Risk Register | Privacy Policy

Updated 27 March 2024

1. Introduction
    

Company:  Cornaron Teoranta

Address:  Casla Home Care, G Teic An Spidéal, Condae na Gaillimhe, Ireland 

Registered Number:  392686

Website:  https://riskregister.ie 

Risk Register ("Company," "we," "us," or "our") values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the Risk Register mobile application ("App" or “Platform”). 

 

2. Purpose of this Privacy Policy

This Privacy Policy (together with our User Agreement, where relevant, available at https://api.riskregister.ie/privacy_policy/  (the “End User Agreement”) sets out the basis on which any personal data we collect from you, or that you provide to us, will be used by us where we are controllers of that personal data for the purposes of the General Data Protection Regulation in Europe (the “GDPR”). If you are an employee of one of our customers, then we are only the processor of your personal data (your employer is the controller). Please read this Privacy Policy carefully to understand our views and practices regarding the personal data we collect and how we will treat it.

This Privacy Policy is a statement of our commitment to protect the rights and privacy of individuals in accordance with data protection legislation including where applicable the GDPR.

Risk Register provides a risk management system (the “Platform”) along with related services.

3. Personal Data We Collect

Personal data means any information relating to you which allows us to identify you, such as your name, contact details, payment details and information about your interaction with the services provided by us.

We collect identity data 

We collect the following identity data: name, email address, phone number, country, company and department.

We collect payment data 

We will need to collect your payment details to take payment from you for the services provided by us.

We will collect your identity data as part of sales and lead generation activities

We collect certain non-personal technical data from your interactions with our website
When you interact with us online we will automatically collect data about your use of our services, including data on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This information is collected at an aggregate level and your identity data is not stored as part of this technical data. For further information see our cookies policies below. 

4. Sources of Personal Data 
   
    

Generally, we collect personal data that has been provided directly by you and from sources where you would reasonably expect us to collect it from.

We will collect personal data from you when you interact with us, for example if you register for an event, request information or support, use our services (including our websites) or purchase our products.

We may collect personal data about you indirectly, for example from your company (in which case we are usually acting as a data processor) or from your professional social media accounts in order to contact you about our products and services.

In addition our servers, logs and other technologies automatically collect certain information to help us administer, protect and improve our services, analyse usage and improve user experience.

5.   How We Use Your Information

We use the information we collect for various purposes, including:

• To provide and maintain the App's functionality.
• To analyze and improve the App's performance and user experience.
• To communicate with you, respond to your requests, and provide customer support.
• To send you updates, notifications, and other relevant information.

6.  Disclosure of Your Information:
   
   We will only use personal data for the purpose of our processing activities mentioned including to: 

• with your consent; 
• manage and administer your subscription for products and services that we provide to you; 
• business partners and sub-contractors for the performance of any contract including, payment processors, data aggregators and hosting service providers; 
• our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes; 
• we may disclose the information relevant to any backup or hosting services to Amazon. You can read more about the measures taken by Amazon to protect the security of their services and the information https://aws.amazon.com/legal/?nc1=f_cc;
• analytics and search engine providers that assist us in the improvement and optimisation of the Website. This consists of aggregated anonymous information only and relates to the web pages visited on the Website and not the information included on those webpages; 
• if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets; 
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the End User Agreement and other agreements; 
• to protect our rights, property, or safety, or that of yours or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection; 
• as required by law, in order to respond to a court order or request from law enforcement or other public authority and in order to meet national security or law enforcement requirements. We will disclose your personal data if this is necessary to: 
  • comply with a legal obligation
  • protect or defend our rights, interests or property or that of a third party
  • prevent or investigate possible wrongdoing in connection with our services
  • act in urgent circumstances to protect the personal safety of one or more individuals
  • protect against legal liability.
    
     

When we engage another organisation to perform services for us, we may provide them with information including personal data, in connection with their performance of those functions. We do not allow third parties to use personal data except for the purpose of providing these services.

7. Security Measures

We will take all steps reasonably necessary to ensure that personal data is treated securely in accordance with this Privacy Policy and the relevant law. 

In particular, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we manage and collect. 

To protect the privacy and security of the personal data, we will also take reasonable steps to verify your identity before granting access to information as appropriate. 

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. 

We also use secure connections to protect personal data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access the services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information online is never completely secure. Although we will do our best to protect your personal data and apply appropriate safeguards, we cannot guarantee the security of your data transmitted through the Website and any transmission is at your own risk.

8. Transfers outside of the EEA

We do not currently transfer personal data outside the European Economic Area (“EEA”) as part of our processing of your personal data. If at any time it becomes necessary for us to transfer personal data outside the EEA, it will only be transferred outside the area using legally approved transfer mechanisms such as the Standard Contractual Clauses.

9. Access to Information

If you are resident in the EEA, you have several rights under the GDPR: 

You can ask for access to the information we hold on you 

You have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of personal data concerned and the recipients of the personal data. We will provide the first copy of your personal data free of charge but we may charge you a reasonable fee for any additional copies. We cannot give you access to a copy of your data if this would adversely affect the rights and freedoms of others. 

You can ask to change information you think is inaccurate 

You should let us know if you disagree with something included in your personal data. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it. 

You can ask to delete information (right to be forgotten)

In some circumstances you can ask for your personal information to be deleted, for example, where: 

• your personal information is no longer needed for the reason that it was collected in the first place 
• you have removed your consent for us to use your information (where there is no other legal reason us to use it) 
• there is no legal reason for the use of your information 
• deleting the information is a legal requirement 

Where your personal information has been shared with others, we will do what we can to make sure those using your personal information comply with your request for erasure. 

Please note that we can’t delete your information where: 

• we are required to have it by law 
• it is used for freedom of expression 
• it is used for public health purposes 
• it is for scientific or historical research or statistical purposes where deleting the data would make it difficult or impossible to achieve the objectives of the processing 
• it is necessary for legal claims. 

You can ask us to limit what we use your personal data for

You have the right to ask us to restrict what we use your personal data for where: 

• you have identified inaccurate information, and have told us of it 
• where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether

When personal data is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

You can ask to have your personal data moved to another provider (data portability)

You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability. This right only applies if we’re using your personal information with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

 

You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

10. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

11. Amendments to this Privacy Policy

We will post any changes on the Website and when doing so will change the updated date at the top of this Privacy Policy. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services. If you are not happy with any changes that we have made you should cease using our services. 

In some cases we may provide you with additional notice of changes to this Privacy Policy, such as via email. We will always provide you with such additional notice well in advance of the changes taking effect where we consider the changes to be material

12.  Contact Us

• If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at info@riskregister.ie.
• By using the RiskRegister, you consent to the terms of this Privacy Policy.

RiskRegister
27 March 2024