Privacy Policy
Your privacy is important to us. It is Ubiquitous Risk Limited’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://ubiquitousrisk.com, and other sites we own and operate.
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.
In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.
This policy is effective as of 13 August 2024.
Last updated: 13 August 2024
Information We Collect
Information we collect falls into one of two categories: ‘voluntarily provided’ information and ‘automatically collected’ information. We collect and process this information in accordance with the UK GDPR and other applicable data protection laws. We only collect information necessary for the purposes specified in this privacy policy. You have rights regarding your personal data, including the right to access, correct, and erase it.
‘Voluntarily provided’ information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.
‘Automatically collected’ information refers to any information automatically sent by your devices in the course of accessing our products and services.
Log Data
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
This data is collected for legitimate interests including site improvement, security, and analytics. While this information may not be personally identifying on its own, it could potentially be combined with other data to identify individuals. We process this data in compliance with the UK GDPR and other applicable laws. You have the right to object to this processing.
Personal Information
We may collect the following personal information when you interact with our services, such as subscribing to our newsletter or contacting us:
- Name
- Phone/mobile number.
Home/mailing address. We collect this information only when you voluntarily provide it. Our legal basis for processing this data may include Consent (eg for newsletter subscriptions), Contractual necessity (eg to provide requested services) and legitimate interests (eg to respond to your inquiries).
Lawful Basis for Processing Your Personal Information
We only process your personal information when we have a lawful basis for doing so under UK GDPR. We only collect the personal information that is reasonably necessary to provide our services to you.
Collection and Use of Information
We may collect personal information from you when you do any of the following on our website:
- sign up to receive updates from us via email or social media channels
- use a mobile device or web browser to access our content
- contact us via email, social media, or on any similar technologies
- when you mention us on social media.
We may collect, hold, use and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
- to provide you with our platform’s core features and services
- to enable you to customize or personalise your experience of our website
- to contact and communicate with you
- for analytics, market research, and business development, including to operate and improve our website, associated applications, and associated social media platforms
- for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you
- to consider your employment application
- for internal record keeping and administrative purposes.
We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, our marketing and market research activities may uncover data and insights, which we may combine with information about how visitors use our site to improve our site and your experience on it and we do this in a way that respects data protection principles and your rights under UK GDPR.
Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring you do not make your personal information publicly available via our platform.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) without undue delay, in accordance with UK GDPR requirements.
How Long We Keep Your Personal Information
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information such as an email address when contacting us about a specific enquiry, we may retain this information for the duration of your enquiry remaining open as well as for our own records so we may effectively address similar enquiries in future. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you. You have the right to request deletion of your personal data. We will comply with this request unless there is a legitimate reason for continued retention.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Children’s Privacy
We do not aim any of our products or services directly at children under the age of 13 and we do not knowingly collect personal information about children under 13.
Disclosure of Personal Information to Third Parties
We may share your personal information with third parties only where necessary for the purposes specified in this privacy policy and where we have a lawful basis for doing so. Recipients may include:
- a parent, subsidiary or affiliate of our company
- third-party service providers for the purpose of enabling them to provide their services including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, professional advisors, and payment systems operators
- our employees, contractors, and/or related entities
- our existing or potential agents or business partners
- credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
- courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or to establish, exercise, or defend our legal rights
- third parties, including agents or sub-contractors who assist us in providing information, products, services, or direct marketing to you
- third parties to collect and process data
- an entity that buys, or to which we transfer all or substantially all of our assets and business.
Third parties we currently use include:
- Google Analytics.
We only disclose the minimum necessary personal information. We ensure all third parties respect the security of your data and treat it in accordance with the law. We have data processing agreements in place with our processors, as required by UK GDPR.
Some of our third-party service providers may be based outside the UK. In such cases, we ensure a similar degree of protection is afforded to your data by using specific contracts approved by the UK government for international data transfers.
Your Rights and Controlling Your Personal Information
Under the UK GDPR, you have significant rights over your personal data. We are committed to upholding these rights.
Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Correction: If you believe that any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you have the right to request the correction of such data. Please contact us using the details provided in this privacy policy. We will promptly review your request and take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date, in accordance with our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information as provided under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means that, unless your personal information is essential for delivering a particular service or offer (such as providing user support), we will not deny you goods or services, charge you different prices or rates, or provide a different level or quality of goods or services. We also will not impose penalties or withhold discounts or other benefits because you exercised your data protection rights.
Notification of data breaches: We will comply with our legal obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in the event of a data breach. Where required, we will notify the Information Commissioner’s Office (ICO) and any affected individuals without undue delay, especially if the breach is likely to result in a high risk to your rights and freedoms. We will also take all necessary steps to mitigate the impact of the breach and prevent future occurrences.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details provided in this privacy policy and include full details of the alleged breach. We will promptly investigate your complaint and provide you with a written response, outlining the outcome of our investigation and the steps we will take to address your concerns.
In addition, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection authority, if you are dissatisfied with how we have handled your complaint. You can contact the ICO directly via their website, by phone, or by mail.
Unsubscribe: You have the right to opt-out of receiving marketing communications from us at any time. To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.
Use of Cookies
We use cookies and similar technologies to collect information about your interactions with our website, helping us understand how you use our site, remember your preferences, and personalize your experience. Cookies are small text files stored on your device, and we utilize both essential cookies for website functionality and non-essential cookies for enhanced services. You have the right to manage your cookie preferences, and for detailed information on the types of cookies we use and how to adjust your settings, please refer to our Cookie Policy for more information. By continuing to use our site, you consent to our use of cookies in accordance with this policy.
Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of all or part of our assets, your personal information may be transferred as part of our business assets. The acquiring party may continue to use your data in accordance with this privacy policy, which they will be required to assume. We will notify you of any change in ownership and provide an opportunity to consent to or opt-out of any material changes in how your information is used. All transfers will comply with applicable data protection laws, and we will ensure appropriate safeguards are in place to protect your personal information. By using our services, you acknowledge that such transfers may occur. If you have concerns, please contact our Data Protection Officer using the details in the ‘Contact Us’ section.
Limits of Our Policy
Our website may link to external sites that are not owned, operated or controlled by us. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices. We encourage you to review the privacy policies of any external sites you visit via links from our website. Your interactions with these sites are governed by their policies, not ours.
Changes to This Policy
We are committed to maintaining the accuracy and relevance of this privacy policy. At our discretion, we may update it from time to time to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If required by law, or if we make significant changes to our data collection, use, or sharing practices, we will seek your consent or provide you with the opportunity to opt-in or opt-out of these new practices, as applicable.
Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (UK)
Data Controller / Data Processor
Under the UK General Data Protection Regulation (UK GDPR), there is an important distinction between ‘data controllers’ and ‘data processors’. We, Ubiquitous Risk Limited, located at the address provided in our Contact Us section, acts in the capacity of both a Data Controller and a Data Processor, depending on the specific processing activities and the context in which personal data is handled. We are committed to fulfilling our obligations under both roles, ensuring the lawful and secure processing of personal data in compliance with the UK GDPR.
Legal Basis for Processing Your Personal Information
We are committed to processing your personal information lawfully, fairly, and transparently. We will only collect and use your personal data when we have a valid legal basis to do so under the UK GDPR. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.
The specific legal basis we rely on for processing your personal data depends on the context and purpose of the processing. This means we only collect and use your information on the following grounds:
Consent From You
Under the UK GDPR, we may process your personal data based on your consent. This means you have given us specific, informed, and unambiguous indication of your wishes, either by a statement or by a clear affirmative action. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place. You may consent to providing your email address for the purpose of receiving marketing emails from us. While you may unsubscribe at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
Performance of a Contract or Transaction
Under the UK GDPR, we may process your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. For example, if you contact us with an enquiry, we may require personal information such as your name and contact details in order to respond.
Our Legitimate Interests
Under the UK GDPR we may process your personal data where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.
