Risk Warden Limited (company number 09590964) takes your privacy very seriously and is committed to protecting and respecting your privacy.

If you wish to contact us regarding this privacy and cookies policy, please find our contact details here.  Risk Warden is the controller of your personal data and our registered office is Communication House, Victoria Avenue, Camberley, Surrey, England GU15 3HX.

This privacy and cookies policy (together with the terms of use, which you can find here) sets out the basis on which any personal data we collect from you, or that you provide through your use of our website (https://www.riskwarden.com/) (the “Website”), our mobile application software (the “App”) (together “the Sites”) and  any software, applications, computer programs, products and codes or additional services provided by Risk Warden (the “Risk Warden Platform”) will be processed by us.

This privacy and cookies policy does not apply to websites that you may be able to access via links on the Sites or Risk Warden Platform and/or activities offered by third parties. Please ensure you review any relevant policies on any third party websites before proceeding. Risk Warden is not responsible for the collection or use of your personal data from these third party websites.

TOPICS COVERED:

  • SUBSCRIPTION AGREEMENT
  • DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA
  • PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
  • MARKETING
  • DISCLOSURE OF YOUR PERSONAL DATA
  • WHERE WE STORE YOUR PERSONAL DATA
  • SECURITY
  • RETAINING PERSONAL DATA
  • YOUR RIGHTS
  • COOKIES
  • CHANGES TO OUR PRIVACY AND COOKIES POLICY
  • HOW TO CONTACT US

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

SUBSCRIPTION AGREEMENT  

Unless you are a visitor of the Website, Risk Warden will have entered into an agreement with the organisation that you represent (the “Organisation”) for the use of the Risk Warden Platform (the “Subscription Agreement”). Please note that the information the Organisation or you provide to us (whether it is personal or non-personal data) will also be governed by the Subscription Agreement. If you have any queries about the processing carried out by the Organisation or your rights in respect of such processing, we recommend that you check the Organisation’s privacy policy.

DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA

We will collect the following data about you:

  • Data you give us. You may give us data about you:

o   by filling in forms on the Risk Warden Platform or the Sites. For instance, if the Organisation or we create a user profile for you in order to enable you to access the Risk Warden Platform and any services provided by us under the Subscription Agreement (whether on a trial or full basis);

o   when you complete the sign up form through the Website;

o   when you download and use the App

o   when you register to use the Risk Warden Platform;

o   if you sign up to receive marketing communications from us about products and services we offer;

o   if you ask us to receive personalised online content such as targeted advertising;

o   when you report a problem with the Sites or Risk Warden Platform;

o   if you complete a survey or provide feedback, for example, about the Risk Warden Platform or the Sites;

o   if you contact or correspond with us (for example, by phone, e-mail or otherwise) for any other reason, for example, to find out more about a product or any support services we offer;

o   any comments, opinions and/or feedback you provide to us regarding the Risk Warden Platform, for example during any trial period that you may participate in or thereafter;

o   when you transmit or upload content or reports including, but not limited to: photographs, opinions, comments, communications, data relating to health and safety compliance to the Risk Warden Platform; or

o   when you apply for a job with us.

  • Data we collect about you. With regard to each of your visits to the Sites or the Risk Warden Platform we will automatically collect the following:
    • technical information, including the type of device (and its unique device identifier) you use to access the Sites or the Risk Warden Platform, the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, mobile network information and platform;
    • information about your visits to the Sites including the full Uniform Resource Locators (URL), clickstream to, through and from the Website or Risk Warden Platform (including date and time), pages you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page; and
    • information about your use of the Risk Warden Platform and Sites including the services that you have viewed, the duration spent using those services and data files uploaded to the Risk Warden Platform.
  • Data provided by the Organisation. The Organisation will give us information when:
    • signing up to the Risk Warden Platform to enable us to create a user profile for you in order to give you access the Risk Warden Platform under the Subscription Agreement (whether on a trial or full basis). This information may include your name, company email address, job title, team, seat and qualification; and
    • uploading data to the App and the Risk Warden Platform. This may include details of any independent assessors or in house competent person, or your details in a report.
  • Data we collect from or provided by Third Parties
    • We will receive details of your subscription payments via Stripe, our third party payment provider or other third party payment provider where appointed by us;
    • Information as to the subscription selected by you from our third party subscription management software provider, ChargeBee;
    • analytics providers such as Heap and User Pilot; and
    • we may collect your data from or are provided with your data by third parties including certification bodies, regulatory bodies, risk assessors, online providers or industry journals.

PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

We will use the personal data held about you for the purposes stated below:

Purpose of Processing

Type of personal data

Legal basis for processing

To enable us to provide you with access to the Risk Warden Platform and for you to use the Risk Warden Platform

Your name, job title, qualification, Organisation, team, business address, work phone number and work email address

Legitimate interest – to allow us to perform our contract with the Organisation

To enable your risk assessor to use the Risk Warden Platform

Your name, job title, qualification, Organisation, team, business address, work phone number and work email address

Legitimate interest – to allow us to perform our contract with the risk assessor

To install the App

Your log-in details

Legitimate Interest – to allow us to perform our contract with the Organisation

To process the payment for the Subscription Agreement

Bank, credit or debit card details

Legitimate interest – to allow us to perform our contract with the Organisation

To help us identify you and any subscriptions you hold with us

Your name, Organisation, job title, team, Organisation address, Organisation phone number and Organisation email address

Legitimate interest – to allow us to perform our contract with the Organisation

To deal with any enquiries, correspondence, concerns or complaints you have raised about the Risk Warden Platform

Your Organisation contact details and information about the issue raised

Legitimate interest – to allow us to perform our contract with the Organisation

To notify you about changes to any element of the Risk Warden Platform, for example, an update or upgrade, or the Website, or the App

Your name and Organisation email address

Legitimate interest – to allow us to perform our contract with the Organisation

To tell you if your subscription to the Risk Warden Platform is due to expire

Your name, Organisation email address and Organisation details

Legitimate interest – to allow us to continue providing the Risk Warden Platform to you

To email you to remind you of any notifications that have been sent to you and that remain unopened, whether or not you are a registered user of the Risk Warden Platform

Your name, job title, Organisation and Organisation email address

Legitimate Interest – to support our customers in their use of the Risk Warden Platform

To ensure that content on the Sites and the Risk Warden Platform is presented in the most effective manner for you and for your device

Technical information as mentioned above.

Legitimate interest – to allow us to better present the Sites and Risk Warden Platform

To carry out surveys and market research

Your Organisation contact details and opinions on our products and services

Legitimate Interest – to better understand our clients and their preferences

For our internal operations, including data analysis, testing, research, statistical purposes and troubleshooting

Technical information as mentioned above

Legitimate Interest – to better understand our clients and continuously improve the Sites and Risk Warden Platform

As part of our efforts to keep the Sites and the Risk Warden Platform safe and secure

Your name and contact details, Organisation details, the administrator’s details and technical information mentioned above

Legitimate Interest – to improve and ensure the safety of the Sites and Risk Warden Platform

To compile reports (which do not personally identity you) of usage of the Sites and Risk Warden Platform

Technical information as mentioned above

Legitimate Interest – to improve the Sites and Risk Warden Platform

To enable us to anonymise your information to compile the reports mentioned above 

Technical information and information as to your use of the Risk Warden Platform (including, for example, the number and duration of log-ins, the number of completed risk assessments or usage of, or the time taken to complete any given step in the Risk Warden Platform)

Legitimate interest – to understand customers’ use of, and to improve, the Risk Warden Platform and to develop our business

To allow us to process your data as part of the recruitment process

Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process), date of birth, gender, national insurance number; and location of current and previous employment or workplace

Legitimate interest to make a decision about your recruitment or appointment, and to prevent fraud

To provide you with information about third parties you may be interested in working with or to share your information such third parties

Your name, Organisation email address and Organisation details

Consent

To provide you with information, products and services about us

Your name, Organisation name and Organisation email address

Consent

Legitimate interest – to develop our services and grow our business

To provide you with personalised content

Technical information mentioned above, your name, Organisation and Organisation email address.

