Privacy notice for Ripjar

Ripjar Ltd, trading as Ripjar (we or us) is a private limited company with registration number 08217339 and registered office at Suite 404, Eagle Tower Montpellier Drive, Cheltenham, Gloucestershire, GL50 1TA.

1. What is the purpose of this document? 
   1. We are committed to protecting and respecting your privacy. This privacy notice sets out the basis on which any personal data we collect about users of our site www.ripjar.com (our site) or that we collect about individuals in the usual course of our business (you), will be processed by us.
   2. We are a data controller. This means that we are responsible for deciding how we hold and use personal information about you, and for explaining this clearly to you. 
   3. Please read this privacy notice carefully to understand what we do with your personal information and what rights you have in relation to our activities.
   4. This privacy notice applies to our Clients, contractors, visitors to our site and individuals who are the subject of third party data processed by us in order to provide our services to Clients.
2. What is personal data and our lawful basis for processing 
   1. Personal data, or personal information, means any information relating to an individual from which that person can be identified. There are special categories of more sensitive personal information which require a higher level of protection (see further at section 4, below).
   2. We will only use your personal information when the law allows us to. Our principal lawful basis for processing is set out in the table below. However, some of our grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
   3. We may only rely on our legitimate interests (or those of a third party, such as our Clients) to process your personal information, if your interests and fundamental rights do not override those interests. Where we rely on legitimate interests for our processing, we have set out the relevant interest, below.
   4. We will only use your personal information for the purpose or purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose(s). 
   5. Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
3. Information we collect from you and about you and how our use complies with the law 
   

   Information we collect as part of our Client services ►
   Information we collect from Third Party Content Providers	How we use the information			How our use complies with the law
   We collect information from a variety of online sources including publicly available social networking sites, blogs, public and private news media and other data sources, worldwide (Third Party Content).  In general, this Third Party Content can be found using a standard internet search engine or by visiting the applicable websites directly. We obtain such information through agreements with certain data providers, and through automated online scraping.  We require our Clients to comply with all applicable legal requirements in using the Third Party Content, including all applicable privacy laws.	We collect and store certain information to enable our Clients to use our software to protect against the risk of money laundering, fraud, cybercrime and terrorism.   Our software analyses Third Party Content and extracts information linking identifiable individuals with financial risk matters. Our services provide analytics that allow our Clients to aggregate and analyse the Third Party Content. Our services may also be used by our Clients to collect certain personal information about individuals and their online activities and/or in relation to a Client’s products and services.  Our services assist our Clients in the purpose of risk reduction and to carry out due diligence checks.  We may analyse information collected by, and stored on, our software for the purpose of Natural Language Processing (NLP) and machine learning research and development.			The processing is necessary for our legitimate interest of providing a service to Clients to enable them to comply with their legal obligations, to protect against the risk of money laundering, fraud, cybercrime and terrorism. The processing is necessary for our Client’s legitimate interest to protect, manage and improve their business.   The processing is necessary for our Client’s legitimate interest to protect, manage and improve their business.   This processing is necessary for the purpose of scientific research.
   Information we collect from our Clients and their representatives	How we use the information			How our use complies with the law
   If you are an employee or representative of a Client we may collect your name, role and position within our Client’s business, contact details including mailing address, email address and phone number. We also obtain financial/billing information (billing name, address and credit card numbers) from our Customers which may contain personal data.	To provide our services to Clients including the provision of support and account management services and to alert you to system outages.  To provide marketing information including such information about our affiliates and our products and services. (We only send direct marketing by email to corporate addresses if the individual has not opted out of receiving marketing from us.) To process the payment of invoices due from our Clients and to evaluate our Client’s creditworthiness.			Because it is necessary to perform the contract we have agreed with our Clients. With your consent (where applicable) otherwise for the legitimate interest of promoting our business, provided that you have not asked us to stop sending you marketing. Because it is necessary to perform the contract we have agreed with our Clients.
   Information we collect about users of our website (including Client’s authorised representatives and visitors) ►
   Information we collect		How we use the information	How our use complies with the law
   Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform via cookies, Javascripts and web beacons used on our website.		We use technical information about our website visitors in order to tailor your experience at our site, to deliver content that we think you might be interested in, to display the content according to your preferences and to improve our website.	This is necessary for our legitimate interests to ensure the smooth running of our website.  You can disable cookies on your browser.
   Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); information you searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.		We use information about your visit to our website in order to tailor your experience at our site, to deliver content that we think you might be interested in, to display the content according to your preferences and to improve our website.	This is necessary for our legitimate interests to ensure the smooth running of our website.  You can disable cookies on your browser.
   Information which you provide to us if you have any queries about how to use our website.  For example, the contents of any messages you send to us. Contact information which you provide to us if you express any interest in obtaining additional information about our services (such as name, company, city, post code, phone number and email address).		To provide technical support and assistance when you are using our website. To communicate with potential customers expressing an interest in our services.	For our legitimate interest in managing and improving our business.
   Information we collect where we act as a Joint Controller:
   Information we collect		How we use the information	How our use complies with the law
   Names, online identifiers, location data, any data that has been made available in the public domain which might be about an individual, including media reports and commentary relating to the relevant individual(s). Uploaded Client information, including names of interest to the client.		To provide services to our Client(s) in analysing publicly available data to prevent Financial Crime.	The processing is necessary for our Client’s legitimate interest to identify and prevent financial crime.

