This notice applies to data that is held stored, used and shared by BR Consult Limited (we/our/us) and your rights in relation to personal information.
We are a provider of a software package, RAID (Software), and enter into agreements for the use of the Software (Agreement(s)) with Clients (Client(s)) pursuant to which the Clients use the software to aggregate and analyse publicly available third party content (Services).
We receive personal information into the Software in relation to individuals which the Software collects from data sources providing publicly available third party content (Sources) as the result of the use by the Software by the Client and in these circumstances the Client is the data controller and we are the data processor and our Software processes personal data in accordance with the Client’s directions. The Software will only be able to collect information from Sources if an individual has given its consent to such collection as part of their subscription to the Sources.
We hold personal information that a representative of a Client provides to us for the purpose of entering into an Agreement with the Client in the capacity of data controller.
We may also hold other information that individuals or people other than Clients may give to us which we hold as data controller.
The categories of data that we hold as Data Controller are names, email address, contact details and if you are a supplier to us then your bank details. The categories of data that we hold as data processor depend on the use by the Client of the Software but can include a username, photos, general location information and any other information provided by the Sources.
We as data controller receive analytical data from Google in relation to people visiting/browsing www.raidtech.co.uk which does not contain any personal data.
Basis of Processing
The processing of individuals and Client owner’s/representative’s personal data is necessary for the performance of the Agreement and the provision of Services. If you are a supplier of goods or services to us and provide us with personal information that is necessary for you to contract with us then we will process your data to enable performance of the agreement with you (e.g. bank details for payment).
If we are going to process data that we hold in the capacity of data controller for marketing purposes to a Client, then we will obtain prior consent from the relevant person at the Client and give the opportunity to withdraw consent at any time.
We process analytical data from Google in relation to www.raidtech.co.uk on the basis of our legitimate interests seeking to develop our own business and we do not carry out any automatic profiling.
Who we share personal information with
We routinely share personal data with third party sub-processors (providers of hosting platforms or software to us or whose software interfaces with our Software) and consultants that provide code writing services as part of the provision of the Services. Some of those sub-processors may have systems that are outside of outside the EEA and data may be processed (e.g. back up) by such providers outside of the EEA. We need to share this data in order to provide the Services.
We will not share data with third parties for marketing purposes.
How long your information will be kept
We will store information that we hold in the capacity of data processor pursuant to an Agreement for the period required for the provision of the Services and as directed by the relevant Client as data controller.
Where we hold data as data controller we will hold the data for the duration of the Agreement and any longer period required for us to comply with applicable law (e.g. audit) or in other cases for the duration of the period necessary for the purpose that you provided the data to us or to which you have consented (e.g. any marketing).
Transfer out of the EEA
Where data is transferred out of the EEA as part of the provision of Services this will only be done if the Client as data controller has approved the use of the relevant sub-processor and we are satisfied that it has provided appropriate safe guards and enforceable data subject rights are available pursuant to articles 44 – 49 of the GDPR. If the Client is based in the USA then data will be hosted on a server in the Client’s locality in the USA.
A data subject has certain rights including the following: to correct any mistakes in your information; to request the erasure of any information; to withdraw consent to processing for marketing (Rights). Further information is available at ico.og.uk.
If you are an individual that is the subject of data processing by a Client for which we are providing Services then you must contact the Client in order to exercise any of your Rights and in general as we can only act in accordance with the Client’s instructions.
If you are a Client with whom we have an Agreement then we will not necessarily be able to perform the actions in relation to your Rights until the Agreement has ended and we are not required to retain the data by law other than the withdrawal of consent to any marketing to which you may have consented.
We have appropriate security measures in place to prevent personal information from being lost, used or accessed in an unauthorised way. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Third Party Links
www.raidtech.co.uk may contain hyperlinks or references to third party websites. Any such hyperlinks or references are provided for your convenience only. We have no control over third party websites and accept no legal responsibility for any content, material or information contained in them. The display of any hyperlink and reference to any third party website does not mean that we endorse that third party’s website, products or services. Your use of a third party site may be governed by the terms and conditions of that third party site.
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation gives you the right to lodge a complaint with the supervisory authority which is the Information Commissioner who may be contacted at: ico.org.uk/concerns.
This privacy notice was published on 10 May 2018 and may be changed from time to time.
BR Consult Limited is a company registered in England under number 07551858 whose registered office is at 101 Finsbury Pavement, London, England, EC2A 1RS.
Please write to this registered office address for the attention of BR Consult Ltd or Email: firstname.lastname@example.org Tel 0845 833 2995