Consent

To check you are legally entitled to work for us

Copy of passport and any other documents that show that you have a right to work in the UK

Comply with our legal obligation to conduct such checks

To carry out equal opportunities monitoring

Your race or ethnicity, religious beliefs, sexual orientation and political opinions

Public interest

Please note that we may use and share non-personal data we receive or collect from you in connection with the Sites or Risk Warden Platform.

Where we need to collect personal data by law or as part of a contract we have with you and you fail to provide that data when requested, we may not be able to provide you with access to the Risk Warden Platform or offer you a job. 

Where we have a legal basis to use your personal data without consent (as we have described above), this policy fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.

Where consent is required for our use of your personal data, by ticking the appropriate consent box or otherwise communicating your consent, you consent to our use of that personal data for the purposes covered by the specific consent that you have given. For example, we will only process your personal data for marketing purposes if we have your consent to do so.

MARKETING

As mentioned above, we would like to provide you with information about products, services and opportunities which may be of interest to you. You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing. We may provide such information to you by email or through personalised online content and advertising through the Website, social media platforms or our online partners.  You can change your mind about this at any time (click here for more information on how to contact us).

We will not provide your personal data to other businesses so they can use your personal data for marketing purposes.

DISCLOSURE OF YOUR PERSONAL DATA

We may share your personal data with selected third parties in accordance with this policy, including:

  • service providers (for example, IT services or payment service providers), business partners, suppliers and sub-contractors;
  • analytics and search engine providers that assist us in the improvement and optimisation of the Sites or the Risk Warden Platform;
  • government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information);
  • in the event that we sell any business or assets or receive investment into our business, in which case we may disclose your personal data to the prospective buyer or investor;
  • if Risk Warden or substantially all of its assets are acquired by a third party, in which case personal data held by us, including your personal data, will be one of the transferred assets; and
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply Subscription Agreement or any other contract between you and us or between the Organisation or us; or to protect the rights, property or safety of Risk Warden, our users, and others.

WHERE WE STORE YOUR PERSONAL DATA

The personal data that we hold about you will only be processed and stored by us within the United Kingdom and Europe.

We do not market the Risk Warden Platform outside the UK. However, the Risk Warden Platform may be accessed worldwide, which means your data may be processed outside the UK and the European Economic Area (EEA) if the Organisation using the Risk Warden Platform allows access to the Risk Warden Platform by a user not based within the UK or the EEA.

SECURITY

All information you provide to us is stored on secure servers. We will use technical and organisational measures to safeguard your personal data.

Where we have given you (or where you have chosen) access details and a password which enable you to access the Risk Warden Platform, you are responsible for keeping these access details and password confidential.  We ask you not to share your access details and password with anyone.

We maintain (and ensure that anyone we share your personal data with maintains) appropriate technical and organisational measures to ensure that an appropriate level of security in respect of all personal data we process. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Sites or Risk Warden Platform and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorised access or inadvertent disclosure.

RETAINING PERSONAL DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Even if you request that we erase your data, we may still need to keep it (please see below) or may keep it in a form that doesn’t identify you. If we are processing your persona data as part of a Subscription Agreement and you have not agreed that we may use your data for marketing purposes, we will retain your personal data on record for no more than the duration of the Subscription Agreement and 6 years thereafter.  Please contact us or the Organisation directly for details of the duration of the Subscription Agreement.

