Rockstone Compliance & Risk Solutions Privacy Notice

 

This is the privacy notice of Rockstone Compliance and Risk Solutions Limited. Registered Company Number – 09905181.

Introduction

We will process such information in accordance with applicable data protection law including the EU General Data Protection Regulation ("GDPR") (in force from 25 May 2018) and any national laws implementing GDPR. Rockstone Compliance has a Data Protection officer. To contact the Data Protection Officer or if you have any questions regarding this Privacy Policy please send an email to info@rockstonecompliance.co.uk

This Privacy Policy (“Policy”) is intended to inform you how your personal data is collected, used and disclosed through your contact with Rockstone Compliance. This Policy is intended to assist you in making informed decisions about your information when using our website and our Service (“Service”). Please take a minute to read and understand the Policy.

The information we collect

Personal Information

We only collect personal data relevant to our business in providing Compliance Consultancy advice to your firm. Such personal data is given directly by you and by people or companies authorised by you to act on your behalf, and it may also include information obtained from those third parties authorised by you to share such information with us, including:

  • Your title, full name, your contact details – including your email address, home and mobile telephone numbers;
  • Your business address;
  • Your occupation, job title and employment details;

Technical Information

Internet protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform and other technology on the devices used to access www.rockstonecompliance.co.uk, www.mortgagecompliance.co.uk and www.creditbrokingcompliance.co.uk

Profile and Usage Information

Feedback and survey responses, and how you use our website, products and services

Marketing and Communications Information including your preferences in receiving future news and services from Rockstone.

Why we need your data?

Under the GDPR, the main grounds that we rely upon in order to process your personal information are as follows:

  1. Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing the Service, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
  2. Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your information. We may also be obliged by law to disclose your information to a regulatory body or law enforcement agency;
  3. Necessary for the purposes of legitimate interests - either we, or a third party, will need to process your information for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your information protected. Our legitimate interests include ensuring that our operations are conducted in an appropriate and efficient manner, responding to requests and enquiries from you or a third party, optimising our website and customer experience and informing you about our products and services;
  4. Consent – in some circumstances, we may ask for your consent to process your information in a particular way. To the extent that we are processing your information based on your consent, you will have the right to withdraw your consent at any time. You can do this by contacting us at info@rockstonecompliance.co.uk

Where we store your personal data

We currently store personal data in the UK, but you acknowledge and agree that it may also be transferred to and be stored at one or more destinations in the European Economic Area ("EEA"). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Once we have received your personal data, we will use (and require our suppliers and partners to use) procedures and security features to try to prevent unauthorised access, unlawful processing, accidental loss or destruction of, or damage to it. However, the transmission of information via the Internet is not completely secure and, while we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Service and any transmission is at your own risk.

How long we keep your data

Unless a longer retention period is required or permitted by law, we will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this Privacy Policy or until you request it is deleted.

Disclosure of your information

We will keep your personal data confidential and only disclose it to others for the purposes of facilitating our contract with you, as well as in the following specific circumstances:

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements to which you are a party; or to protect our rights, property, or safety.
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
  • If substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;

Your rights

You have the right to request a copy of the personal information that we hold about you, its origin and any recipients of it as well as the purpose of any data processing carried out.

  • Right to access: the right to request copies of your personal information from us;
  • Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;
  • Right to erase: the right to request that we delete or remove your personal information from our systems;
  • Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it;
  • Right to object: the right to object to our use of your personal information
  • Right to data portability: the right to request that we move, copy or transfer your personal information;

If you have any questions or would like to exercise your right under this Privacy Policy, please contact Elizabeth Harris via the following methods;

Email – elizabeth.harris@rockstonecompliance.co.uk
Phone – 0333 444 3103

We will aim to respond to all requests within a 30-day period but if the request is complex we may have to extend this to a 90-day period.

Complaints

If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated.

Email – elizabeth.harris@rockstonecompliance.co.uk
Phone – 0333 444 3103

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office https://ico.org.uk/

We reserve the right to amend or modify this Privacy Policy at any time and any changes will be published on the Sites. The date of the most recent revision will appear on this page. If we make significant changes to this policy, we may also notify you by other means such as sending an email. Where required by law we will obtain your consent to make these changes.

We keep our privacy notice under regular review. This privacy notice was last updated on 28th August 2019.