We're building the future of Supply Chain Security. View Openings

Privacy Policy

Last updated November 23, 2021

Risk Ledger collects and processes personal data relating to visitors to this website, in relation to the services we provide, and as part of our general business operations. The data we process, how we process it, and who receives it, varies depending on your interactions with us (details of which are set out below).

For circumstances in which Risk Ledger is a controller of personal data, the following items apply.

Details of controller and data protection officer

Risk Ledger Limited is the controller, is registered as a controller with the UK’s Information Commissioner’s Office (“ICO”) under number A8430342 and has its registered office at Adam House, 7-10 Adam Street, London WC2N 6AA. Our data protection officer can be contacted by email at data@riskledger.com.

Transfers outside of the EEA

All application and corporate data are stored within the EEA by our cloud providers: AWS (Ireland, EU region) and Google (Europe region). Due to our wider supply chain, we sometimes need to send small amounts of personal data outside of the EEA. Where we do so, we ensure the use of appropriate safeguards including adequacy decisions made, or standard contractual clauses approved, by the European Commission. To request copies of the appropriate safeguards used for such transfers, email data@riskledger.com. The only current data transfer outside the EEA is to service our chat support functionality which processes names, email addresses and the contents of the chat messages.

Your rights

You can request that we correct, erase, or grant you access to personal data we hold relating to you. Where processing is based on your consent, you can withdraw that consent to our processing of your personal data at any time. To ask questions about your rights, or to request to exercise them, email data@riskledger.com.

If you’re concerned that Risk Ledger is handling your personal data improperly, you have the right to make a complaint to the ICO, which is our data protection supervisory authority.

What we collect and use

Our processing of personal data as a controller falls into the categories below:

  • Visitors to riskledger.com;
  • Users of Risk Ledger’s services;
  • Candidates for jobs and other engagements with Risk Ledger;
  • Business contacts.

Visitors to riskledger.com

When you browse this website, we collect and use data in the following ways.

Data we process

Data on how you use the site. What pages you visit, the means you use to visit (browser version, time zone, OS, etc.), the length of your visit, how often you visit, and information on how you navigate the site.

Identifying information

Your IP address and unique identifiers tied to cookies.

What we do with that data

Site optimisation (analysing aggregated data to update the site’s content and layout to improve visitors’ experience).

Basis for processing

Legitimate interests (better understanding user behaviour to improve the way users can access the site).

Processing period

Data holding periods are determined by cookie expiry times.

Data recipients

Website analytics vendors and marketing automation providers.

Risk Ledger users

Data we process

Name, email address, phone number, your employer and job role, your platform activity and IP address.

What we do with that data

Name and job details we use for account creation and management within your organisation’s account on Risk Ledger. Contact details we use for account authentication (including multi-factor authentication) and emails with critical product updates. If you opt into marketing communications, we’ll use your email address to send broader updates on Risk Ledger. Platform activity data we use for retaining audit trails for security monitoring, logging activity to maintain software quality, and site analytics to help us to improve our services.

Basis for processing

Other than marketing communications, which rely on consent, we process this data on the grounds of our legitimate interest in providing a secure service with user attribution and industry-standard software logs.

Processing period

All personal data associated with the service is deleted upon request by the user. The data may be held in backups for a period of 1 month after the deletion request.

Data recipients

Our back-end infrastructure and hosting providers, logging providers, service desk software providers, and email marketing tools.

Job candidates

This includes all recruitment related data that candidates provide to us.

What we do with that data

Contact you about your candidacy, assess your suitability for the role applied for, and to assess your suitability for relevant future roles.

Basis for processing

We conduct this processing on the basis of our legitimate interest in finding and selecting the most suitable candidates to join our team.

Processing period

We store your information for 12 months after we disqualify your candidacy for the role applied for. Successful candidates’ information becomes subject to our employee privacy policy/notice.

Data recipients

Our applicant tracking system provider, testing providers used in the assessment process, and our business communication/storage providers.

Business contacts

This includes all data that is provided to us during the normal course of business (business cards, email addresses of leads etc.).

What we do with that data

Corresponding with you in relation to our services before and after a sale.

Basis for processing

If you request that we contact you to provide more information on our services to you, we’ll process your data and contact you based on your request prior to entering into a contract.

Otherwise, we rely on legitimate interests for contracting and billing as part of our business operations, retaining copies of our business correspondence, and tracking consents and other notices given for data protection purposes. If at some point you opt into marketing emails, we’ll rely on your consent for processing related to that process.

Processing period

We hold this data for 6 years from the date of the last correspondence.

Data recipients

Cloud storage providers, marketing automation tools, our accounting providers, e-signature providers, and customer support/servicing tools.