1. ABOUT US AND THIS PRIVACY AND COOKIE POLICY
1.1 This Privacy and Cookie Policy sets out how RegTech Open Project plc (“RTOP”, “we“, “our“, or “us“) collects, stores, processes, transfers, shares and uses data that identifies or is associated with you (your “personal information“) when you use our websites at https://regtechopenproject.co.uk/ and https://orbitopenplatform.com (our “Websites“), or otherwise interact with us by email, phone or social media. RTOP operates an operational resilience software platform known as Orbit Open Platform (the “Platform” and, together with our Websites, our “Services“).
1.2 Please ensure that you have read and understood how we collect, store, use and disclose your personal information as described in this Privacy and Cookie Policy.
1.3 If you have any questions about this Privacy and Cookie Policy or how we use your personal information, please contact us by emailing us at privacy@regtechopenproject.co.uk.
2. WHO IS RESPONSIBLE FOR YOUR PERSONAL INFORMATION
2.1 We are the data controller of the personal information we collect and use as described in this Privacy and Cookie Policy. This means that we determine and are responsible for how your personal information is used when you use our Websites or otherwise interact with us by email, phone or social media.
3. PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
3.1 Information you provide to us
We collect personal information that you submit directly to us when you use the Websites, or otherwise communicate with us through email, phone or social media. We will collect the following information in this way:
(a) Business contact information, such as your first name, last name, work email address and telephone number.
How we use this personal information
We use this information to respond to any queries you submit to us about our Services or our business via our Websites or otherwise, for example, if you request a demo. We use this information to send you updates and information about promotions, events and new features on our Services.
Legal basis we rely on
The processing is necessary for our legitimate interests, namely communicating and responding to queries and customer service requests from our customers, prospective customers, and business contacts. We will only process your personal information in this way to the extent you have given us your consent.
(b) Comments, queries and feedback that you submit to us when you contact us. We collect this information directly from you.
How we use this personal information
We use this information to respond to your comments, queries and feedback about the Services or us. We use this information to tailor the communications we send to you so that they are more relevant to you.
Legal basis we rely on
The processing is necessary for our legitimate interests, namely communicating with customers, prospective customers and business contacts.
The processing is necessary for our legitimate interests, namely ensuring that the contents of any communications that we send is relevant to the recipient’s needs and interests.
(c) Your communication preferences, such as whether you asked or agreed to receive emails from us promoting our Services. We collect this information directly from you.
How we use this personal information
We use this information to ensure that we only send promotional communications to you in accordance with your preferences.
Legal basis we rely on
The processing is necessary to comply with a legal obligation to which we are subject, namely laws implementing the ePrivacy Directive 2002/58/EC (as amended).
3.2 Information we collect automatically
We also automatically collect certain personal information about you and about how you access the Websites, including the date and time you access the Websites, the actions you take on the Websites and the operating system and IP address you access the Websites from.
3.2.1 Device information, for example IP address, hardware model, operating system, application version, number, date and time stamp, browser type and a unique ID that allows us to uniquely identify your browser or your account.
How we use this personal information
We use this information so we can present the Websites to you in the correct format for your device and browser.
We use this information to ensure the security and integrity of the Websites, including identifying and preventing unlawful, fraudulent, or malicious use of the Websites.
Legal basis we rely on
The processing is necessary for the performance of a contract, namely the Terms of Use of our Websites.
Legitimate interests, namely identifying and mitigating the risk of unlawful behaviour to protect the Websites, RTOP and other Website users.
We use this information to monitor the performance of the Websites in order to identify and fix errors, and identify ways in which we can improve the Websites.
We will only process your personal information in this way to the extent you give us your consent to do so.
We and our third party ad networks, advertising partners and social media platforms use this information to:
– make the advertisements you see online more relevant to your interests; and
– to provide advertising-related services such as reporting, attribution, analytics and market research.
We may share with third party ad networks, advertising partners and social media platforms a common account identifier (such as a hashed email address or user ID) or other information.
We will only process your personal information in this way to the extent that you have given us your consent to do so.
3.2.2 Information about how you use the Websites, such as the website from which you came and the website to which you are going when you the Websites, the pages you visit on the Websites, the frequency of access, the links you click on in the Websites.
How we use this personal information
We use this information to ensure the security and integrity of the Websites, including identifying and preventing unlawful, fraudulent, or malicious use of the Websites.
Legal basis we rely on
Legitimate interests, namely identifying and mitigating the risk of unlawful behaviour to protect the Websites, RTOP and other Website users.
