Privacy Policy

This policy explains what to expect us to do with your personal information when you make contact with us or use one of our services.

NOTICE ON THE PROCESSING OF PERSONAL DATA

At RiskTech we are committed to protecting and respecting your privacy in compliance with EU- General Data Protection Regulation 2016/679, dated 27th April 2016 (GDPR) also as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (hereinafter “UK GDPR”). This Privacy Policy explains when and why we collect (legal bases and purposes) personal data, how we use it, the conditions under which we may disclose it to others and how we keep it secure. This Privacy Policy should be read in conjunction with your terms and conditions. It also applies to employees, contractors and individuals seeking a job at RiskTech.
 

Who are we?

Our company headquarters are located in Ireland. The headquarters’ registered office address Dromlena, 4 Rockboro Avenue, Old Blackrock Road, Cork, T12 YY9K, Ireland. RiskTech Limited is the data controller and our Data Protection Officer can be contacted by email: support@risktech.com

What type of personal data is collected?

The information we have about you includes:

  • Your name, surname, role, mobile number and email address in addition to your company’s name and contact information.
  • Your IP-address and actions taken when visiting our websites and support pages.

If you apply for a job at RiskTech, we collect the data you provide during the application. If you apply, or we chose, to partner with your company, we collect the data you provide during the application and contracting process. RiskTech does not collect or process any special categories of personal data, such as public unique identifiers or sensitive personal data.

As the Data Subject, you are asked not to enter or send any “sensitive data”, “biometric data”, “genetic data”, “data concerning health” or “data relating to criminal convictions and offences” as defined by the data protection law. Any such data, if supplied by you, shall be immediately deleted.

When and why do we collect personal data about you?

  • When you browse on our website:
Following the browsing on our site, RiskTech may process your IP address and other data to enable your navigation on the website. The legal basis that legitimises the processing of personal data for this purpose is set out in Article 6, par. 1, letter b) of GDPR and UK GDPR – i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • When you complete a ‘Contact me’ or another web form on our website:
Following the voluntary sending of email messages to the email addresses found on the site, RiskTech may process your email address and any additional personal data contained in the message, in order to respond, again by email, to the requests you have submitted. The legal basis that legitimises the processing of personal data for this purpose is set out in Article 6, par. 1, letter b) of GDPR and UK GDPR – i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

When you request a demo on our website

Following the request of the demo version of our service, RiskTech may process y
our name, surname, role, mobile number and email address to provide you with the requested service. The legal basis that legitimises the processing of personal data for this purpose is set out in Article 6, par. 1, letter b) of GDPR and UK GDPR – i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

When you apply for a job with us or want to partner with our company

Following the voluntary sending of personal information in order to apply for a job in our Careers portal, RiskTech may process all the information needed to proceed in your application. The legal basis that legitimises the processing of personal data for this purpose is set out in Article 6, par. 1, letter b) of GDPR and UK GDPR– i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Use of personal data to exercise or defend a right in court

Following the need of personal data to exercise or defend a right in court, RiskTech may process all the information requested by the authority. The legal basis that legitimises the processing of personal data for this purpose is set out in Article 6 par. 1, letter f) and Article 9, section 2, letter f) of GDPR and UK GDPR – i.e. processing is necessary for the establishment, exercise or defence of legal claims of whenever courts are acting in their judicial capacity.

When using the application

When using the mobile app (Over-C), we may collect and process information about your actual location, like GPS signals sent by your mobile device. We may also use other technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points, Bluetooth devices, IoT sensors and cell towers.

How long do we keep your personal data?

We store personal data for as long as we find it necessary to fulfil the purpose for which the personal data was collected, while also considering our need to answer your queries or resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes. In the case of browsing on our site (pt. 3, lett. A), we reserve the right to hold your personal data for a period of 6 months, whereas in the case of data entered via the contact form (pt. 3, lett. B), the data retention period is 30 days. In addition, when using the demo version or to exercise or defend a right in court (pt. 3, lett. C and E), we reserve the right to retain your data for a period of 6 years as prescribed by the current legislation (Limitation Act 1980) on limitation periods. When you apply for a job on our careers portal, we reserve the right to retain your data for a period of 12 months (pt. 3, lett.D). When the personal data that we have collected is no longer required, we will delete it in a secure manner. We may process data for statistical purposes, but in such cases, data may be aggregated and will be anonymised.

Methods of processing

Any personal data collected shall be processed, retained and analysed using electronic tools and shall be stored both in electronic format and in hard copy, organised into databases, and on any other appropriate type of media. Specific security measures are implemented to prevent the loss, illegal or unfair use of the data, or unauthorised access to them. The processing of your personal data carried out by RiskTech does not involve any automated decision-making.

Your rights to your personal data

You have the following rights with respect to your personal data:

  1. the right to request a copy of your personal data that RiskTech holds about you.
  2. the right to request that RiskTech corrects your personal data if inaccurate or out of date.
  3. the right to request that your personal data is deleted when it is no longer necessary for RiskTech to retain such data.
  4. the right to withdraw any consent to personal data processing at any time.
  5. the right to request a restriction on further data processing, in case there is a dispute in relation to the accuracy or processing of your personal data;
  6. the right to request that RiskTech provides you with your personal data and, if possible, to pass on this information directly (in a portable format) to another data controller when the processing is based on consent or contract;
  7. the right to obtain informations about the origin if any personal data held that concerns you, the purposes and methods of processing operations, the logic applied in the processing carried out using electronic instruments, the identification of the Data Controller, the Data Processor and the designated representative;
  8. the right to object to the processing of personal data, in case data processing has been based on legitimate interest and/or direct marketing.


