Privacy Policy

This is an important policy regarding your privacy and the way in which Retail Insight Ltd (referred to as “we”, “our” or “us” in this notice) collects and makes use of your personal data (referred to throughout this Privacy Notice as personal information). We want to be open and transparent with you, and therefore encourage you to contact us if you have any questions about this policy or the ways in which we use your personal information.

 

1.    Identity and contact details of the Data Controller

For the purpose of applicable privacy legislation, the data controller is Retail Insight Ltd of 1 Parkshot, Richmond, Surrey, England TW9 2RD. Our company registration number is 05016533.

Questions regarding this policy should be directed to our Data Protection Compliance Manager who can be contacted at compliance@ri-team.com. The Data Protection Compliance Manager is responsible for ensuring compliance with relevant data protection legislation and with this policy.


2.    Purpose of this Privacy Notice:

This Privacy Notice sets out the basis for which any personal information we collect from you, or that you provide to us, will be processed by us. It applies to individuals outside of our organisation, for example, employees of our clients and suppliers, and the general public. 

We take our privacy responsibilities seriously and are committed to protecting and respecting your privacy. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.


3.    Why do we collect and store your personal information?

Retail Insight Limited needs to collect, process and store personal information about you in order to operate as an organisation and deliver efficient and effective services.

Legal basis for processing

We will only use your personal information when the law allows us to. When we use your personal information, we must have a legal ground for doing so.

We often have more than one main legal bases for processing personal information. The following are (amongst others) the legal grounds by which we can use your personal information:

  • Where you have provided us with your consent for us to do so. You can withdraw your consent at any time.
  • Where we need to perform a contract we have entered into with you or to take steps to enter into a contract with you.
  • Where we need to comply with a legal obligation to which we are subject.
  • Where it is in pursuit of our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Some personal information is treated as more sensitive (for example information about criminal convictions, health, ethnic background).  The legal basis for processing these special categories of personal information is more limited. To lawfully process special categories of personal information, we must identify a lawful basis for the processing and meet a separate condition for the processing. The basis we can use these are: 

  • With your consent.
  • Where you have already made your personal information public.
  • Employment, social security and social protection.
  • Substantial public interest grounds.

To process personal information about criminal convictions or offences, we must have both a lawful basis for the processing and either legal authority or official authority for the processing.

 

4.    What information do we hold about you?

We may collect, store and use personal information about you

Generally

  • Any personal information you provide to us during your interactions with us. Including your name, job title, email address, and contact address.
  • Information gathered by cookies used on our website. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse and also allows us to improve the way our website works. For detailed information on the cookies we use and the purposes for which we use them please refer to our Cookie Policy.
  • Information provided to us by third party service providers we work with, for example, payment service or analytics providers.
  • We may record your telephone calls to our switchboard, as well as online meetings (for example meetings over Microsoft Teams). Any recordings will be held in accordance with our retention policy before being erased.
  • We may capture your image on our CCTV systems if you visit a property or office. Any CCTV recordings will be held in accordance with our retention policy before being erased.

Job applicants

  • Personal contact details such as the name, title, address, telephone number and e-mail address.
  • Recruitment information (including, for example, your driving licence, passport or right to work documentation, references and other personal information included in an application form, CV or cover letter or otherwise as part of your application for employment with us).
  • Personal information provided to us by our recruitment partners in relation to your application for employment with us.
  • Other personal information gathered during your application process.

Employees of our clients and suppliers

  • Contact details such as your name, title, telephone number and e-mail address.
  • Information you provide or we collect during our interactions with you or your employer, such as how long we have done business with you or how long you have worked at your company.

The above bullet points are not exhaustive, as we hold records of most contacts we have with you, or about you, and we process this information so we can deliver services to you. Generally the information we hold will have been provided by you (on application or enquiry forms or when we communicate with you), but we may also hold information provided by third parties, such as recruitment agencies or other suppliers.

We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases you can refuse to provide your details if you deem a request to be inappropriate.

 

5. How we manage your personal information

We process your personal information in accordance with the principles of UK GDPR.

We will treat your personal information fairly and lawfully and we will ensure that information is:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Kept up-to-date, accurate, relevant and not excessive.
  • Kept only as long as necessary for the purposes we have told you about.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Kept securely.

Access to personal information is restricted to authorised individuals on a strictly need to know basis.

We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to ensure your details are accurate.

We will only hold your records during the period of our relationship with you and for a set period afterwards to allow us to meet our legal obligations including resolving any follow up issues between us.

 

6. What happens if there is a change of purpose?

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

 

7. Which type of third parties might we share your personal information with?

We require third parties to respect the security of your personal information and to treat it in accordance with the law. For example, where we instruct third party service providers, we carry out due diligence on those providers to ensure they treat your personal information as seriously as we do.

Where necessary or required, we may share your personal information with the following types of third parties:

  • Technical support providers, for example, assisting us with our website.
  • Recruitment partners assisting us with employment related matters, for example, recruitment agencies and job boards.
  • Professional advisers such as lawyers, accountants and business analysts.
  • Our corporate partners where you apply to work in-house with them via us.
  • Providers which help us collate and organise information effectively and securely.
  • Providers which help us with logistics and delivery solutions.
  • Providers which help us with our data and document archiving services.
  • Third-party software hosting companies which provide us with software solutions.
  • Providers which host our servers in their data centres.
  • Providers assisting us with payment and fraud prevention solutions.
  • Providers which provide us with marketing assistance.