We use this information to:
– monitor and maintain the performance and security of our Websites;
– identify errors and ways in which we can improve the Websites, including developing and testing new features; and conduct analytics.
We will only process your personal information in this way to the extent you give us your consent to do so.
We and our third party ad networks, advertising partners and social media platforms use this information to:
– make the advertisements you see online more relevant to your interests; and
– to provide advertising-related services such as reporting, attribution, analytics and market research.
We may share with third party ad networks, advertising partners and social media platforms a common account identifier (such as a hashed email address or user ID) or other information.
We will only process your personal information in this way to the extent you give us your consent to do so.
3.3 We collect the above information through log files, cookies and similar tracking technologies (see below for further information).
3.4 We may process anonymised, pseudonymised, or aggregated data derived from users’ use of the Websites. This data is not considered personal information in law as it will not directly or indirectly identify any individual. However, if we combine such data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Privacy and Cookie Policy.
4. COOKIES AND SIMILAR TECHNOLOGIES
4.1 The Websites use cookies and similar tracking technologies to distinguish you from other users of the Websites. Cookies are pieces of code that we transfer to your device for record-keeping purposes. This helps us to provide certain functionalities of the Websites, to monitor and improve the Websites.
4.2 We use the following types of cookies on the Websites:
Strictly Necessary. These cookies are necessary for the Websites or certain functionalities on the Websites to function. Without them our Websites or certain parts of our Websites would not work as intended. Because these cookies are strictly necessary to deliver our Websites, you cannot refuse them without impacting how our Websites function. You can block or delete them by changing your browser settings, as described in the “How can I control cookies?” section below, but this will mean that certain parts of our Websites will not work properly.
Functional. These cookies allow, based on your express request, for you to be recognised when you subsequently access the Websites, so that you do not have to enter your information each time (for example: “Remember me”). Functional cookies are not essential to the functioning of the Websites, but rather improve navigation quality and experience.
Performance. These cookies collect information that is used in aggregate form to help us understand how our Websites are being used or, if applicable, how effective our marketing campaigns are.
Advertising. These cookies are used to record your visit to the Websites and the pages you view to help our advertising partners understand your interests and tailor advertising to those interests as you browse the internet.
4.3 Other than cookies or tracking technologies that are required to operate the Websites, we will only place cookies on your device with your consent. You can also change your preferences in relation to the cookies you consent to in our cookie preference centre.
4.4 You also have the ability to opt out by disabling cookies in your browser or mobile settings. These settings will typically be found in the “options” or “preferences” menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the “Help” option in your browser for more details.
(a) Cookie settings in Internet Explorer
(b) Cookie settings in Firefox
(c) Cookie settings in Chrome
(d) Cookie settings in Safari web and iOS.
5. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
5.1 Unless a longer retention period is required or permitted by law, we will only hold your personal information on our systems for the following periods:
Personal information
Contact information
Comments, queries and feedback
Communication preferences
How long we keep it
We will store this personal information for no longer than we need it to provide the Websites and any information you request from us and for the other purposes set out above.
We may also need to keep it to comply with our legal obligations and enforce our rights from time to time.
As a result, the length of time that we keep your information will vary depending on the purposes for which we have it. In any event, we will review what information we need on an ongoing basis and will only retain it for the minimum amount of time that we need it for.
Information we collect about how you access the Websites
We will store this personal information for no longer than we need it to provide the Websites and any information you request from us and for the other purposes set out above.
We may also need to keep it to comply with our legal obligations and enforce our rights from time to time.
As a result, the length of time that we keep your information will vary depending on the purposes for which we have it. In any event, we will review what information we need on an ongoing basis and will only retain it for the minimum amount of time that we need it for.
5.2 We may, however, need to retain your personal information for longer where required under applicable laws.
6. RECIPIENTS
6.1 As required in accordance with how we use your personal information, we may share your personal information as follows:
Recipient
Our subsidiaries and affiliates. We may share your personal information with affiliated legal entities within our family of companies.
How they use it
We may organise our group so that certain services and business functions are centralised and provided by another entity within our group.
Our affiliates will use your personal information in the same way as we do, as described in this Privacy and Cookie Policy.
The lawful basis we rely on for sharing personal information in this way is that it is necessary for our legitimate interests, namely procuring and providing intragroup services.
Service providers. We may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, such as providing hosting or other technical services.
These service providers will use your personal information as processors on our instructions.
Social media. When we interact with you through a social media platform, that social media platform will receive and process the personal information contained in such communications.
Social media platforms will use the personal information they collect in accordance with their privacy notices.
