SI Risk Ltd collect data about individuals, usually within a business context. SI Risk Ltd treats all data which identifies an individual, or when combined with any other information which identifies an individual, as ‘Personal Data’.
As SI Risk Ltd is registered in the United Kingdom (UK), the decision has been taken to nominate the UK Information Commissioners Office (ICO) as their Lead Data Protection Supervisory Authority. As such, all practices will comply with guidance issued by the ICO.
Unless otherwise stated, SI Risk Ltd will be known as the Controller of any personal data which is provided to them by users. This means we control what happens to the data in our possession. We will treat user information with the same care and attention as SI Risk Ltd would expect their own personal data to be treated. This will include taking appropriate organisational and technical measures to protect your information while we are holding and processing it.
SI Risk Ltd collect personal data which may include (but is not limited to) name, physical address, email address, telephone number, age, IP address, organisation name, job title, dietary requirements, allergies, qualifications, interests, and other information which helps them provide their services. In some cases, this may include (but is not limited to) travel itinerary, as well as live and historical GPS tracking data.
SI Risk Ltd need to collect this personal data to provide users with Safety and Security Risk Management Services and uphold contracts agreed with entities which may include (but is not limited to) individuals, organisations, or other third parties. SI Risk Ltd will only collect personal data from users when required for the delivery of Safety and Security Risk Management Services and when there is a legal basis for doing so.
Data is processed by SI Risk Ltd and the client which is subscribing to the Safety and Security Risk Management Services provided by SI Risk Ltd. Data processing will take place in the UK, but also in the jurisdiction of the entity (which includes, but is not limited to, a partner, client, or user) which SI Risk Ltd is providing services to resides in. SI Risk Ltd will endeavour to provide details of the processing locations (where possible) at the point at which data is collected. This will not always be possible when delivering some services, such as live tracking, due to the nature of mobile data connections. Data may be processed via Asana, Dropbox, Microsoft Office 365, Lead Forensics, Google Analytics, and other similar platforms which may include the transmission of data into the United States of America (USA). Data may be shared with other entities if it is prerequisite for the delivery of Safety and Security Risk Management Services by SI Risk Ltd or for contractual agreements between which includes, but is not limited to, a partner, client, or user and the entity (which includes, but is not limited to, a partner, client, or user) to be upheld. This may include which include providing information to travel providers (e.g. airlines and hotels) and other service providers. It may not be possible to confirm these providers in advance of collecting data from the user, but SI Risk Ltd will endeavour to inform you of all data sharing that takes place.
Data processed directly by SI Risk Ltd is located on services in the UK and USA. Newsletter (and other mailing list data) is managed via third-party software (Zoho). In conjunction with this third-party software, SI Risk Ltd use analytics packages to track engagement with the information sent via email to entities which have voluntarily opted into receiving communications from SI Risk Ltd. This information may include (but is not limited to) the email address of the user and whether the user opened the communication sent from SI Risk Ltd.
Users are required to provide explicit consent that they would like to receive communications via email from SI Risk Ltd. If consent is provided by a user, we will continue to contact you for up to 10 years from the date you initially consented to receive communications from SI Risk Ltd (unless the user withdraws their consent at any time, at which point the user will cease to receive emails from SI Risk Ltd.
No other 3rd parties have access to a user’s personal data unless specifically agreed in advance of the data being collected by SI Risk Ltd, or in circumstances detailed in this Privacy Statement.
SI Risk Ltd have a Data Protection Regime in place which oversees the effective and secure processing of your personal data, which can be provided on request by contacting the Data Protection Officer.
All details provided to SI Risk Ltd will be held according to the legal and contractual requirements which SI Risk Ltd is subject to – which is detailed below.
- SI Risk’s public liability insurance requires that all the details of all events are maintained for a period of 3 years following an event or service provision provided by SI Risk Ltd.
- UK Revenue and Customs require that all payment information which is subject to VAT be kept for a period of at least 6 years following receipt of payment for services provided by SI Risk Ltd.
In accordance with this, all personal details of attendees for events and services provided by SI Risk Ltd will be retained by SI Risk Ltd for a period of 5 years following the end of our contract (unless otherwise indicated). This information may include (but is not limited to) the user’s name, physical address, email address, telephone number, age, IP address, organisation name, job title, dietary requirements, allergies, qualifications, interests, and other information which helps them provide their services. In some cases, this may include (but is not limited to) travel itinerary, as well as live and historical GPS tracking data.
In addition, billing information, which includes any personal data contained within invoices and accounting records, will be retained for a period of 6 years following the receipt of payment for services provided by SI Risk Ltd.
SI Risk Ltd endeavor to respond to all contact, including enquiries, in a timely and professional manner. Any contact which contains personal data will be retained for a period no more than 18 months from the date of receipt and response by SI Risk Ltd. This data is held by SI Risk Ltd under the legal basis of legitimate interest as it may be required to respond to future queries, both internally and externally, within this period.
No data retained by SI Risk Ltd will be used for any purpose other than that which is agreed at the time of contact between the user and SI Risk Ltd. This information will never be shared with third-parties without the user’s knowledge and will not be used to contact the user in future without the user’s express consent unless we believe it is relevant to your original enquiry.
If at any point a user believes that the information SI Risk Ltd possess is incorrect, or should the user wish to withdraw their consent, or exercise their statutory rights (which includes, but is not limited to, your right to erasure, right to access, right to rectification, and right to be informed) they can request to see this information, have it corrected, or have it deleted.
If a user wishes to raise a complaint on how SI Risk Ltd have handled their personal data, they can contact SI Risk Ltd’s Data Protection Officer, Nathan Monshin (Nathan.firstname.lastname@example.org), who will investigate the matter and take all necessary actions to address the complaint.
If the user is not fully satisfied with the response provided by SI Risk Ltd (or believe SI Risk Ltd are not processing data in accordance with the law) you can complain to the Information Commissioner’s Office (ICO) – which is the Lead Data Protection Supervisory Authority of SI Risk Ltd.
SI Risk Ltd will never request consent from, or market to, anybody under the age of 16.
SI Risk Ltd employ cookie technology to help log visitors to their website and facilitate the full and proper functionality of web services (such as but not limited to, logging in to secure areas and processing registrations). Cookies are pieces of data that are often created when someone visits a website, and which are stored in the cookie directory of a computer. Numerous cookies may be created when you visit a website controlled by SI Risk Ltd.
Up-to-date browsers give users the option to accept or decline cookies. This is a global setting that applies to every website a user visits. If a user does switch off cookies at a browser level, their device won't be able to accept cookies from any website. This means the user will struggle to access the secure area of any website they use and won't enjoy the best browsing experience when you are online. AboutCookies (http://www.aboutcookies.org) contains comprehensive information on how to disable cookies on a wide variety of browsers, details how to delete cookies from your computer as well, and more general information about them.
Cookies may be persistent, or session based. Persistent cookies are stored by a web browser and remain valid until the defined expiry date (unless deleted by the user before the expiry date). A session cookie will expire when a user ends their session (which occurs when the web browser is closed).
The type of cookies used on most websites, including those controlled by SI Risk Ltd, can be categorised in four ways (Strictly Necessary, Performance, Functionality and Targeting) according to the International Chamber of Commerce guide to cookie categories.
STRICTLY NECESSARY COOKIES
These cookies are essential, as they enable users to move around the website and use its features (such as accessing secure areas). Without these cookies, services you've asked for can't be provided. These cookies don’t gather information about you that is used for marketing or remembering where you've been on the internet.
These cookies collect information about how users use a website, including which pages you go to most often and if you get error messages from certain pages. These cookies don’t gather any information that identifies the user. All information these cookies collect is anonymous and is only used to improve how a website works. These cookies are not used to target users with online marketing. Without these cookies, SI Risk Ltd can’t learn how their website is performing and make relevant improvements that could better the user’s browsing experience.
These cookies allow a website to remember choices a user makes (such as user name, language, or the region you're in) and tailor the website to provide enhanced features and content for the user. For instance, a website may be able to provide a user with local weather reports or traffic news. These cookies can also be used to remember changes a user has made to text size, font, and other parts of pages that you can customise. They may also be used to provide services a user has asked for, such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track a user’s browsing activity on other websites. Without these cookies, a website cannot remember choices previously made by the user or personalise the user’s browsing experience.
These cookies are used to tailor marketing to a user and their interests. They are also used to limit the number of times a user sees an advertisement and help measure the effectiveness of advertising campaigns. They remember that a user has visited a website and this information may be shared with other organisations (such as advertisers). Although these cookies can track a user’s visits to other websites, they don’t usually know who a user is. Without these cookies, online advertisements encountered by a user will be less relevant to them and their interests.
When a user visits an SI Risk Ltd website, SI Risk Ltd collect web statistics concerning their visit which are stored in a log file. Log files allow SI Risk Ltd to record visitors’ use of the website, monitor site performance, and address any errors. The web teams use analytics to record visitors’ use of the site and use this information to make changes to the layout of the website and to the information provided on the website. Log files do not contain any personal information and they are not used to identify any individual patterns of use on the website.
This statement only covers websites and data maintained by SI Risk Ltd and does not cover other data or websites linked to, or associated with, SI Risk Ltd websites.
CHANGES TO OUR PRIVACY STATEMENT
SI Risk Ltd may change its Privacy Statement to align with legislation and industry standards. They will not explicitly notify website users about these changes. SI Risk Ltd recommend that you check this statement on their website occasionally for any policy changes.
This version was last updated on 16 April 2019.