Data Risk Solutions Ltd - Privacy Notice

This notice describes how we collect, store, use and share personal information. It applies to personal information provided to us, both by you and by others on your behalf. It also explains the rights you may have in relation to the personal information that we hold about you.

1. Who we are
When we say ‘we’ or ‘us’ in this notice we’re referring to Data Risk Solutions Ltd, a company registered in England and Wales under registration number 09885397 and whose registered office is at 1 Victoria Court, Bank Square, Morley, Leeds, LS27 9SE.

2. What kinds of personal information can we hold about you?
We may collect and process the following:

• contact Information - for example email, address, postcode and phone number.
• online Information – for example cookies and IP address (your computer’s internet address), if you use our website.

When we collect your information, we’ll let you know if any of it is optional. If it is, we’ll explain why it would be useful to us, and you can decide whether it’s something you’re happy for us to have.

3. How we use your personal information?

We use the information we obtain directly from you or a member of your organisation for several reasons:
• completing any requests’, you make
• assessing and developing our services
• sending you marketing information
• monitoring the use of our websites

4. Where do we get your information from?
Most of the information we receive comes directly from you or a member of your organisation.

5. What are our legal grounds for using your personal information?
Data Protection gives organisations several different conditions to allow us to process your information lawfully.
We’ll only use your personal information when one of these conditions has been met. Below you can see how we use your information and the legal grounds for processing this:

Legal grounds
Uses of your information

Consent
Your personal information may be processed when we receive your consent.
The consent you provide must be freely given, informed, specific, unambiguous and be given with a positive affirmative action.
Your consent can be withdrawn at any time.

Sales enquiries
We may obtain your email address for example; sales queries made directly on our website.

Cookies
On our website we use cookies that collect information about how visitors use our website.
Necessary for the performance of a contract

The personal information you provide or that of a joint party to the contract may be processed when it is necessary in order to enter into or perform a contract. For example; where we process your information to support an engagement with you.
Setting up and managing a project with you
This covers:

• managing any changes of corporate personal details for example; change of office address or title
• responding to queries or complaints
• keeping you updated about the services we are providing you.

If we lose touch
We may source information such as contact details so we can get in contact and tell you about the service we provide you.
Necessary for legitimate interests

We also use your information when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed, and your rights and freedoms are considered to make sure that we’re not being intrusive or doing anything beyond your reasonable expectation. We’ll assess the information we need, so we only use the minimum.

If you want further information about processing under legitimate interests you can contact us using the details below.

You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason we may still continue to use your information.

As an example of legitimate interests’ use is provided below.
Use of your information
Legitimate interest(s)
Monitoring the use of our websites
On our websites we use a variety of technologies that collect information about how visitors use our website.
We need to make sure that our websites are secure and work well.

6. Who do we share your personal information with?
As you’d expect, our employees will access your records in order to use your information for the uses mentioned above. However, only those employees who need access to particular information are given it. For example; our project teams may need access to your details to support you when you get in contact. We regularly check who has access to our systems.

We may also share your personal information with these categories of third parties:
• Professional advisers: auditors; medical agencies and legal advisers.
• Companies you ask us to share your information with.

7. Security
We recommend you don’t send anything confidential to us by email.
Once we receive your information, we use strict procedures and security features to protect your information from unauthorised access.

8. How long do we keep personal information for?
We’ll keep your personal information for as long as it’s considered necessary, for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This will involve keeping your information for a reasonable period of time after your engagement with us has ended.

In the absence of specific legal, regulatory or contractual requirements, any other personal information is kept for our baseline retention period - this is five years after an engagement with us has ended.

9. What are my rights?
Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer using the contact details below in section 13 – Contact us. We’ll provide a response within 30 days, if not sooner. There’s normally no charge for exercising any of your rights.

Accessing your personal information
You have the right to find out what personal information we hold about you, in many circumstances.
Correcting or adding to your personal information

If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add information.
Data portability
In some circumstances you can ask us to send an electronic copy of the personal information you have provided to us, either to you or to another organisation.
Objecting to the use of your personal information for legitimate interests
You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason we may still continue to use your information.
Objecting to direct marketing
You have a specific right to object to our use of your information for direct marketing purposes, which we’ll always act upon.
Restricting the use of your personal information
If you’re uncertain about the accuracy or our use of your information, you can ask us to stop using your information until your query is resolved. We’ll let you know the outcome before we take any further action in relation to this information.

Right to Erasure
In some circumstances you can ask us to delete your personal information, such as if your plan has ended and we don’t need to keep your information for legal or regulatory reasons. If we’re using consent to process your information and you withdraw it, you can ask us to erase your information.

10. Right to complain to the supervisory authority
If you’re unhappy with how we’re using your information, you have the right to complain to the Information Commissioner’s Office. We’d encourage you to contact us first, so we can help with your concerns.
The Information Commissioner’s Office can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

11. Changes to the way we use your information
If we want to use your personal information for a new purpose which we haven’t previously told you about, we’ll contact you to explain the new use of your information. We will set out why we’re using it and our legal reasons.

2. Changes to our privacy notice
Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review. We’ll update our notice as changes are required.
This privacy notice was last updated on the 19th December 2019.

13. Contact us
If you have any questions or comments regarding this privacy notice, or if you’re not happy with the way Data Risk Solutions Ltd uses your information, please contact us using the details below.

Post: Data Protection Officer, Data Risk Solutions Ltd, Princes Exchange, Princes Square, Leeds, LS1 4HY.
Email: info@datarisksolutions.co.uk
Phone: 0113 8730209

Call us on: 0113 8730209 to find out more!

Our team specialise in Data Quality, Regulatory Compliance, Data Governance and Data Protection assignments.