Data policy

A copy of this policy can be downloaded here.

 

Questions or complaints relating to Risk Intelligence’s processing of personal data can be addressed to Risk Intelligence at datapolicy@riskintelligence.eu

Complaints relating to Risk Intelligence processing personal data can also be addressed to The Danish Data Protection Agency (Datatilsynet) at www.datatilsynet.dk.

1: Risk Intelligence and personal data

As part of its business operations Risk Intelligence A/S (”Risk Intelligence”), Strandvejen 100, 2900 Hellerup, Denmark (Danish company reg. no. 27475671) is processing personal data which has been provided by or sourced through Risk Intelligence’s clients.

In most cases personal data is provided by clients to the Risk Intelligence System where it is processed by the client for the purposes determined by the client. In this case the clients will retain control of the personal data and act as data controller, thus being responsible for complying with the applicable data protection regulation (GDPR) vis-à-vis the registered individuals (data subject), whereas Risk Intelligence will act as data processor. A data processing agreement governs the legal relationship between Risk Intelligence and its clients.

Personal data may also be collected by means of Risk Intelligence’s CRM system, ERP system or otherwise in which case Risk Intelligence will act as data controller vis-à-vis the registered individual.

This processing of personal data is subject to the provisions of this personal data policy.

2: Personal data collected and processed

Risk Intelligence processes the following categories of personal data on individuals:

  • Name and title/position in organisation

  • Email address

  • Address

  • Phone number

  • Other information on individuals stored by the clients in the Risk Intelligence system

The clients of Risk Intelligence are requested not to process sensitive data (e.g., health-related data) in the Risk Intelligence System, and Risk Intelligence does not collect and register any such data.

3: The purposes of processing

When a client processes personal data through the Risk Intelligence system it is in order to pursue a purpose determined by the client, in most case in order to fulfil an agreement or transaction in which the data subject is party to.

When Risk Intelligence processes personal data it is for one or more of the following purposes:

  • Keeping and making the data stored by the clients available to clients

  • Communication and other activities relating to the supply of Risk Intelligence’s services

  • Surveys, statistics, and analysis for improvement of the Risk Intelligence System and service

  • Processing in relation to any legal claims or dispute regarding Risk Intelligence’s facilities or complying with public requirements or orders according to mandatory applicable law

Processing of personal data will be limited to what is necessary to fulfil the purpose associated with the processing activity.

4: Collection of personal data

Personal data will have been provided by clients or others to the Risk Intelligence system, via the Risk Intelligence website or by Risk Intelligence through the application of Risk Intelligence’s ERP system, CRM system or other source.

5: Basis for processing of personal data

When a client provides personal data to the Risk Intelligence system as data controller, the client will be responsible for the legal basis (agreement/consent from the registered person or other legal basis) for the clients processing of the personal data in the Risk Intelligence system.

When Risk Intelligence is processing personal data, it will be in order to fulfil an agreement with a client where this is necessary for Risk Intelligence to pursue a legitimate interest, and where the consideration for the registered individual does not precede such an interest.

6: Sharing of the client’s personal data

The client processing personal data in the Risk Intelligence system will shared with only relevant employees of the client and not third parties.

The following people will be able to access personal data processed by Risk Intelligence:

  • Employees at Risk Intelligence who are involved in technical and service support and analysis.

  • Public authorities if required according to mandatory law.

The personal data stored in the Risk Intelligence system is stored in Microsoft data centres located within EU. Microsoft reserves the right provide support from outside the EU and depending on the nature of the support service and the time of day/night when the support service is provided, the data may hence to limited extent be processed outside the EU.

7: Duration of storage 

It is the responsibility of the client to delete the personal data stored by the client in the Risk Intelligence system when there is no longer legitimate basis for the storage.

Risk Intelligence continuously deletes personal data stored by Risk Intelligence when the processing is no longer necessary for the purpose for which the data was originally collected. Hence, the personal data will be deleted at the latest when the client in question does no longer use the Risk Intelligence system, or the part of the particular part of the Risk Intelligence system as the case may be, or when the client informs Risk Intelligence that storage of the personal data is no longer relevant.

Risk Intelligence secures the collected personal data through technical as well as organizational security measures to protect the data against unauthorised access, manipulation, destruction/deletion or loss of data.

8: Rights

The registered individual (data subject) has the following rights regarding the personal data registered in the Risk Intelligence system:

  • To be informed on what personal data is registered regarding him/her,

  • To have incorrect data registered rectified,

  • To have data deleted once the registration is no longer necessary to fulfil the purposes and such deletion is not impeded by a task/duty resting upon Risk Intelligence pursuant to mandatory law,

  • To receive the data regarding him/her in a structured, common and machine-readable format, if necessary by email.

The obligation to fulfil these rights rest upon the client in the event that the client is the data controller of this data. However, Risk Intelligence shall assist the client in fulfilling its duties vis-à-vis the data subject.

In the event that Risk Intelligence is the data controller the obligation to fulfil these rights rest upon Risk Intelligence.

9: Cookies

Risk Intelligence uses cookies, tracking pixels, and other tracking technologies to improve user experience and show visitors relevant content when visiting our websites (www.riskintelligence.eu and investor.riskintelligence.eu) or Risk Intelligence’s social media channels.

These cookies allow the website to remember choices the visitor makes to provide better functionality, such as auto-filling information in a form the visitor uses twice (session cookies). Analytics cookies provide information on the visitors’ areas of interest, so we can optimise the content we show when the visitor visits the Risk Intelligence websites (Google Analytics cookies).

These settings can be adjusted by the visitor via the cookie banner displayed on the website, in compliance with GDPR legislation.

10: Alteration of personal data policy

This personal data policy will continuously be adjusted by Risk Intelligence to accommodate the applicable data protection regulation from time to time.

11: Contact

Questions or complaints relating to Risk Intelligence’s processing of personal data can be addressed to Risk Intelligence at datapolicy@riskintelligence.eu

Complaints relating to Risk Intelligence processing personal data can also be addressed to The Danish Data Protection Agency (Datatilsynet) at www.datatilsynet.dk.