RiskBase - Compliance Management System

Privacy Policy

Risk Base Limited (“Risk Base”) is registered with the Jersey Data Protection Commissioner and is subject to Jersey data protection legislation which from 25 May 2018 is the Data Protection (Jersey) Law 2018, together with any relevant amendments, updates and subordinate legislation, in addition to the General Data Protection Regulation (“GDPR”), where applicable. Risk Base is a data controller in respect of the personal data that it processes in connection with its business activities.

Risk Base is a “Software as a Service” (SaaS) provider. Risk Base is a company that provides a software solution for regulated financial services businesses. While using our Services, Customers and their authorised users input or transfer electronic data into the Risk Base system (“Customer Data”). Customer Data may include an individual’s name, email address, unique identifier(s), phone number(s), company position, business unit, cost centre and function within a Customer’s workplace (“Personal Data”).

Risk Base is committed to protecting and respecting your privacy. As such this policy details the basis upon which it collects and/or process your personal information. Its detailed Data Protection policy is set out in its Terms of Business which will be issued to you upon commencement of your licence.

Personal Data

“Personal Data” as noted above means information about a living individual (the “data subject”) who can be identified from that data (either by itself or when combined with other information).

What Personal Data does Risk Base hold and how?

Risk Base collects and processes limited categories of personal data for the use of the SaaS.

Whilst Risk Base is the data controller by way of being the provider of the Services, Risk Base processes Customer Data under the direction of Customers and has no direct control or ownership of the Personal Data it receives or processes.

Risk Base may hold Personal Data directly from you as contact of the Customer, or one of the authorised users, or Personal Data belonging to the Customer which is uploaded onto a register within the Software. This information may be collected when:

  • you register to use the Services

  • you use the Services*

  • you contact the Risk Base Support team

  • you use your work PC to access the Services

  • you access our website*

*As is true of most websites and web applications, we gather certain information automatically. This information may include Internet Protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the features viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, usage, change history, this is especially prevalent in the use of the audit trail function in the software.

Basis of use

The information that is collected is solely for the use of:

  • creating authorised user profiles

  • recording register entries

  • ensuring audit trail capability

  • any other information necessary for the population of registers which requires the use of the Personal Data held by the Customer.

How long do we keep your personal data?

Personal data (including both Customer (direct and indirect) and employee information) will be retained in accordance with the licence period held.

Your rights

Risk Base has a legal obligation to ensure that the personal information given to it is kept accurate and up to date. Please ensure that any update to the Personal Data needed for the Services is updated as soon as practicable.

As a data subject you have certain rights, these include the right of access (commonly known as a subject access request), the right to be informed as to how your personal data is gathered and processed (as set out in this privacy notice), the right to amend your details, the right to be forgotten (or erase your details), the right to restrict what we do with your data, the right to transfer data and also to object to processing. Should you have any questions on this privacy notice or wish to exercise any of your rights please contact info@myriskbase.com . or by post marked for the attention of Alexandra Ruddy, 3rd floor, 5 Castle Street, St Helier, JE2 3RT.

Security

Risk Base web application is hosted on Microsoft Azure and is controlled and maintained by our IT service provider who ensure that the systems are secure and the correct firewalls, antivirus/ malware protection in place.

Sharing with third parties

From time to time we may need to share your personal data with third parties but we shall not do so except:

  • where we have your express permission;

  • where we are required to by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;

  • where it is permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.

Data Protection Authority

If your queries, concerns or complaints are not resolved by Risk Base in a satisfactory manner you are entitled to contact the local data protection authority, as below

Data Protection Authority

Address: 2nd floor, 5 Castle Street, St Helier, JE2 3RT.

Tel: +44 (0)1534 716530 Email: enquiries@oicjersey.org