Privacy Policy for EU Individuals

This privacy policy describes how we collect and process personal information about you, how we use and protect this information, and your rights in relation to this information.

This privacy policy applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.

We will collect personal information about you from a variety of sources, including information we collect from you directly (e.g. when you contact us), and information we collect about you from other sources (e.g. a data list broker or marketing agency, public registers, social media sites, etc).

Note that we may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.

The categories of information that we collect directly from you are:
(a) personal details (e.g. name, date of birth)
(b) contact details (e.g. phone number, email address, postal address or mobile number)
(c) others (e.g. profession, position, figure gender, face images, country of residence and nationality)

We collect information about you from private companies or institutions, public registers and social media sites.

The categories of information that we collect about you from other sources are
(a) personal details (e.g. name, date of birth)
(b) contact details (e.g. phone number, email address, postal address or mobile number)
(c) tokens (e.g. access tokens, refresh tokens) required to access third party services
(d) others (e.g. profession, position, figure gender, face images, country of residence and nationality)

We use your personal information to:
(a) provide and personalise our services
(b) deal with your enquiries and requests
(c) comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies
(d) contact you with marketing and offers relating to products and services offered by us [and/or other members of the RISO GROUP (unless you have opted out of marketing, or we are otherwise prevented by law from doing so)
(e) personalise the marketing messages we send you to make them more relevant and interesting

We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
(a) to fulfil our contractual obligations to you, for example to provide the services, to ensure that invoices are paid correctly, and to ensure you are able to access our premises when required. Failure to provide this information may prevent or delay the fulfilment of these contractual obligations
(b) to fulfil our contractual obligations to you in connection with your employment contract with us, for example your contact details and bank account details Failure to provide this information may prevent or delay the fulfilment of these contractual obligations
(c) to comply with our legal obligations, for example obtaining proof of your identity to enable us to meet our anti-money laundering obligations
(d) to comply with our legal obligations to you, for example health and safety obligations [that we must comply with as your employer] [while you are on our premises, or] to a third party (e.g. the taxation authorities)
(e) to meet our legitimate interests, for example to understand how you use our services and to enable us to derive knowledge from that enable us to develop new services. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.

You have certain rights regarding your personal information, subject to local law. These include the following rights to:

If you would like to discuss or exercise such rights, please contact us at the details below.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.

We will contact you if we need additional information from you in order to honour your requests.

We may share your personal information with third parties under the following circumstances:

Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See the section on "International Data Transfer" below for more information.

We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law / by the European Commission.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

RISO KAGAKU CORPORATION LONDON OFFICE in Lyon, France is the controller responsible for the personal information we collect and process.

If you have questions or concerns regarding the way in which your personal information has been used, please contact [privacy@riso.eu].

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority of France using their website [https://www.cnil.fr/en/home].

You may request a copy of this privacy policy from us using the contact details set out above. We may modify or update this privacy policy from time to time.

If we change this privacy policy, we will notify you of the changes. Where changes to this privacy policy will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).

[25-05-2018]