Design forum Privacy Policy

6. PRIVACY NOTICE FOR DESIGN FORUM PARTICIPANTS (TO INCLUDE ANY INDIVIDUALS WHO APPLY BUT CANNOT JOIN THE BETA TRIAL AND AGREE TO PARTICIPATE IN THE DESIGN FORUM)
Riversimple, in accordance with the General Data Protection Regulation (GDPR), are committed to ensuring the lawful, fair and transparent processing of all personal data under its control.In order to engage you as a member of the design forum, it is necessary for us to obtain and process personal data in accordance with the provisions in this privacy notice.
6.1 Who controls and processes your information?
Data Controller: ​Riversimple Movement Ltd and applicable group companies (Riversimple).
Data Processor:​ Riversimple
6.2 The Information we collect:

We collect and process a range of information about you, including:

● Full name;
● Residential address;
● Email address;
● Telephone numbers;
● Occupation; and
● Your views and opinions on our products and services

6.3 How we collect your information:

We collect information through a number of means, including:

● Email;
● Phone;
● Contact form on our website;
● Post; and
● In person;

6.4 Why we process your information (the Purpose):
(A)​ ​To ​communicate with you​ about:
● Events and activities; and
● General Riversimple updates and information.
(B)​ ​to ​communicate with you​ about:
● Requesting and receiving feedback on the design of our products and services.
6.5 The Lawful Basis for which we process your information:

For 6.4 (A) the lawful basis is: Clear consent from you to process ​your information​ ​ (Article 6(1)(a) of the General Data Protection Regulation).

You have chosen to opt in to receiving communications from Riversimple. See, also, your rights under 6.10.

For 6.4 (B) the lawful basis is: Processing is necessary for the​ legitimate interests ​pursued by the Data Controller (Article 6(1)(f) of the General Data Protection Regulation).

The data you provide in response to our requests will enable Riversimple to develop its products and services.

6.6 Who has access to your information:
Your information will be shared internally where appropriate, and in line with 4.8.
We use a number of trusted third parties to provide us with necessary services to run our business, and who may process your information on our behalf:
● Google – Email and data storage provider;
● Mailchimp – Mailing list processing service provider; and
● We are the Missing Link – Web developer & hosting provider.
6.7 How your information is used:
Your information is only used for the Purpose(s) defined in 6.4, in accordance with the lawful basis detailed in 6.5.
6.8 How we secure your information:

We take appropriate technical and operational measures to ensure that your information is managed carefully and appropriately and to protect against unlawful or unauthorised use and accidental loss or destruction, including:

● Only providing access to those who need access to carry out the Purpose;
● Passwords are protected and, wherever possible, two-factor authentication is employed for extra protection;
● Our file storage provider uses encrypted sessions to protect files as they are uploaded and downloaded; and
● Hard-copy information is stored securely in locked cabinets with access limited to only those who need to have access to carry out the Purpose.

6.9 Data Transfers:

(A)​ Transfers within the European Economic Area:

None.
(B) ​Transfering of your information outside the European Economic Area:

Information you submit to us is stored on our third party cloud-based data storage and email provider’s servers. Country: United States of America Safeguard(s) used: our email and cloud-base provider is self certified under the EU-US privacy shield scheme.

6.10 How long we will hold onto your information:

For 6.4 (A) we will retain your data for only as long as you are a member of the Design Forum. Should you withdraw your consent we will erase your data.

For 6.4 (B) we will retain this data for as long as you are a member of the Design Forum. In the event you withdraw your consent we may retain your feedback in anonymised form.

6.11 Your rights in relation to your information:

(A) ​You have the right to ​object to the processing ​of your information, or to request that we restrict​ how your information is processed. We are obliged to comply with such requests unless there is a legitimate basis for not doing so. Please contact ​gdpr@riversimple.com​ to register any objections to or request any restrictions of processing.

(B)​ ​Access requests​ – you may request that we supply all the information we hold about you, at any time. We will endeavourto respond with such information within 30 days. There is no charge for this, except where such requests are clearly unreasonable, in which case a fee of £10 may be charged. We may require proof of ID to ensure such information is not disclosed to persons other than those to which the information pertains. Please contact ​gdpr@riversimple.com​ if you wish to make an access request.

(C)​ If you feel your information has not been processed in a lawful, fair or transparent manner you have the right to lodge a complaint with the Information Commissioner’s Office. Their website can be accessed at ​www.ico.org.uk​ and concerns may be reported at https://ico.org.uk/concerns​

6.12 What happens if your information is compromised?
In the event we discover a breach in the way we handled your personal information, we will notify the Information Commissioner’s Office within 72 hours of discovery. Where we consider there to be any risk to you as a consequence of the breach we will notify you immediately with details of any resulting risks and measures we have taken or intend to take, and any recommended actions that may help you.
6.13 Sensitive Personal Information:
We may request information regarding health conditions or disabilities for the purposes of ensuring the suitability of our vehicles. We will only process such information with your consent for this specific purpose and you are under no obligation to supply such information.
Menu