4. Sharing your information
   1. We do not sell, trade or otherwise transfer to outside parties personally identifiable information about our website visitors or our customers or their authorised users.
   2. We share personal information with our Clients for the purposes set out above. Our Clients are data controllers in their own right of any personal information we share with them, and they are responsible to you for their use of your information. 
   3. We may share as necessary your information with third party data controllers, as follows:
      1. HMRC or other government or law enforcement agencies;
      2. our insurance provider and our professional indemnity insurance broker;
      3. professional advisers (such as our accountants, auditors or legal advisers);
      4. if we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets; and
      5. we may share your personal information if we have a legal obligation to do so, including (but not limited to) for the purposes of fraud protection and credit risk reduction.
   4. Where we share information with other data controllers, they are responsible to you for their use of your information and compliance with the law.
   5. If you object to our sharing or continuing to use your personal data with any specific third party please contact us at [email protected]
   6. We share your personal information with third party service providers who process it on our behalf (our data processors).
      1. The following activities are carried out by third-party service providers on our behalf: IT support and maintenance, machine learning training data mark-up, and confidential waste disposal.
      2. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit third-party service providers to process your personal information for specified purposes and in accordance with our instructions.
5. Automated decision-making  
   1. Automated decision-making takes place when a decision, which produces legal or similarly significant effects for an individual, is made based solely on automated processing, i.e. where an electronic system uses personal information to make a decision without human intervention.
   2. Our software uses automated processing to determine: 
      1. whether or not a particular piece of information is relevant to the risk profile of an individual or organisation;
      2. whether to collect and store that information in our data collection hub; and
      3. what search results to return in response to a request by a Client. 
   3. At the point that our software identifies and collects a piece of information, or includes a piece of information within a search result, there is no serious effect on the individual.
   4. Once we have shared the information with our Clients, they carry out their own analysis of the results and make a decision based on that analysis. They are responsible to you for any legal or other significant effect of that decision.
6. Data security  
   1. We have put in place:
      1. appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed; and
      2. procedures to deal with any suspected data security breach, and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
   2. Any personal information we process is held on secure servers, based within the UK.  
   3. We may transfer personal information to any Client based outside the UK or the EEA.  
   4. If we are required to transfer information outside the UK or the EEA, we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
   5. We use providers to evaluate the performance of our site and improve the service we offer you. We may transfer information about you outside the UK or EEA for this purpose. We will only do so where permitted by law.  For more information about the providers we use please visit our cookie policy.
   6. If you have any concerns about our security measures please contact [email protected].
7. How long will we keep your personal information for?
   1. We will only retain your personal information for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
   2. Where there is no retention period set for personal information, we will determine retention periods based on the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means and the applicable legal requirements
8. Your rights
   1. Under certain circumstances, by law you have the right to:
      1. Request access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
      2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
      3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
      4. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
      5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
      6. Request the transfer of your personal information to another party.
      7. Withdraw consent in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are required to in accordance with another lawful basis which has been notified to you. 
      8. Complain to the Information Commissioner’s office if you are unhappy with our use of your personal data: you can do this at https://ico.org.uk/concerns/. Do contact us straight away if you consider that we are not handling your personal information properly so we can try and sort the problem out.
   2. To exercise any of the above rights, please contact [email protected].
   3. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
   4. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
   5. If we delete your personal information or restrict our use of it, we may not be able to provide our services to you.
9. Cookie policy
   1. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For more Information about our use of cookies please visit our cookie policy.

Amended 27 October 2022