DERIVITEC LIMITED, Privacy Notice for access to and use of Derivitec Risk Portal
Your privacy is of paramount importance to Derivitec Ltd, having its office at Level 39,
One Canada Square, London E14 5AB (hereinafter referred to as “Derivitec”, “we”,
“us” or “our”, which terms shall also include our Affiliates. “Affiliates” means
any entity that directly or indirectly controls, is controlled by, or is under common control
with us. "Control" for purposes of this definition, means direct or indirect ownership or
control of more than 50% of the voting interests of the subject entity). This privacy notice
(“Privacy Notice”) applies to all products and services offered by Derivitec (the “Service”).
This Privacy Notice sets out the basis on which any Personal Data which we collect from you, or
that you provide to us, will be processed by us. In this Privacy Notice, the term “Personal Data”
means data relating to a living individual who is or can be identified either from the data or
from the data in conjunction with other information that is in, or is likely to come into, our
possession, and includes personal data as described in Data Protection Legislation (as defined below).
Please read the following carefully. Registering for a Derivitec account (“Your Account”)
on our website or any mobile application, use of Your Account and accepting the terms of this
Privacy Notice indicates that you have reviewed this Privacy Notice and have agreed to be bound
by it. You will be required to expressly accept this Privacy Notice before registering Your
Account (or before continuing to use the Service), and any users who use Your Account will also
be required to expressly accept this Privacy Notice before first accessing (or before continuing
to access) our Service through Your Account. If you do not agree to these terms you must leave
our website immediately. If you choose to accept this Privacy Notice, we will keep a record of
your acceptance in this regard.
We will handle your Personal Data in accordance with Data Protection Legislation.
“Data Protection Legislation” means the Data Protection Acts 1988 and 2003 and Directive
95/46/EC, any other applicable law or regulation relating to the processing of personal data
and to privacy (including the E-Privacy Directive), as such legislation shall be amended,
revised or replaced from time to time, including by operation of the General Data Protection
Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR).
Under the EU's General Data Protection Regulation (GDPR) personal
data is defined as:
"any information relating to an identified or identifiable natural
person ('data subject'); an identifiable natural person is one who
can be identified, directly or indirectly, in particular by reference
to an identifier such as a name, an identification number, location
data, an online identifier or to one or more factors specific to the
physical, physiological, genetic, mental, economic, cultural or social
identity of that natural person".
We fully respect your right to privacy in relation to your interactions with the Risk Portal and endeavour to be transparent in our dealings with you as to what information we will collect and how we will use your information. Also, we only collect and use individual’s information where we are legally entitled to do so.
You must register on the Risk Portal in order to use it. The registration process asks you for the following:
When you use the Risk Portal we also store the following:
When an error occurs in the Risk Portal we may also store the following:
We endeavour to keep your data accurate and up-to-date. As such, you must tell us about any changes to such information that you are aware of as soon as possible. You can update your personal information held on our website page at any time.
We do not store any of the special categories of data covered under the GDPR.
In order for us to provide you with the Risk Portal we need to collect
personal data for the following purposes:
When you send email or other communication to Derivitec Ltd, we may retain those communications in order to process your inquiries, respond to your requests and improve our Service. Derivitec Ltd is a Data Controller (as defined in Data Protection Legislation) in respect of the your data. The legal basis upon which we process your data is our legitimate interest to provide the Risk Portal to you.
Our legal basis for processing for the personal data:
In any event, we are committed to ensuring that the
information we collect and use is appropriate for this purpose, and
does not constitute an invasion of your privacy.
In terms of being contacted for marketing purposes Derivitec Ltd
would contact you for additional consent.
We may pass your personal data on to third-party service providers
contracted to Derivitec Ltd in the course of dealing with you. Any
third parties that we may share your data with are obliged to keep
your details securely, and to use them only to fulfil the service
they provide you on our behalf. When they no longer need your data
to fulfil this service, they will dispose of the details in line with
Derivitec Ltd's procedures. If we wish to pass your sensitive
personal data onto a third party we will only do so once we have
obtained your consent, unless we are legally required to do otherwise.
Derivitec Ltd will process (collect, store and use) the
information you provide in a manner compatible with the EU's General
Data Protection Regulation (GDPR). We will endeavour to keep your
information accurate and up to date, and not keep it for longer than
is necessary. Derivitec Ltd is required to retain information in
accordance with the law, such as information needed for income tax and
audit purposes. How long certain kinds of personal data should be kept
may also be governed by specific business-sector requirements and
agreed practices. Personal data may be held in addition to these
periods depending on individual business needs.
Our aim is not to be intrusive, and we undertake not to ask irrelevant
or unnecessary questions. Moreover, the information you provide will
be subject to rigorous measures and procedures to minimise the risk of
unauthorised access or disclosure.
We may contact you:
Derivitec Ltd at your request, can confirm what information we
hold about you and how it is processed. If Derivitec Ltd does hold
personal data about you, you can request the following information:
Identity and the contact details of the person or organisation that
has determined how and why to process your data. In some cases, this
will be a representative in the EU.
Contact details of the data protection officer, where applicable.
The purpose of the processing as well as the legal basis for
If the processing is based on the legitimate interests of
Derivitec Ltd or a third party, information about those
The categories of personal data collected, stored and processed.
Recipient(s) or categories of recipients that the data is/will be
If we intend to transfer the personal data to a third country or
international organisation, information about how we ensure this is
done securely. The EU has approved sending personal data to some
countries because they meet a minimum standard of data protection.
In other cases, we will ensure there are specific measures in place
to secure your information.
How long the data will be stored.
Details of your rights to correct, erase, restrict or object to such
Information about your right to withdraw consent at any time.
How to lodge a complaint with the supervisory authority.
Whether the provision of personal data is a statutory or contractual
requirement, or a requirement necessary to enter into a contract, as
well as whether you are obliged to provide the personal data and the
possible consequences of failing to provide such data.
The source of personal data if it wasn't collected directly from
Any details and information of automated decision making, such as
profiling, and any meaningful information about the logic involved,
as well as the significance and expected consequences of such
Derivitec Ltd accepts the following forms of ID when information
on your personal data is requested:
Passport or driving licence accompanied by a utility bill (from
last 3 months)
|Data Protection Officer contact details|
|Contact Name:||Michael Armitage|
|Address line 1:||Derivitec Ltd|
|Address line 2:||Level 39|
|Address line 3:||One Canada Square|
|Address line 4:||London|
|Address line 5:||E14 5AB|
|Telephone:||+44 203 668 3681|
v1.0 Effective 24th May 2018