In dealing with external parties, Riskskill adopts the following key principles:
- Riskskill is governed by local privacy regulation e.g. the European General Data Protection Regulation (GDPR), British Data Privacy law which mirrors and is stronger than the GDPR, i.e. the Data Protection Act 2018
- Riskskill will collect only the minimum amount of personal data required to provide a service to your organisation, including access to and use of this website
- Riskskill, through adherence to its own internal policy and procedures, will use best endeavours to collect, process and store personal data, where required, in an effective and responsible manner. This will include IT equipment and systems being secured, audits performed, appropriate logs kept, checks on the system security being conducted from time to time and data privacy impact assessments being conducted as and when significant privacy impacting new business is planned.
- Riskskill will not sell any personal details to third parties for promotional or other commercial purposes.
- Personal details will not be sent to, nor processed in, countries where a less stringent privacy jurisdiction is applied.
- In keeping with the key data privacy protection principles and Data Subject Access Rights, Riskskill will collect, store and maintain personal data only as required and retained for as long as necessary.
- Individuals in their own right or as individuals who have authority to represent their organisation give informed consent when they provide their personal data; that includes the right to know how their own data will be used by Riskskill.
- Riskskill has in place a Data Breach Notification process so that in the unlikely and urgent situation that follows a data breach, everyone knows what to do.
- We have a Data Protection Lead who is responsible for dealing with your queries and ensuring good privacy practice. Please contact firstname.lastname@example.org