Data Processing
Last updated: June 2026
Our Commitment to Data Protection
Riskaware is committed to processing personal data responsibly, securely and in accordance with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We recognise the importance of protecting the information entrusted to us by our clients, partners and website users, and we maintain appropriate technical and organisational measures to safeguard personal data throughout its lifecycle.
Data Processing Activities
Where Riskaware processes personal data on behalf of a client, we act as a data processor and process personal data only in accordance with the client's documented instructions and the applicable contractual agreement.
Where Riskaware determines the purposes and means of processing personal data, we act as a data controller and process personal data in accordance with our Privacy Policy.
Security Measures
Riskaware implements a range of security measures designed to protect personal data against unauthorised access, disclosure, alteration or destruction. These measures include:
-
Secure IT infrastructure and network protection.
-
Access controls based on business need.
-
Encryption where appropriate.
-
Regular security monitoring and updates.
-
Staff awareness and data protection training.
-
Secure data storage and backup procedures.
Our security practices are regularly reviewed to ensure they remain appropriate to the nature of the information we process.
Sub-processors
Where necessary, Riskaware may engage trusted third-party service providers to support the delivery of our services. These providers are carefully selected and are contractually required to:
-
Process personal data only on our documented instructions.
-
Maintain appropriate security measures.
-
Comply with applicable data protection legislation.
-
Protect the confidentiality of personal information.
International Transfers
Where personal data is transferred outside the United Kingdom, Riskaware ensures that appropriate safeguards are in place, including approved contractual mechanisms where required by law.
Data Retention
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations and meet contractual requirements.
When data is no longer required, it is securely deleted or anonymised in accordance with our internal retention policies.
Data Subject Rights
Riskaware supports the rights of individuals under applicable data protection legislation, including the right to:
-
Access personal data.
-
Correct inaccurate information.
-
Request erasure where applicable.
-
Restrict or object to processing.
-
Request data portability where applicable.
Requests relating to personal data will be handled promptly and in accordance with applicable legal requirements.
Data Processing Agreement
Where required, Riskaware is able to enter into a Data Processing Agreement (DPA) with clients who engage us to process personal data on their behalf.
Our standard DPA sets out the respective responsibilities of both parties and ensures compliance with applicable data protection legislation.
If you require a copy of our Data Processing Agreement or have questions regarding our data processing practices, please contact us.
Contact
For questions relating to data protection or data processing, please contact:
Riskaware Ltd
Email: info@riskaware.co.uk
Website: www.riskaware.co.uk
