Your privacy is important to us, and so is being transparent about how we collect, use and share information about you.
The approach that we will take will be based on the six data protection principles, these being:
- Lawfulness, fairness and transparency;
- Purpose limitations;
- Data minimisation;
- Storage limitation; and
- Integrity and confidentiality.
We will also explain what rights you have with regards to your personal data and how you can exercise those rights.
Who are we.
Ark Workplace Risk Ltd (Ark) is the data controller for all data held by Ark directly this means that Ark determines what data is collected within the company, how this data is going to be used and processed by the company and how this data is protected.
Ark Workplace Risk Ltd - Registered Office:
2nd Floor,15 Basinghall Street, London EC2V 5BR
Keep us up to date.
It is important that you let us know if there are any changes to your situation, contact or personal details. This is so that we can manage and protect your account(s) and communicate with you safely and quickly.
Please let us know straight away if any of these change:
- Your name;
- Address (including if you have moved abroad);
- Phone number, including mobile;
- Email address.
- IP address,
- Other personal information supplied by you.
Where applicable: you should also ensure that your nominated bank account and invoice details is kept up to date.
We will contact you using the most recent address, email or phone number that you have given us.
If you don’t tell us promptly about a change in your details, you may not receive information that could be important.
What information do we collect about you?
We collect information about you when you agree to any of our contracts, IT products or services. We also collect information when you enter into communication with us.
How we use your information
We may use any information you give us about yourself and others to:
- Manage your account;
- Carry out regulatory checks to meet our legal obligations;
- Prevent and detect crime;
- Keep you up-to-date with information about your account;
- Develop, test and improve our products and services;
- Conduct market research and product analysis;
- Undertake anonymised statistical analysis (we won’t be able to identify individuals from this data);
- When we have your permission to do so; provide you with marketing material which may be tailored to your individual needs.
We may need to forward your details to a third party to service requests and fulfil orders. Examples would be application support. This information is typically used to provide the third party with contact details or site address.
We treat all information we hold about you as private and confidential and we will not reveal any personal details about your account to anyone, unless:
- You ask us to reveal the information, or we have your permission to do so;
- We are required or permitted to do so by law;
- It is required by law enforcement, fraud prevention or credit reference agencies;
- There is a duty to the public to reveal the information, e.g. to other government bodies, tax authorities or regulatory bodies.
When you provide us information about another person, you need to confirm that you have been appointed to act on behalf of the other person. This includes providing consent to process that other person’s data.
Upon service termination, non-statutory or data that may not be relied upon in legal action that is not required data will be deleted within 30 days of the termination date.
Where data needs to be retained for longer, i.e. statutory requirements such as financial requirements; data for both Limited Companies and Sole traders would be kept for 6 years from the end of the last financial year.
Physical access to hosted systems is restricted to authorised personnel only
We may monitor or record telephone calls for training, quality assurance and other business purposes.
Website - these technologies enable you to navigate between web pages efficiently.
Emails - help us to understand whether you have opened the email and how you have interacted with it. You can choose to accept or decline cookies but this may impact on the usability of the system(s).
From time to time we may change the way we use customer information. Where we believe that customers may not reasonably expect such a change, we will let you know by your chosen method, for example, by post or email.
If you do not object to the change within 60 days of us letting you know, we will consider that you have agreed to that change.
Keeping you up to date
We would like to keep you up to date with information about our products and services which we think might interest you. If you do not want to receive this information, you can contact us using the details below.
Finding out the information we hold about you
Employee and Customer information will be held by us in both paper form and kept on out IT systems and will be kept in line with our retention procedures.
If you would like a copy of the information we hold about you, you can make a Data Subject Access Request.
Please write to or email the Data Officer at the following address: Ark Workplace Risk Ltd
2nd Floor, 15 Basinghall Street London EC2V 5BR
Consent and Your rights as a data subject
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
Consent is required for Ark Workplace Risk Ltd to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email firstname.lastname@example.org or use the information supplied in the Contact Us section below. In order to process your request, we will ask you to provide two valid forms of identification for verification.
The right to be informed
The right of access
You may request a copy of the personal data we hold about you free of charge. Once your identity has been verified, or if relevant; the authority of any third-party requester, we will provide access to the personal data we hold about you.
The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This could include preventing use of any such data until it is complete or corrected.
The right to erase your personal data – the ‘right to be forgotten’.
Where no legitimate reason or legal requirement continues to exist for processing personal data, you may request that we delete the personal data.
The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This is an alternative to the right of erasure.
The right to data portability
You may request your set of personal data be transferred to another controller or processor and provided in a commonly used and machine-readable format. The right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
Modern slavery statement
Ark Workplace Risk Ltd has a zero tolerance approach to any form of modern slavery. We are committed to acting ethically and with integrity and transparency in all business dealings and to putting effective systems and controls in place to safeguard against any form of modern slavery taking place within the business or our supply chain.
Ark Workplace Risk Ltd will not pass on your personal data to third parties without first obtaining your consent.
Alternatively, you can contact us at the postal address, email address or telephone number below.
The Data Officer, Ark Workplace Risk Ltd, 2nd Floor, 15 Basinghall Street, London EC2V 5BR
+ 44 (0)20 7397 1450
Should you wish to lodge or discuss a complain, please contact us at the details provided above. All complaints will be treated in a confidential and professional manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the United Kingdom, this is the Information Commissioner’s Office (ICO), who is the lead supervisory authority. Its contact details can be found at https://ico.org.uk/global/contact-us/