YOUR RIGHTS

You have the following rights with regard to your personal data:

  • Access. You have the right to access data we hold about you.  This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Rectification or erasure. You have the right to request that we rectify or delete any personal data that we hold about you (unless we have the legal right to retain it). If you request that we erase any personal data that we require in order to provide the Risk Warden Platform to you, you may no longer be able to use it. This right does not extend to non-personal data. It is likely to be necessary for us to retain your personal data to enable us to carry out a contract with your Organisation, and your rights under applicable law to request erasure may be limited accordingly. This means your rights under applicable law to request erasure may be limited accordingly.
  • Restriction. You also have the right to restrict us from processing your personal data if the data is inaccurate, the processing is unlawful or we no longer need to your personal data for the purposes for which we hold it.
  • Data portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller if the legal basis for processing such personal data is consent or performance of a contract.
  • Object /change of preferences. You have a right to request that we stop processing your personal data where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal information for direct marketing purposes. For example, if you have given your consent to receive updates from us about new job opportunities, but have changed your mind, you have the ability to opt out from receiving such communications going forward by contacting us using the details provided below or clicking the relevant link in any communications you receive. Please note, if you submit a request for us to stop processing your personal data in a certain way and this type of processing is required in order to facilitate your use of the Risk Warden Platform, you will no longer be able to use the Risk Warden Platform following your request for us to stop the relevant processing.
  • Complaints. If for any reason you are not happy with the way that we have handled your personal data, please contact us. If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office.

Please note that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of the Sites or the Risk Warden Platform you may not be able to use the Sites or the Risk Warden Platform as you did before. This does not include your right to object to direct marketing, which can be exercised at any time without restriction.  Please allow at least 3 working days for your request to be actioned.

Please note that the rights mentioned above do not extend to non-personal data.

If you would like to exercise any of the rights mentioned above, please contact us at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ or by emailing us at management@riskwarden.com

COOKIES

We use cookies, which are small files of letters and numbers that we store on your browser or the hard drive of your computer or mobile device if you agree. Cookies contain information that is transferred to your computer’s or mobile device’s hard drive.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of the Sites and Risk Warden Platform. They include, for example, cookies that enable you to log into secure areas of the Sites and Risk Warden Platform, make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and users and to see how visitors and users move around the Sites and Risk Warden Platform when they are using it. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to the Sites and Risk Warden Platform. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visits to the Sites and Risk Warden Platform, the pages you have visited and the links you have followed. We will use this information to make the Sites and Risk Warden Platform and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie Name

Purpose

_utma

A Google Analytics cookie which tracks the number of times a user has visited the Website, as well as the time of their first visit and last visit.

_utmb

A Google Analytics cookie which stores details of the moment when a user visits the Website.

_utmc

A Google Analytics cookie which stores details of the moment when a user leaves the Website.

_utmz

A Google Analytics cookie which records where the user came from, including what part of the world and details of the search engine, keywords and links used.

We also use a technique similar to a cookie for use in the App which is used for authenticating to the application programming interface (API) which stores the access token locally and sends it to the server with every request.

By clicking “agree” in the cookie consent box when you first access the Sites or the Risk Warden Platform and use the Sites or the Risk Warden Platform (as applicable) you accept our use of the cookies.

However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

For more detailed information about cookies and how they can be managed and deleted, please visit www.allaboutcookies.org.

Except for essential cookies, all cookies will expire after two years.

CHANGES TO OUR PRIVACY AND COOKIES POLICY

Any changes we make to our privacy and cookies policy in the future will be posted on this page or notified to you by e-mail.

Please check back frequently to see any updates or changes to our privacy and cookies policy. 

HOW TO CONTACT US

Questions, comments and requests regarding our privacy and cookies policy are welcomed and should be addressed to Risk Warden Limited at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ or by email to management@riskwarden.com or by phone on 020 8050 6484.

Please also contact us if you would like to know more about our data processing activities, to update or amend any of your personal data which you have provided to us or if you believe our records relating to your personal data are incorrect.

Our privacy and cookies policy was last updated on 8 October 2021

Verified by MonsterInsights