Privacy Policy
At Cambridge Risk (“Cambridge Risk”, “we” or “us”), we work hard to keep the information you give us safe. We follow strict security procedures on how your personal information is stored and used, to help stop any unauthorised person getting hold of it. Please take the time to read this privacy policy, which is part of our terms of use.
We work in line with the UK General Data Protection Regulations and the Data Protection Act 2018.
This policy describes how we collect, use and look after the information you provide us with when you use Cambridge Risk products and services.
Our website contains links to other websites, which may well have different privacy and security policies to us. Please remember, we don’t have any control over these websites, so we can’t take responsibility for any information you give them.
Contact Details
Cambridge Risk Solutions is the controller for the personal information we process, unless otherwise stated, and the contacts are the Directors, Helen Molyneux and Patrick Roberts.
There are many ways you can contact us, including by phone, email and post.
Our postal address is:
Whitehough Cottage
Whitehough Head Lane
Whitehough
High Peak SK23 3BX
Our phone number is 0800 035 1231
Our email address is [email protected]
How do we get information?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have made an enquiry to us;
- You have requested to receive our newsletters;
- You are completing our eLearning, whether arranged by your or your employer;
- You have made an information request to us; or
- You have applied for a job or secondment with us.
Your Data Protection Rights
Under data protection law, you have rights we need to make you aware of the rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can make the request verbally or in writing.
More about ‘your right of access’ on the ICO website.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
More about ‘your right to get your data corrected’ on the ICO website.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
More about ‘your right to get your data deleted’ on the ICO website.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
More about ‘Your right to limit how organisations use your data’ this on the ICO website.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
More about ‘the right to object to the use of your data’ on the ICO website.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
More about ‘your right to data portability’ on the ICO website.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Your Right To Complain
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at [email protected] and we’ll respond.
If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Informaiton Commissioners Office; please visit the ICO website to make a complaint.
What information do we collect?
This is what we normally collect about you to help us provide you with Cambridge Risk services and information, and to improve them even more, where we can:
- Contact details such as name, address, email and telephone number.
- In order to help us develop and improve our website we collect information about how you use the site.
- Other data we occasionally ask you to provide us with, for example now and again we might ask you to fill in a questionnaire, just so you can let us know how we’re doing.
We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business.
If the interactions relate to contracts or potential contracts for work to be conducted by us, or for any eLearning, then the legal basis is Article 6(1)(b) because the processing is necessary for the performance of a contract, or to take steps to enter into a contract. Additionally, if the interactions relate to suppliers, buildings management, IT services, accounts, the legal basis is also Article 6(1)(b) because the processing is necessary for the performance of a contract, or to take steps to enter into a contract. For receipt of our newsletter, this is under Article 6(1)(f) Legitimate Interest, as you have requested to receive the newsletter, and it is in our and your interest to receive the newsletter. You can opt out from receiving the newsletter at any time.
Disclosing your information
We will not pass on your personal information to third parties except in accordance with this policy and our Terms and Conditions or where we are required by law to disclose that information. As an example, you may wish us to share your contact details with selected third parties. An example may be a third party who provides services such as certification as part of a project with a specific objective of obtaining certification. This will only be carried out following discussion with you, and if you grant specific permission to do this.
Marketing our products and services
Cambridge Risk Solutions Ltd does not undertake direct marketing, and will therefore not use your data for any marketing purposes.
Visitors to our Website
Analytics
When you visit www.cambridge-risk.com, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it. This may be, for example, when you complete the Contact Us form.
Cookies
You can read more about how we use cookies on our Cookies page. In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.
Purpose and legal basis for processing
The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
What are your rights?
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
Applying for a Job and CVs
Occasionally, we are sent speculative approaches for work, which may include CVs. We do not retain this information.
Retention Policy
We have strict guidelines on how long we will retain personal data.
| Retention Trigger | Retain for | Information Asset Owner | |
|---|---|---|---|
| Clients | Last contact | Hard copy – 1 year Electronic – 12 years |
Directors |
| Client documentation | Last contact | Hard copy – 1 year Electronic – 12 years Or on client request |
Client |
| Potential Clients | Last contact | Hard copy – 1 year Electronic – 12 years |
Directors |
| Suppliers | Last contact | Hard copy – 1 year Electronic – 12 years |
Directors |
| Applicants | On receipt | Deleted | Directors |
| Associates | Last Contact | Electronic – 6 years | Directors |
| Professional Organisations | Last Contact | Hard copy – 1 year Electronic – 12 years |
Directors |
| Employees | Directors’ information held only | Directors | |
| eLearning | Last contact or based on contract with employer | 2 years Or as per contract |
Directors |
| Client |
We keep our privacy notice under regular review to make sure it is up to date and accurate.