Risk Ledger collects and processes personal data relating to visitors to this website, in relation to the services we provide, and as part of our general business operations. The data we process, how we process it, and who receives it, varies depending on your interactions with us (details of which are set out below).
For circumstances in which Risk Ledger is a controller of personal data, the following items apply.
Risk Ledger Limited is the controller, is registered as a controller with the UK’s Information Commissioner’s Office (“ICO”) under number A8430342 and has its registered office at Adam House, 7-10 Adam Street, London WC2N 6AA. Our data protection officer can be contacted by email at firstname.lastname@example.org.
Our group operations and supply chain mean that we sometimes need to send personal data outside of the EEA. Where we do so, we ensure the use of appropriate safeguards including adequacy decisions made, or standard contractual clauses approved, by the European Commission. To request copies of the appropriate safeguards used for such transfers, email email@example.com.
You can request that we correct, erase, or grant you access to personal data we hold relating to you. Where processing is based on your consent, you can withdraw that consent to our processing of your personal data at any time. To ask questions about your rights, or to request to exercise them, email firstname.lastname@example.org.
If you’re concerned that Risk Ledger is handling your personal data improperly, you have the right to make a complaint to the ICO, which is our data protection supervisory authority.
Our processing of personal data as a controller falls into the categories below:
When you browse this website, we collect and use data in the following ways.
Data on how you use the site. What pages you visit, the means you use to visit (browser version, time zone, OS, etc.), the length of your visit, how often you visit, and information on how you navigate the site.
Your IP address and unique identifiers tied to cookies.
Site optimisation (analysing aggregated data to update the site’s content and layout to improve visitors’ experience).
Legitimate interests (better understanding user behaviour to improve the way users can access the site).
Data holding periods are determined by cookie expiry times.
Website analytics vendors and marketing automation providers.
Name, email address, phone number, your employer and job role, your platform activity and IP address.
Name and job details we use for account creation and management within your organisation’s account on Risk Ledger. Contact details we use for account authentication (including multi-factor authentication) and emails with critical product updates. If you opt into marketing communications, we’ll use your email address to send broader updates on Risk Ledger. Platform activity data we use for retaining audit trails for security monitoring, logging activity to maintain software quality, and site analytics to help us to improve our services.
Other than marketing communications, which rely on consent, we process this data on the grounds of our legitimate interest in providing a secure service with user attribution and industry-standard software logs.
All personal data associated with the service is deleted upon request by the user. The data may be held in backups for a period of 1 month after the deletion request.
Our back-end infrastructure and hosting providers, logging providers, service desk software providers, and email marketing tools.
This includes all recruitment related data that candidates provide to us.
Contact you about your candidacy, assess your suitability for the role applied for, and to assess your suitability for relevant future roles.
We conduct this processing on the basis of our legitimate interest in finding and selecting the most suitable candidates to join our team.
Our applicant tracking system provider, testing providers used in the assessment process, and our business communication/storage providers.
This includes all data that is provided to us during the normal course of business (business cards, email addresses of leads etc.).
Corresponding with you in relation to our services before and after a sale.
If you request that we contact you to provide more information on our services to you, we’ll process your data and contact you based on your request prior to entering into a contract.
Otherwise, we rely on legitimate interests for contracting and billing as part of our business operations, retaining copies of our business correspondence, and tracking consents and other notices given for data protection purposes. If at some point you opt into marketing emails, we’ll rely on your consent for processing related to that process.
We hold this data for 6 years from the date of the last correspondence.
Cloud storage providers, marketing automation tools, our accounting providers, e-signature providers, and customer support/servicing tools.