The lawful basis we rely on for transferring this personal information is that the processing is necessary for our legitimate interests, namely communicating with you and our customers through social media, and promoting our Services.
Purchasers and third parties in connection with a business transaction. Your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
These recipients will use your personal information to assess the potential transaction with us, and otherwise only as disclosed in this Privacy and Cookie Policy.
The lawful basis we rely on for transferring this personal information is that the processing is necessary for our and the third party’s legitimate interests, namely assessing and executing a potential transaction with us.
Law enforcement, regulators and other parties for legal reasons. We may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements; and/or (iii) exercise or protect the rights, property, or personal safety of RTOP, its users or others.
These recipients will use your personal information in the performance of their regulatory or law enforcement role, or to advise us in connection with a potential claim or regulatory enforcement action.
The lawful basis we rely on for sharing personal information with these recipients is that the processing is either necessary to comply with a legal obligation to which we are subject or is necessary for our legitimate interests, namely enforcing our rights or complying with requests from regulatory authorities.
Advisors, such as legal advisors, financial advisors or accountants.
Our advisors may need to access personal information in order to develop and provide their advice to us or otherwise perform their services.
These recipients will use your personal information in accordance with their own privacy policies, but in a manner consistent with this Privacy and Cookie Policy.
The lawful basis we rely on for sharing personal information in this way is that it is necessary for our legitimate interests, namely receiving professional legal, financial and accountancy advice.
Third party ad networks and advertising partners, such as advertising agencies and exchanges that use personal information to serve adverts to you based on your browsing history when you browse the internet.
These recipients will use your personal data to identify your interests based on your browsing history and serve you adverts that align with those interests.
They will also provide advertising-related services such as reporting, attribution, analytics and market research.
We will only share your personal data in this way to the extent you give us your consent to do so.
7. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
7.1 Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on our hosting provider’s secure servers. We will never send you unsolicited emails or contact you by phone requesting your credit or debit card information or national identification numbers.
7.2 International transfers of your personal information. Your personal information is primarily processed and stored within the EEA by our hosting provider.
7.3 However, we may occasionally need to transfer personal information from the EEA or the UK to other locations. If we do engage in such transfers of personal information, we will rely on:
(a) Adequacy decisions made by the European Commission that recognise the destination country as offering an equivalent level of protection as compared to the level of protection in the country where you are located; or, if you are in the United Kingdom, similar recognition that the destination country offers an equivalent level of protection under the UK Data Protection Act 2018 or regulations made by the UK Secretary of State under the UK Data Protection Act 2018; and
(b) Standard Contractual Clauses issued by the European Commission and, if you are in the United Kingdom, the approved addendum to those Standard Contractual Clauses issued under the UK Data Protection Act 2018.
7.4 We also continually monitor the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the UK GDPR and EU GDPR.
7.5 If you wish to enquire further about the safeguards we use, including obtaining a copy of any Standard Contractual Clauses we have in place with recipients outside the EEA or UK, please contact us using the details in the “About us” section above.
8. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
8.1 In accordance with applicable privacy law you may have the following rights in respect of your personal information that we hold:
(a) Right of access. The right to obtain:
(i) confirmation of whether, and where, we are processing your personal information;
(ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
(iii) information about the categories of recipients with whom we may share your personal information; and
(iv) a copy of the personal information we hold about you.
(b) Right of portability. The right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
(c) Right to rectification. The right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
(d) Right to erasure. The right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
(e) Right to restriction. The right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
8.2 You have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case.
8.3 You also have the right to withdraw your consent to our processing of your personal information, where our processing is solely based on your consent.
8.4 If you wish to exercise one of these rights, please contact us using the contact details in the “About us” section above.
8.5 You may also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK, information about how to contact your local data protection authority is available here.
9. LINKS TO THIRD PARTY SITES
The Websites may, from time to time, contain links to and from third party websites, including those of our partners, advertisers, social media platforms and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
10. OUR POLICY TOWARDS CHILDREN
Our Websites are not intended to be used by any person under 18. If you become aware that a child has provided us with personal information, without your consent, then please contact us using the details in the “About us” section above so that we can take steps to remove such information as quickly as possible.
11. CHANGES TO THIS POLICY
Any updates we may make to our Privacy and Cookie Policy will be posted on this page, and we may also provide a website notice of any material changes for a reasonable period of time. Please check back frequently to see any updates or changes to our Privacy and Cookie Policy. If you do not agree to these updates or changes, you should stop using the Websites and notify us that you would like us to delete your personal information.
12. NOTICE TO YOU
If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on the Website(s).