In this policy, “we”, “us” and “our” refer to RIB Holdings Ltd (Trading as D2X).
We are the data controller for the purposes of this policy, the Data Protection Act 1998 and the EU General Data Protection Regulation (the 'GDPR').
1.1. We are committed to protecting the personal data that we hold and use and to respecting your privacy.
1.2. This policy and other documents that we may refer to within this policy describes the data that we collect from you or about you, and the way we may use it from time to time.
1.3. This policy applies where we are acting as a data controller; in other words, where we are determining where and how we use the personal data you provide to us.
In section 2 we describe:
Data we collect may be from one of the following sources:
We may use your data for a variety of purposes related to the products and services we provide. The legal basis for such processing is set our below:
Why we use your data | Lawful Basis | ||
To perform our contract with you | To comply with legal obligations | To pursue legitimate interests | |
To provide you services | X | ||
To verify your identity | X | X | X |
To deal with enquiries or complaints you have | X | X | |
To detect and prevent fraud and other crimes | X | ||
To make improvements to services we provide | X | ||
To let you know about important changes to our policies | X | ||
Management purposes such as accounting, or auditing | X | X | |
To review and improve your experience on our website | X | ||
To ensure the information we hold about you is up to date | X | X | |
For advertising and marketing purposes | X |
We will never sell, rent or swap your personal data or give it to anybody else for them to use for their own purposes without making that clear to you. There are however various ways in which we will share your data:
3.1. We may disclose your personal data to any member of our group of companies (including subsidiaries or our holding company) insofar as it is reasonably necessary and on the legal basis set out in section 2.3 of this policy.
3.2. We may disclose your personal data to suppliers and contractors insofar as it is reasonably necessary and on the legal basis set out in section 2.3 of this policy.
3.3. We may disclose your personal data to payment service providers in order to process payment for services or otherwise insofar as it is reasonably necessary and on the legal basis set out in section 2.3 of this policy.
3.4. We may disclose your personal data where necessary for compliance with our own legal or regulatory obligations.
3.5. International transfer of your data: Some business process may require that your data be transmitted or stored in countries outside of Europe, for example where our service to you requires delivery to somewhere outside of the EEA and we engage international third party suppliers to fulfil that service to you. Whenever we send (or permit a third party) to send your data outside of the EEA we will take the necessary steps to protect your data as required by law. For example, we may rely on service providers or contractors to adhere to certain compliance programmes overseas.
4.1. We take data security very seriously. We have implemented various strategies, controls and measures to protect and keep secure your data and regularly review those measures. For example, all transfer of data between your browser and our websites are encrypted with SSL technology and payment card data is protected in accordance with the industry approved security controls, the Payment Card Industry (“PCI”) Data Security Standard.
4.2. We will only retain your data for as long as is necessary for the purposes outlined in this policy. The periods for which we retain data vary according to the type of data and the purpose for which we originally collected it. For example, certain transaction data may be retained for many years to comply with our legal obligations, and other data may be kept for a different period because it’s in our legitimate interests to do so in order to provide a good service.
Our internal data retention policy is regularly reviewed. Once a retention period has elapsed any data held is deleted securely.
The law gives you a number of rights to your personal data and our use of it. You have the right:
5.2. To see what personal data we hold about you and find out how we process the data.
5.3. To ask us to update personal data we hold about you.
5.4. To ask us to delete your personal data (in some circumstances) without unnecessary delay. For example you may request erasure include when that is in relation to consent-based processes such as direct marketing, however we reserve the right to retain data where necessary for us to complete our regulatory or other legal compliance obligations.
5.5. To ask us to stop using your data if you don’t believe we have a right to use it.
If at any time you wish to exercise your rights as detailed above (or have any questions about this privacy policy) you can contact us by email at [email protected].
You also have the right to complain about our use of your personal data. You may do so in the EU member state that you live, your place of work or the place of the alleged infringement.
If you have any questions or concerns regarding your personal data you are welcome to contact us:
6.1. By email at [email protected].
7.1. We may update this policy from time to time, all new version will be published on our website.
7.2. We may email you to inform you of changes to this policy.
7.3. You should check our website occasionally to check for any updates or changes to this policy.