Privacy Policy

R1SK ("we", "our", or "us") is committed to protecting and respecting your privacy. This privacy policy sets out how we collect, use, store, and protect your personal data when you use our risk assessment platform and related services.

We are the data controller for the purposes of the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This means we are responsible for deciding how we hold and use personal information about you.

We collect and process the following categories of personal data:

Personal Data You Provide:

• Identity data: name, title, job title
• Contact data: email address, phone number, company address
• Account data: username, password, account preferences
• Professional data: company information, role, department
• Risk assessment data: safety reports, incident records, compliance documentation
• Communication data: messages, support requests, feedback

Automatically Collected Data:

• Technical data: IP address, browser type, device information
• Usage data: pages visited, features used, time spent on platform
• Cookies and similar technologies (see section 8)

We process your personal data on the following legal grounds:

• Contract: To provide our services and fulfill our contractual obligations
• Legitimate Interest: To improve our services, ensure security, and prevent fraud
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interests: To protect health and safety in emergency situations

We use your personal data for the following purposes:

• To provide, maintain, and improve our risk assessment platform
• To process and store your safety data and compliance records
• To authenticate your identity and secure your account
• To provide customer support and respond to your inquiries
• To send you important service updates and security notifications
• To generate reports, analytics, and insights for your organization
• To detect, prevent, and address technical issues and security threats
• To comply with legal and regulatory requirements
• To conduct research and development to improve our services

We may share your personal data with the following categories of recipients:

• Service Providers: Cloud hosting, email services, analytics, and support tools
• Legal Authorities: When required by law or to protect rights and safety
• Business Partners: With your explicit consent for specific integrations
• Professional Advisors: Legal, financial, or technical consultants

We ensure all third parties are bound by appropriate data protection obligations and only process your data for specified purposes.

International Transfers: Some of our service providers may be located outside the UK/EEA. We ensure appropriate safeguards are in place through standard contractual clauses and adequacy decisions.

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit and at rest using industry-standard protocols
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and security
• Incident response procedures and breach notification protocols
• Regular backups and disaster recovery procedures

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Account data: For the duration of your account plus 7 years for legal compliance
• Risk assessment data: As required by health and safety regulations
• Communication records: 3 years from the last interaction
• Technical logs: 12 months for security and troubleshooting

We will securely delete or anonymize your data when it is no longer needed, unless retention is required by law.

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data and processing information
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Rights Relating to Automated Decision Making: Request human review of automated decisions
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the details provided below. We will respond to your request within one month, unless the request is complex.

We use cookies and similar technologies to enhance your experience and analyze platform usage:

• Essential Cookies: Required for platform functionality and security
• Analytics Cookies: Help us understand how the platform is used
• Preference Cookies: Remember your settings and preferences

You can control cookie preferences through your browser settings. However, disabling essential cookies may affect platform functionality.

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "last updated" date
• Sending you an email notification for significant changes

We encourage you to review this policy periodically to stay informed about how we protect your data.

If you have concerns about how we handle your personal data, you have the right to make a complaint to the Information Commissioner's Office (ICO), the UK's data protection authority:

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.

If you have any questions about this privacy policy, wish to exercise your rights, or have concerns about our data practices, please contact us: