Privacy Notice

This notice explains how we collect, use and share any personal information about you that we may hold. If you have any questions about this notice, how we use your information or your privacy on our website, or if you wish to make a request regarding your rights as a data subject, please contact us at info@riskdeputy.com.

Who we are

We are Risk Deputy Ltd (company number 13583198) and we are the controller of any personal data that we hold about you.

Contact Details

Contact us by email or phone:

info@riskdeputy.com
(+44) 0161 388 2068

Find us on social media:


How we use your data

You may provide us with personal information when you interact with us, and we may collect further information about you online (e.g. through our website or social media) or through our correspondence with you.

You are not required by law or by any contract to provide personal data to us, although it would be difficult to provide any service to you without some basic personal details.

Find out more about the purposes for which we use your data by clicking on the headings below. Each section explains the types of data we hold, the purposes for which we use it and our “legal basis” for using your data in that way.

Providing our Services

Most of the data that we collect in the course of providing our services is non-personal data relating to your business (our client). However, we will use some personal data about you when providing our services, including your name, role and contact details as well as other information that you may provide to us in correspondence.

We use this data so that we can enter into contracts with your business and correspond with you in relation to our services (including e.g. quotations and proposals, updates and transmission of deliverables, invoicing and other general correspondence).

Legal basis: We have a legitimate interest to use your data in this way in order to enter into and perform contracts with your business.

In the course of providing our services, you may also share with us personal data that your business controls, such as personal data about your staff or customers. For example, if we are undertaking an audit of your business, some of the information we require you to provide may include personal data.

We are an independent controller of the personal data that you transfer to us in this context. We will access and use this personal data only for the purpose of performing our services. As we do not have any direct relationship with the subjects of such data, it is your responsibility (under our service terms of business) to inform those subjects that we (as your professional advisors) may process their personal data for this purpose.

Legal basis: We have a legitimate interest to use personal data we receive from your business in this way in order to perform our contracts with your business.

Customer Relationships

We may collect and store information about you in our CRM software, including your name and contact details as well as information about your correspondence with us and your interactions with us, our website and our marketing campaigns. We may obtain this data from you directly or from other websites or social media.

We use this data to help manage our relationships with customers and to keep records of pertinent information such as preferences and past transactions to facilitate future engagements between us.

Legal basis: We have a legitimate interest to use your data in this way in order to manage our relationships with customers.

Managing our Business

We may use personal information about you in the course of managing and improving our business, services and facilities. This may include your name, role and contact details as well as information about our relationship and any correspondence with you and any transactions or engagements with your business.

For example, we may use your data in order to:

  • review and improve our services, and develop new services;
  • monitor and improve the performance of our systems and processes; and
  • manage accounting, compliance and other business processes.

Legal basis: We have a legitimate interest to use your data in this way in order to manage our business on a day-to-day basis.

Managing our Website

When you visit our website we may collect further information about you, for example:

  • information about the pages or content you view and the links you follow on our site, as well as the source of any referral links to our site;
  • your IP address (which may indicate your general location);
  • information about the browser and device you are using; and
  • identifiers and other details stored in cookies (see our Cookie Policy for more info).

We use this information to:

  • monitor and analyse the performance of our website;
  • ensure that content is presented in the most effective way for you and your device;
  • diagnose and fix bugs or other problems;
  • analyse statistics and conduct research and tests in relation to website usage; and
  • ensure that the website and all data hosted in relation to it is kept secure.

Legal basis: We have a legitimate interest to use your data in this way in order to manage, monitor and improve our website.

Marketing & Social Media

We may use your personal information to send you information about our services, news, insights or other updates that we think may be of interest to you. This will include your name and contact details, and may also include other information about your relationship or interactions with us.

Legal basis: There are some circumstances in which we may rely on your consent to use your data in this way. This is the case if, for example, we hold your personal email address (not your company email address) and you are not an existing customer.