Compliance with Law
In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. We will only retain your personal information for as long as necessary to fulfil these legal obligations. We ensure that any such retention is done in accordance with the UK GDPR and the Data Protection Act 2018 principles of data minimisation and storage limitation. If you have any further enquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
International Transfers Outside of the United Kingdom
We will ensure that any transfer of personal information from the United Kingdom to countries outside the UK will be protected by appropriate safeguards. These safeguards may include:
- Transferring to countries that have been deemed adequate by the UK government
- Using the International Data Transfer Agreement (IDTA) or the IDTA Addendum to the EU Standard Contractual Clauses
- Implementing Binding Corporate Rules
- Relying on exceptions provided in UK data protection law, where applicable
Before making any international transfers, we will conduct a risk assessment to ensure that the protections under UK data protection laws are not undermined. We will regularly review our data transfer mechanisms to ensure ongoing compliance with UK regulations. For transfers to the United States, we may rely on the UK Extension to the EU-US Data Privacy Framework, where the recipient organization is appropriately certified. We are committed to maintaining the privacy and security of your personal information in accordance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR).
Your Rights and Controlling Your Personal Information
Restrict:
You have the right to request that we restrict the processing of your personal information in specific situations i) Accuracy Concerns: If you contest the accuracy of your data, ii) Unlawful Processing: If you believe your data has been processed unlawfully, iii) Legal Claims: If you need your data maintained for legal claims, iv) Objection to Processing: If you have objected to processing based on legitimate interests.
Key Points:
- We will not process your data further while the restriction is in place
- We will inform you before lifting any restrictions
- We will notify any third parties with whom we shared your data about the restriction unless it is impossible or requires disproportionate effort
- You can request to lift the restriction at any time.
To exercise this right, please contact our Data Protection Officer. We will respond within one month, with a possible two-month extension for complex requests.
Objecting to processing: You have the right to object to the processing of your personal information where we are relying on our legitimate interests or the public interest as the legal basis for the processing. If you raise an objection, we will stop processing your personal information unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defence of legal claims.
Right to Data portability:
Under the UK GDPR, you have the right to data portability. This means you can request a copy of the personal information we hold about you and have it transferred to another organisation in certain circumstances. Here are the key points:
Requesting Your Data:
You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format.
Where technically feasible, we will provide this information in CSV format or another easily readable machine format.
Transfer to Another Controller:
You can request that we transfer your personal data directly to another data controller (ie another organisation), where technically feasible.
Scope of the Right:
This right applies to personal data you have provided to us:
Where our processing is based on your consent or for the performance of a contract
When the processing is carried out by automated means
Time Frame:
We will respond to your request within one calendar month. This can be extended by two further months if the request is complex or we receive multiple requests from you.
Cost:
We will provide this information free of charge. However, we may charge a reasonable fee for additional copies or if the request is manifestly unfounded or excessive.
Limitations:
This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
To exercise your right to data portability, please contact our Data Protection Officer. We may need to verify your identity before processing your request.
Deletion:
You have the right to request the deletion of your personal information under certain circumstances. This is also known as the ‘right to be forgotten’. If you make such a request, we will take reasonable steps to delete your personal information from our current records within one calendar month of receiving your request. We may delete your data in the following situations:
- We no longer need your data for the original purpose we collected it
- You withdraw your consent for us to use your data
- You object to the use of your data, and your interests outweigh ours
- We have collected or used your data unlawfully
- We have a legal obligation to erase your data
- The data was collected from you as a child for an online service.
Please note:
- There may be legal or legitimate reasons why we cannot fully delete your information. If this is the case, we will explain these reasons to you in response to your request.
- If you delete your account, we will delete your personal information within 7 days.
- Search engines and third parties may retain copies of publicly available information, such as profile details or public comments, even after deletion from our services.
To request deletion of your personal data, please contact our Data Protection Officer. We may need to verify your identity before processing your request.
Contact Us
For any questions or concerns regarding your privacy, you may contact us using the following details:
Ashley Milroy
ashley.milroy@ubiquitousrisk.com