As the Data Subject, you also have the right to object, at any time and at no cost, wholly or partially:

  1. for legitimate reasons, to processing of your personal data, even if the processing operations are still relevant to the purpose for which the data were collected in the first place;
  2. to the processing of your personal data carried out pursuant to Article 6, Paragraph 1 of the GDPR and UK GDPR, Letters e. (“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”) or f. (“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”) including profiling on the basis of these provisions;
  3. to processing of your personal data for the purposes of sending advertising or direct sales material or for the completion of market research or commercial communications (direct marketing), including any relevant profiling operations.
  4. you have the right to withdraw your consent for the processing operations when that consent is based on the circumstances described by Article 6, Paragraph 1, Letter a. (when “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), or by Article 9, Paragraph 2, Letter a. (when “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes”) of GDPR and UK GDPR, at any time, without affecting the lawfulness of processing based on consent before its withdrawal.


Any query about your privacy rights should be sent to support@risktech.com.

Your right to complain to a supervisory authority

If you are unhappy with the way in which your personal data has been processed, you may, in the first instance, contact us at support@risktech.com. Should you consider the processing operations to have been carried out in breach of current legislation, you have the right to lodge a complaint with a supervisory authority, specifically in the Member State in which you habitually reside or work, or the Member State where the alleged breach has taken place. The UK supervisory authorities can be contacted using the contact data on its own website

Disclosure of your personal data

The disclosure of the data for the purposes set out in point 3 lett. A, B, D is a contractual requirement and is necessary in order to supply the requested service (browsing of the site): failure/refusal on your part to provide your personal data shall make it impossible for RiskTech to allow you to browse this site. The disclosure of your data the purposes set out in point 3 lett. C and E is optional: failure/refusal to provide your data for said other purposes shall not have consequences for you, but may make it impossible to provide you with the requested responses.

Do we share your data with anyone?

We do not share, sell, rent, or trade your information with any third parties or international organizations without your consent, except from what is described below:

Third-party Service Providers working on our behalf

We may pass your information on to our resellers, carriers, distributors, agents, sub-contractors and other associated organizations (“partner”), which operates in IT, digital and cloud sector, or prospective partners, with the purpose of them providing services to you on our behalf. This includes other RiskTech companies and their respective partners, agents and sub- contractors.

If required by law

We, or our partners, will disclose your information if required by law or if we, as a company, or our partners, reasonably believe that disclosure is necessary to protect our company’s, or our partner’s company’s, rights and/or to comply with a judicial proceeding, court order or legal process. However, we will do what we can to ensure that your privacy rights in law continue to be protected. We may also share your information if there’s an emergency and we think you or other people are at risk. 

Use of sub-contractors (processors and sub-processors)

We may use sub-contractors to process personal data on our behalf. We are responsible for making sure they commit themselves to adhere to this Privacy Policy and applicable data protection legislation by signing a Data Processing Agreement. If the sub-contractor processes Personal Data outside the EU/EEA area and UK, such processing must be in accordance with the European Parliament resolution of 21 May 2021 on the adequate protection of personal data by the United Kingdom, the EU and UK Standard Contractual Clauses for transfer to third countries, or another specifically stated lawful basis for the transfer of personal data to a third country. 

For further information on the adequacy decision, please visit the following link: https://www.europarl.europa.eu/doceo/document/TA-9-2021-0262_EN.html

Transfer of data outside the UK or to international organisations

RiskTech transfers personal data to the UK and Ireland: this transfer is legitimate as it is based on the European Parliament resolution of 21 May 2021 on the adequate protection of personal data by the United Kingdom (as set out in Article 44 et seq. of the GDPR and UK GDPR).

RiskTech shall not transfer your personal data to international organisations.

For further information on the adequacy decision, please visit the following link: https://www.europarl.europa.eu/doceo/document/TA-9-2021-0262_EN.html

Changes to this Privacy Policy

RiskTech reserves the right to amend this Privacy Policy at any time. The applicable version will always be found on our websites. We encourage you to check this Privacy Policy frequently to ensure that you are happy with any changes. If we make changes that significantly alter our privacy practices, we will notify you by email or post a notice on our websites prior to the change taking effect.

Requesting your personal data from RiskTech

 Under Chapter III of GDPR and UK GDPR, you have the right to access your personal data held by RiskTech. This is known as a Subject Access Request (SAR) and it requires the controller to provide confirmation of the processing of your personal data, a copy of your personal data and additional information. You can make a SAR to receive your own personal data or a third party can make a SAR for you, with proof they have your permission.

    To make a valid SAR, you must:

  • Put your request in writing to RiskTech.
  • Provide proof of your identity. There is no fee for dealing with a SAR however we may charge a ‘reasonable fee’ when a request is manifestly unfounded, excessive or repetitive.

The more specific you are and the more information you provide, the quicker we’ll be able to respond. We’ll respond to your request within 30 calendar days of verifying your details.

  • For further information about the SAR see: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/right-of-access/what-is-the-right-of-access/

Back to top