We do not always require your consent in order to contact you with this information (for example, if we are contacting you at your company email address). In these cases, we have a legitimate interest to use your data to contact you for this purpose.

You may request that we stop contacting you for these purposes at any time by contacting us or by following the “unsubscribe” links in our emails.

Other Purposes

We may use the personal data that we hold about you for other purposes in exceptional circumstances, for example:

  • in order to meet our legal obligations or to detect and prevent fraud, money-laundering and other crimes; or
  • to protect your vital interests, or the vital interests of others.

We will always use your data fairly and legally and, where we intend to use your data for any purpose that is not compatible with the purposes explained in this notice, we will contact you to explain this.


Who we share your data with

We only share your personal information with others where it is necessary as part of managing our business and providing our services. Usually, this is because we use online services where the data that we hold about you is stored on third party servers.

Expand the heading below to see who we share your data with.

Recipients

We may share data with the following third parties:

Microsoft – we use Microsoft 365 services including cloud storage. Data centres in the UK.

Siteground – we use Siteground to manage and host our website. Data centres in the UK.

Hubspot – we use Hubspot as our CRM. Data centres in the EU.

Xero – we use Xero for accounting. Data centres in the US.

Google – we use Google Analytics on our website and Google Ad services. Data centres in the US.

We try to ensure that data remains on UK servers where possible but, in some cases, data may be stored outside the UK. In locations where your personal data may not have the same level of protection as it does in the UK or EU (such as the US), we will ensure that safeguards are in place to protect your data.

WIth Google and Xero, data is stored on US servers. Appropriate safeguards are provided by standard contractual clauses in the data processing agreements.


How long we keep your data

We keep the data that we hold about you for as long as reasonably necessary for the purposes for which we collect it, but no more.

If you are a customer, we will retain your information for as long as we have an active relationship with you and for a period of up to 5 years after this, so that we have that information available if you return to us in the near future. Transactional records may be kept for up to 7 years to support accounting requirements.

Information collected via our website or otherwise generated through web services (including advertising) will be held for up to 3 years.

In most other cases, we will keep your data for up to 3 years after our last interaction with you.


Your Rights

As a data subject (the person the data is about), you have a number of rights in relation to your personal data. Find out more by expanding the headings below.

If you wish to exercise any of these rights, please contact us at info@riskdeputy.com. Please note that we may need to verify your identity before we can handle your request.

The right of access

You have the right to request confirmation that we hold personal information about you, and to request a copy of that information as well as information about how we use it (similar to the information in this notice).

Where we rely on your consent to use your personal data, you may withdraw that consent at any time.

The right to rectification

You have the right to request that we rectify (correct) any inaccurate personal data information about you that we use, or to supplement incomplete information with a further statement.

The right to erasure (the “right to be forgotten”)

In certain circumstances, such as where we have used your data unlawfully or where it is no longer necessary for the purpose for which it was collected, you may have the right to request that we delete the data about you that we hold.

The right to restriction of processing

You may have the right to request restriction of processing (that is, we still hold your personal data but we stop using it) in the following circumstances:

  • the accuracy of the data is contested, for a period to enable us to verify it;
  • the data is processed unlawfullly but you opposed erasure;
  • we no longer need the data but it is required in connection with legal claims;
  • you object to our use of the data, for a period which this is investigated.

The right to data portability

You have the right to request that we send your personal data to you or to another organisation in a commonly used file format.

The right to object

You have the right to object to our use of your data where we rely on a legitimate interest or public insterest as our legal basis. If so, we will stop using your data in that way unless we have a compelling reason to continue.

You also have the right to object to our use of your data for marketing purposes, and we will adhere to any such request promptly.

If you wish to make a complaint about how we use your personal data, please contact us in the first instance so that we can make it right. If you are unhappy with our response, you have the right to lodge a complaint with the supervisory authority, the Information Commissioner’s Office (ICO).