1RS Privacy Notice

Purpose of the 1RS Privacy Notice

This privacy notice is to information you as to how 1RS processes your personal data we may have collected through your use of our website, or information you may have provided through this website. This privacy notice is in supplement to our data privacy policy and fair processing notice, or any other privacy notice that we may provide to you as required.

Who We Are
1st Risk Solutions Limited (1RS) (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

1RS’s registered office is at c/o Hillier Hopkins, 45 Pall Mall, London, SW1Y 5JG and we are a company registered in England and Wales under company number 09949791. 1RS act as the data controller when processing your data. Our designated Data Protection Officer is Bea Stafford, who can be contacted at:
[email protected]
Charles Suite,
Barham Court
Maidstone
Kent
ME18 5BZ
Tel: 0207 175 1177

Information That We Collect
1RS processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice. Please see section for the purpose, lawful basis and legitimate interests of any data we may collect, process and store for more information.

The personal data that we may collect from you, use, store or transfer (as relevant our services) may include: –
• Unique Identifiers such as names
• Contact information such as Business email, business address, business telephone number, personal email, mobile telephone number
• User profile data including user name and password of our 1RS ERIC database
• Usage and technical data such as usage of our website, portal and information, as well as information of regarding the internet protocol (IP) address of the device you may use to access our website.
• Communication preferences data including your preference in receiving marketing information from us.

We collect information in the below ways: –
• Direct interactions with 1RS in discussion with us regarding our services, or applications for, or use of services
• Online forms
• Employment CVs
• Referrers and intermediaries
• Publicly available sources
• Automated technologies when you interact with our website

How We Use Your Personal Data
1RS takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.

The purposes and reasons for processing your relevant personal data are detailed below: –

• In the preparation and performance of a contract or to provide a service to you.
• Where we have a legal or regulatory obligation to share your personal data with
• where it is necessary for our legitimate interests (or a third party) and your interests and fundamental rights do not override those interests.
• We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests. You have the right to withdraw consent to marketing at any time by emailing [email protected]

Your Rights
You have the right to access any personal information that 1RS processes about you and to request information about: –
• What personal data we hold about you
• The purposes of the processing
• The categories of personal data concerned
• The recipients to whom the personal data has/will be disclosed
• How long we intend to store your personal data for
• If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

If you wish to exercise any of your rights listed above, please contact the Data Protection Officer. You will not have to pay a fee to access your personal data (or exercise your rights). However, we may charge a reasonable fee if your request is excessive or repetitive. Alternatively, we may refuse to comply with your request in these circumstances. We will strive to response to all legitimate requests within one month.

Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. 1RS uses third-parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

• Kritilabs Technologies- provide technology support for the 1RS ERIC database only.

Data Security and Safeguarding Measures
1RS takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place to prevent this.

We limit all access to your personal data to the employees, or relevant third parties who have a business need to know, and they are subject to a duty of confidentiality. We have procedures in place to deal with any suspected personal data breach and will notify your and any applicable regulatory of a breach where we are required to do so.

Transfers Outside the EU

When you use our 1RS ERIC database, website, send us an email or sign up to our newsletter, the personal information you submit is stored on servers which are hosted in the UK.

1RS utilise services from our external third party, Kritilabs Technologies, as technology support for the 1RS ERIC database, who are based in Chennai, India. In some instances, it may be necessary that in performing our services, their processing of your personal data may involve a transfer of data outside the European Economic Area (EEA). Where this is the case, we will take steps to ensure that our third-party support providers use the necessary level of protection for your information and abide by strict agreements and measures set out by 1RS to protect your data and comply with the relevant data protection laws.

Please contact our Data Protection Officer if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Third Party Links and Social Media

Our website includes links to third-party applications. Clicking on those links may allow third parties to collect or share data about you.

We have a social media presence for promoting our services and interacting with clients. If you enable such connections or chose to communicate your personal data to us via social media, please remember we do not control these platforms and are not responsible for their privacy controls.

Consequences of Not Providing Your Data
You are not obligated to provide your personal information to 1RS however, as this information is required for us to provide you with our services, we will not be able to enter into contract or perform under the terms of the contract to provide all our services without it.

Purpose, lawful Basis and Legitimate Interests
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.

The data type, purpose and legitimate interests’ legal basis for processing your data is described below:

Purpose Data Type Legal Basis and Legitimates Interests
To enter into a contractual arrangement with you and provide our services Identifier information
Contact information
Other information Performance of our contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interest
To manage our business relationship Identifier information
Contact information
User profile information
Communication information Performance of our contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep records updated)
To administer and protect our website Identifier information
Contact information
Usage and technical data Necessary for our legitimate interests (running our business and network security)
Necessary to comply with a legal obligation
To deliver relevant content to you and improve our customer service Identifier information
Contact information
User profile information
Communication information
Usage and technical data Necessary for our legitimate interests (providing services to our customers)
To use data analytics to improve our website, marketing and customer service Identifier information
Contact information
User profile information
Communication information
Usage and technical data Necessary for our legitimate interests (providing services to our customers)

How Long We Keep Your Data
1RS only ever retains personal information for as long as is necessary to comply with legal, accounting and reporting requirements and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (identifier, contact and financial data) for a minimum of 6 years after which time it will be destroyed.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Lodging A Complaint
1RS only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the Information Commissioners Office (ICO).

Addendum

1RS Cookie Policy
What are cookies?
Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser. They are widely used to ‘remember’ you and your preferences, either for a single visit (through a ‘session cookie’) or for multiple repeat visits (using a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as ‘first party cookies’), or by third parties, such as those who serve content or provide advertising or analytics services on the website (‘third party cookies’).
What do we use cookies for?
We use cookies to enable a personalised experience for both visitors and registered users. Many of the ways that cookies are used are for our essential site functions, such as loading pages properly and inputting secure information.
Our website also uses cookies analyse our traffic. This information may be shared with our advertisers and analytics department, where it may be combined with other information you’ve given to our website. This helps us make the site more personal for you, and allows our team to track website traffic

What information is collected?

Strictly Necessary – these cookies are essential for our portal and website to perform basic functions such as allowing registered users to authenticate and perform account related functions.
Functionality – these cookies are used to store preferences by users such as name, language and location.
Performance – our analytics providers collect information using cookies on how users interact with websites and which pages are being visited the most. These are only used to improve hot he website functions.

• First Party Cookies: Set and collected by the website itself, and only used by the site when a user is visiting it.
• Third Party Cookies: Set and collected by other entities besides the website, such as advertisers or services used by the website for things like web analytics or social media sharing.
• Session Cookies: Only stored in a browser’s memory until it is closed down. Used for many essential site functions, such as quickly loading a page.
• Persistent Cookies: Set up with a specific expiration date, so they will survive in your browser’s memory for a certain period of time before deletion. Used to keep you logged in, track web analytics, etc.
• Secure or HTTP only Cookies: Secure cookies are only transmitted over “https” pages to keep data encrypted and secure. Only cookies prevent any client scripts on the page from accessing the cookie, preventing malicious cross-site-scripting (XSS) attacks.

How to remove cookies?

To remove cookies you can go to the settings section of your browser, which will enable you to control features to accept or reject some cookies requested from websites, here you will also be able to delete cookies already stored within the browser’s memory.