Privacy Policy

At eSi-RISC, we’re committed to being transparent about how we handle your personal information, to protecting the privacy and security of your personal information and meeting our obligations as a ‘Data Controller’ under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018.

The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information. We are required under the GDPR to notify you of the information contained in this privacy notice.

The Company has appointed a Data Compliance Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or about how we handle your personal information, please send an email to [email protected] or by writing to:

Data Compliance Officer
eSi-RISC, 37th Floor, One Canada Square,
Canary Wharf, London,
England, E14 5AA

Data protection principles

Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:

  1. Processed lawfully, fairly and in a transparent manner.
  2. Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to those purposes.
  4. Accurate and, where necessary, kept up to date.
  5. Kept in a form which permits your identification for no longer than is necessary for those purposes.
  6. Processed in a way that ensures appropriate security of the data.

The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.

What types of personal information do we collect about you?

eSi-RISC will collect personal information, which is information about an individual from which that person can be directly or indirectly identified, to enable and support business activities or discussions.  This is different from anonymised data, i.e. where all identifying particulars have been removed.

There are also “special categories” of personal information, and personal information on criminal convictions and offences, which requires a higher level of protection. eSi-RISC will never request or collect sensitive personal information of this type.

The personal data we collect includes:

  • Name & Job Title
  • Contact information including email address
  • Demographic information such as postcode, preferences and technical interests
  • Other information relevant to customer surveys and/or offers

How do we collect your personal information?

The Company collects personal information about you in order to support business activities or discussions between yourself and eSi-RISC. This could be through our website, face-face meetings, phone calls, emails, conference calls, industry events, direct contact etc.

eSi-RISC use Cookies on our website (www.esi-risc.com/). A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Why and how do we use your personal information?

Here at eSi-RISC we take your privacy seriously. We will use your personal information to administer your account and to provide the information, products or services you have requested from us.

We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt-out. You will continue to be able to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.

It is eSi-RISC ’s policy to only send marketing communications to corporate email addresses and not to individual personal email addresses.

Who has access to your personal information?

Your personal information will be stored on our CRM system, with access restricted to those members of eSi-RISC staff with a legitimate reason to use the system – primarily the sales and marketing personnel.

We will only use your personal information for the purposes for which we collected it.

Who will it be shared with?

Your personal information may be shared internally within the Company for the purposes of undertaking a defined transaction.

In addition, we may share your data with:

  • Mailchimp or similar reputable mailing companies
  • 3rd party marketing companies who are undertaking marketing activities on behalf of eSi-RISC

How does the Company protect your personal information?

The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from our Data Compliance Officer. Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.

The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.

For how long does the Company keep your personal information?

Personal information collected as part of our business activities will be retained until the data is no longer applicable or accurate (e.g. person moves company etc) or at the request of the person to have their data removed. This could by emailing the Data Compliance Officer at eSi-RISC ([email protected]) or responding to a marketing communication by asking to ‘unsubscribe’. It is also possible to modify the preferences by which marketing communications are sent out.

Your rights in connection with your personal information

As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

  • request access to your personal information
  • request rectification of your personal information.
  • request the erasure of your personal information
  • restrict the processing of your personal information
  • object to the processing of your personal data
  • portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.

If you wish to exercise any of these rights, please contact our Data Compliance Officer. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.

Transferring personal information outside the European Economic Area

The Company may transfer your personal information to countries outside the European Economic Area (EEA). These are the eSi-RISC subsidiary in India and sales representatives in the US and Asia. There is not an adequacy decision by the European Commission in respect of those countries. This means that the countries to which we transfer your personal information are not deemed to provide an adequate level of protection for your personal information. However, to ensure that your personal information does receive an adequate level of protection, it is transferred outside the EEA on the basis of the following safeguard: To named individuals with dedicated access control to the same Salesforce CRM system as those in the UK office. You can obtain further information about these measures from our data compliance officer.

Changes to this privacy notice

The Company reserves the right to update or amend this privacy notice at any time. We will issue a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.

Contact

If you have any questions about this privacy notice or how we handle your personal information, please contact our Data Compliance Officer at [email protected]