, and they are all bound by confidentiality obligations. All our data is encrypted both in transit and at rest.
If you are Risk Ledger Service User, please see our information security page (https://riskledger.com/security-profile) for more information about how your personal data is protected when you use the Risk Ledger product.
In any case where Risk Ledger processes your Personal Data as a Data Controller, you have the following rights:
For those in the UK, EEA or Switzerland, if you have a dispute with Risk Ledger relating to our data protection practices or are not satisfied with how we’ve addressed your concerns or questions, you may complain to an independent dispute resolution provider, at no cost to you. You also have the right to lodge a complaint with your local data protection authority. Link: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Without prejudice to your right, we invite you to first seek an amicable resolution by contacting Risk Ledger in writing, stating the grounds of your complaint and providing any supporting evidence, using the contact details below.
We may amend the terms of this Privacy Policy from time to time. If you do not agree with the amended version of the Privacy Policy, you should stop using the Services or respectively stop visiting our website. All amended terms automatically become effective on the day when a new Privacy Policy is posted on the Site.
Should we add new consent-based processing of Personal Data, we shall ensure to obtain your consent prior to processing such Personal Data (e.g., via a box to tick).
If you have questions regarding this Privacy Policy or if you want to share your concerns about our processing of your Personal Data, please contact us by email at data@riskledger.com Please be aware that this email address serves exclusively for matters related to privacy and personal data protection. In such matters we will usually reply to you within 5 working days.
For matters related to security (including with reports of vulnerabilities), please contact us at security@riskledger.com
You may also contact us by mail at our registered office:
Adam House,
7-10 Adam Street,
London,
WC2N 6AA
United Kingdom
No organisation is an island.
