This Privacy Notice is issued by Clarus Risk Ltd (“Clarus”).
1. Who we are
Clarus delivers risk and regulatory risk reporting via its proprietary online platform, RiskMonitor (“Services”). Clarus is a wholly owned subsidiary of Apex Group Limited (Clarus and other subsidiaries of Apex Group Limited together “Apex Group”).
2. What is this Privacy Notice?
During the normal course of business via this website and to deliver Services, Clarus may collect personal data from data subjects that allows them to be identified, either directly or indirectly.
Clarus is wholeheartedly committed to safeguarding the personal data, the privacy of data subjects and in satisfying certain obligations Clarus has under the relevant Data Protection legislation. This notice is intended to provide notice to data subjects of how Clarus use, collect and safeguard personal data and other information in connection with the services.
3. What we personal data do we collect?
We may collect the following information:
- name and job title;
- contact information including business email address and telephone numbers (including mobile); and
- demographic information such as address including country.
4. How do we collect your personal information/personal data?
This information is collected via our website and through standard communications (email/ telephone) with potential and existing clients.
5. Why do we collect your information?
Clarus principally collects personal data in fulfilment of and in order to provide services.
Additionally we may process your personal information where it is necessary for us to pursue our legitimate interests as business, including –
- for the detection and prevention of fraud and other criminal activities;
- to verify the accuracy of data that we hold about you and create a better understanding of you as a client;
- network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights;
- assess and improve our service to customers through recordings of any calls; and
- management of queries, complaints, or claims
Additionally, we may process personal data on the provision of consent in order to send you marketing emails, you can opt out of these marketing emails at any time by unsubscribing via the link included. Alternatively, you can make a direct request to unsubscribe by emailing us via info@clarusrisk.com.
6. How we use your personal information?
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping and population of our database to provide our services. Using the information to improve our products and services.
- Periodically sending emails to update current and prospective clients to any changes to our products and services.
- Periodically sending promotional emails for industry related events and newsletters we believe is relevant to you, using the email address which you have provided.
- We may use the information to customise the website or modify our services according to your interests and/or requirements as clients of Clarus Risk.
7. Data Retention
Records are kept for as long as they are needed to meet the operational needs of Clarus Risk together with legal and regulatory requirements. We use a disposal schedule in the management of records and information.
Under the current provisions of Clarus Risk’s Retention and disposal of records policy, all records and documentation relating to client activity is held for seven years from the date of termination of the relationship.
8. Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and through our servers.
9. Links to other websites
Our website contains links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over those websites. Therefore, we cannot be held responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the specific websites in question.
10. Controlling your personal information
You have the following rights in relation to how we use your information. If you’d like to exercise these rights please contact us using the contact details listed at section 10 “Who can you speak to at Apex about this Privacy Notice?”
Right to lodge a complaint - You have a right to complain to your local data protection supervisory authority at any time if you object to the way in which we use your personal information.
Right of access – you have the right to know if we are using your information and, if so, the right to access it and information about how we are using it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested. Where you have made the request by electronic means the information will be provided to you by electronic means where possible.
Right of rectification – We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case you have the right to require us to rectify any errors in the information we hold about you.
Right to erasure – you have the right to require us to delete your information if our continued use is not justified. However, this will need to be balanced against other factors, depending upon the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.
Right to restrict processing - in some circumstances, although you may not be entitled to require us to erase your information, but may be entitled to limit the purposes for which we can use your information.
Right of data portability – you have the right to require us to provide you with a copy of the personal information that you have supplied to us in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours). Once transferred, the other party will be responsible for looking after your personal information.
Right to object to direct marketing - You can ask us to stop sending you marketing messages at any time. Please see section 11 below.
Right not to be subject to automated-decision making - Apex do not make decisions about you using automated decision making or profiling of your personal data.
Right to withdraw consent - For certain limited uses of your personal information, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.
In some circumstances exercising some of these rights will mean we are unable to continue providing you with your investment or maintaining a business relationship with you.
You can make any of the requests set out above using the contact details in this Privacy Notice. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make and if we can't comply with your request, we will tell you why.
11. Email marketing and unsubscription
You can stop the delivery of marketing emails from Clarus at any time by unsubscribing or opting out via the link included in every email. Alternatively you can make a direct request to unsubscribe by emailing info@clarusrisk.com.
12. Third Parties and sharing your personal information
We will not sell, distribute or release your personal information to third parties unless we have your permission or are required by law to do so.
- We will only disclose your personal information in accordance with applicable laws and regulations. We will disclose your information to the following third parties:
- any person with legal or regulatory power over us (such as the Department of Justice and Equality, An Garda Síochána, Office of the Revenue Commissioners) that may require disclosure on legal grounds;
- service providers engaged by us to help us run our business and perform the Such service providers may include, for example, cloud or archive storage providers (engaged by us to provide electronic or physical storage facilities for our business data and your information), or providers of software or other IT resources;
- any member of the Apex Group which means our subsidiaries, our ultimate holding company and its subsidiaries (from time to time) as necessary to perform any Services to you
Some of these third parties (including Apex Group subsidiaries and service providers) may be outside of the European Economic Area (EEA). We will ensure that any such subsidiary or service provider has put in place adequate safeguards to ensure that your information is held securely and in accordance with this Privacy Notice. Such steps will include placing the party we are transferring personal information to under contractual obligations to protect it to adequate standards. Transfers within the Apex Group will be covered by an agreement entered into by members of the Apex Group (an intra-group agreement) which contractually obliges each member to ensure that your Personal Data receives an adequate and consistent level of protection wherever it is transferred within the Apex Group.
13. Changes to this privacy notice
We will update this privacy notice when necessary to reflect changes in the law, our used practices and in our services, as well as to ensure it is accurate and up to date. When we make an update we will amend the date at the top of this notice, you are therefore advised to check this privacy notice periodically. We may also notify you in other ways from time to time about the processing of your personal information.
14. Who can you speak to at Clarus about this privacy notice and/or protecting my personal information/personal data?
If you have any concerns or questions about this privacy notice or would like to exercise your rights as a data subject, you can contact us:
Email: info@clarusrisk.com
Post: The Directors, Clarus Risk Ltd., Anson Court, La Route des Camps, St Martin, Guernsey, GY1 6BR
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Guernsey Office of the Data Protection Authority by following the instructions at https://www.odpa.gg/for-individuals/make-a-complaint/.