 

8. Data retention

How long will you use my personal information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for.

We assess the appropriate retention period for different information based on the size, volume, nature and sensitivity of that information, the potential risk of harm to you from unauthorised use or disclosure of that information, the purposes for which we are using that information, applicable legal requirements for holding that information, and whether we can achieve those purpose(s) through other means.

Applicants

  • Where your application for employment with us is successful, we will provide further information during the course of your employment as to how we use your personal information.
  • Where your application for employment with us is unsuccessful, we will keep your personal information for 12 months only.

Employees of our clients and suppliers

  • Where we have collected your personal information during the course of your and our organisations doing business, we will keep your information for as long as this business relationship carries on, or for as long as we have a commercial interest in holding your personal information, for example, with a view to doing business in the future.
  • Where you use our website and one of our cookies are activated, that cookie will operate for the duration set out in our Cookie Policy.

 

9. Where we store your personal information

Electronic versions of your personal information are stored on our servers which are currently located in London and on our back up servers for disaster recovery purposes which are also located in London.

Where we use third party service providers to assist us, your personal information may also be stored in accordance with their practices and procedures. We require third parties to respect your personal information and to treat it in accordance with the law.

 

10. Your rights under the UK GDPR

You have a number of rights under the UK GDPR:

Access to personal information

Under the UK GDPR, you have a right to ask us what personal information we hold about you, and to request a copy of your information.  This is known as a ‘data subject access request’. We will provide the information you have asked for without undue delay and within one month (unless extended). We may rely on an exemption to restrict disclosure of some information.

Rectification

If you need us to correct any mistakes contained in the information we hold about you, you can let us know by contacting us on the details provided at the commencement of this notice.  

Erasure (‘right to be forgotten’)

You have the right to ask us to delete personal information we hold about you.  You can do this where:

  • the information is no longer necessary in relation to the purpose for which we originally collected/processed it.
  • where you withdraw consent.
  • where you object to the processing and there is no overriding legitimate interest for us continuing the processing.
  • where we unlawfully processed the information.
  • the personal information has to be erased in order to comply with a legal obligation.

We can refuse to erase your personal information where the personal information is processed for the following reasons:

  • to exercise the right of freedom of expression and information.
  • to enable functions designed to protect the public to be achieved e.g. government or regulatory functions.
  • to comply with a legal obligation or for the performance of a public interest task or exercise of official authority.
  • for public health purposes in the public interest.
  • archiving purposes in the public interest, scientific research historical research or statistical purposes.
  • the exercise or defence of legal claims; or
  • where we have an overriding legitimate interest for continuing with the processing.

Restriction on processing

You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it. You can do this where:

  • You challenge the accuracy of the information (we must restrict processing until we have verified its accuracy).
  • You challenge whether we have a legitimate interest in using the information.
  • If the processing is a breach of the UK GDPR or otherwise unlawful.
  • If we no longer need the personal data but you need the information to establish, exercise or defend a legal claim.

If we have disclosed your personal information to third parties, we must inform them about the restriction on processing, unless it is impossible or involves disproportionate effort to do so.

We must inform you when we decide to remove the restriction giving the reasons why.

Objection to processing

You have the right to object to processing where we say it is in our legitimate business interests. We must stop using the information unless we can show there is a compelling legitimate reason for the processing, which override your interests and rights or the processing is necessary for us or someone else to bring or defend legal claims.

Withdrawal of consent

You have the right to withdraw your consent to us processing your information at any time. If the basis on which we are using your personal information is your consent, then we must stop using the information. We can refuse if we can rely on another reason to process the information such as our legitimate interests. 

Right to data portability

The right to data portability allows you to obtain and reuse your personal data across different services. It allows us to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way. The right only applies to personal data you have provided to us where the reason we are relying on to use the information is either your consent or for the performance of a contract. It also only applies when processing is carried out by us using automated means.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Compliance Manager in writing using the contact details set out at the beginning of this privacy policy.

 

11. No fee usually required.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

 

12. What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to another person who has no right to receive it.

 

13. Marketing

Where we are providing you with marketing information, you can also change your marketing preferences by using the unsubscribe button at the bottom of our marketing e-mails to you.

 

14. What happens if you fail to provide personal information?

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as providing you with our products or services), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of visitors to our offices).

 

15. Further information:

For further information on how to request your personal information and how and why we process your information, you can contact us using the details provided at the commencement of this notice.

The Information Commissioner (ICO) is also a source of further information about your data protection rights. The ICO is an independent official body, and one of their primary functions is to administer the provisions of the UK GDPR.

You have the right to complain to the ICO if you think we have breached the UK GDPR. You can contact the ICO at:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

0303 123 1113  /  http://www.ico.org.uk/


16. Changes to this privacy policy

We will keep this Privacy Notice under review, and we may change, modify, add or remove portions of this privacy policy at any time, and any changes will become effective immediately.

Any changes we make to our privacy policy will be posted on this page and, where appropriate, notified to you.

Version: 3.0
Effective Date: 10th April 2024