Privacy Statement

This privacy notice explains how and why Ripple&Co processes personal data under the General Data Protection Regulations (GDPR) and the Data Protection Act 2018.

It describes what Ripple&Co may do with either client or individual information when our services are commissioned.

What data Ripple&Co collects and how it uses that data depends on:

•       what Ripple&Co services are required

•       how much personal data is needed to provide these services

Training services

When booking or arranging training courses, workshops or other projects offered by Ripple&Co, we collect and use personal data to provide this service.

Depending on the process agreed with a client, to ensure smooth running of the service the following data may be collected:

•       name

•       address

•       telephone number

•       email address

•       workplace details

•       additional needs including learner support and venue access

•       dietary requirements if food is needed for a training course

Legal basis for processing your personal data

Under data protection law, Ripple&Co must have a legal basis to collect, store and use your personal data. If we also use sensitive personal data, we need a second legal basis.

The legal basis for processing most of the personal data we use is that it is necessary to carry out our service:

•       When you have given consent.

•       When we make a contract with you.

•       To protect your (or someone else's) interests.

•       To protect our legitimate corporate interests.

We may share this information with associates who are contracted to deliver the services purchased. 

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are: 

•       Your consent. You can remove your consent at any time. You can remove your consent by contacting accounts@rippleandco.com

•       To deliver a service to you under a contractual obligation.

Personal data collected for this purpose is retained for up to 2 years after the contract naturally ends or after either party terminates the contract.  We will then dispose of stored information through the following applicable ways:

•       Items held on our IT systems - Secure deletion software.

•       Items stored in the Cloud – deleted securely in line with Cloud platform instructions.

•       Removable storage – USB, external hard drives – n/a removable storage is forbidden.

•       Paper – shredded using secure waste management services.

Confidentiality, storage, and security of personal data

Ripple&Co is committed to the confidentiality and privacy of our clients and users. All personal information will be held securely on our IT systems which are protected by passwords that are regularly changed as well as up to date anti-virus software. Data is also stored in the password protected Cloud using OneDrive, a Microsoft internet-based storage platform.  OneDrive has implemented data encryption technologies, adjustable access and sharing capabilities, and sensitive data classification opportunities. If it is necessary to share sensitive information, it is possible to send files with a one-time verification code. This code is emailed to the recipient upon access attempt and provides a second layer of security.

Any paper copies of personal data are stored in locked cabinets.

Data will not be sold or traded to another organisation or company.

If personal data is shared with an external company or service provider employed by Ripple&Co as part of the services being provided, we make sure:

•       It will be held securely.

•       They will only use it to provide the services or information you've asked for.

Your rights under data protection law

You may have a right to request:

•       A copy of the information that Ripple&Co holds about you ('subject access request' (SAR) in the GDPR)

•       That anything inaccurate in your personal data is corrected ('rectification' in the GDPR)

•       That we remove your personal data ('right to erasure' in the GDPR)

•       That we use your personal data only in specific circumstances ('restriction' in the GDPR)

•       That we stop processing your personal data ('object' in the GDPR)

•       To receive a copy of your personal data so you can reuse it across different services ('data portability' in the GDPR)

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at accounts@rippleandco.com

You may also have rights in relation to automated decision-making and profiling.

Your data protection rights

Under data protection law, you have rights including:

•               Your right of access - You have the right to ask us for copies of your personal information. 

•               Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

•               Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 

•               Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

•               Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

•               Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

•               You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at accounts@rippleandco.com if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at accounts@rippleandco.com.  

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:             

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk