This privacy notice details how we handle the information we learn about you when you visit our website, including where you use it as a method of communicating with us. This privacy notice applies to personal information processed by or on behalf of Verisk as a data controller.
Protecting the privacy and personal data of our visitors is of utmost importance to us. It is a key consideration in the way we create, organise and implement our business, both on-line and off-line. Our website follows the principles set out in the EU General Data Protection Regulation (2016/679) and the Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (C(80)58/FINAL).
Changes to this Privacy Notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to regularly check our website for changes to our privacy notice.
Verisk and our Data Protection Officer
As the owners of the www.validus-ivc.co.uk website, we are data controllers of the personal data processed through the site. We have appointed Jennifer Volk as our dedicated data protection officer (“DPO”).
- What kinds of personal information about you do we process?
If you visit our website to read or download information, we collect and store only the following information that is automatically recognised: the date and time of your browsing session, the originating IP address, the domain name, the type of browser and operating system you have used (if provided by the browser), the URL of the referring page (if provided by the browser), the session number, the object requested and the completion status of the request.
If you decide to contact us through links on the website, we will naturally process the personal data that you provide in order to service your enquiry.
- What is the source of your personal information?
- What do we use your personal data for?
If you contact us and provide your personal data to us voluntary, we will process this data in so far as it is necessary to deal with your enquiry. The data will then be stored on an internal database for records purposes until we consider it appropriate to delete it, taking into account the original purpose of processing and the other factors highlighted in section 13 below.
We may also collect anonymous information from visits to our site to help us provide better customer service. For example, as referred to above we keep track of the domains from which people visit and we also measure visitor activity on the site, but we do so in ways that keep the information anonymous. We use the information that we collect to measure the number of visitors to the different areas of our site, and to help us make our site more useful to visitors. This includes analysing these logs periodically to measure the traffic through our servers, the number of pages visited and the level of demand for pages and topics of interest. The logs may be preserved for so long as they may reasonably be useful for the purpose described and used accordingly during that time and in any other way necessary to prevent security breaches and to ensure the integrity of the data on our servers.
We intend to protect the quality and integrity of your personal information. The www.validus-ivc.co.uk website has implemented technologies and security policies to protect the stored personal data of our users from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss. We will continue to enhance our security procedures as new technology becomes available. Verisk employees and processors who have access to personal data are contractually obliged to respect the privacy of our visitors and the confidentiality of their personal data.
- What are the legal grounds for our processing of your personal information (including when we share it with others)?
We rely on the following legal bases to use your personal data:
a) Where it is in our legitimate interests to do so
b) To fulfil any contractual obligations
c) To comply with our legal obligations
d) With your consent (or explicit consent where appropriate)
- When do we share your personal information with other organisations?
We do not provide your details to third parties except where you consent to this. However, you may choose to receive information from other organisations. You can indicate this choice by selecting the appropriate option during registration on our website. When you choose to receive information from other organisations, we only disclose your name and address to them. However, you should note that other organisations may follow privacy practices which are different from our own privacy practices.
At any time you can ask us not to further disclose your name and address to others for this purpose by sending an e-mail to the DPO’s details shown below.
- How and when can you withdraw your consent?
If you do not want your details used in this manner described above, you can either disable your cookies by following the instructions on your internet browser, or opt-out at the order or request stage.
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the DPO’s details shown below.
- Is your personal information transferred outside the EEA?
We will not transfer your personal data outside the European Economic Area.
- What should you do if your personal information changes?
You should inform us promptly of any change to the details you submit via the website by sending details in writing to the DPO, whose details are shown below.
- Do you have to provide your personal information to us?
We’re unable to provide you with many of the benefits and services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll endeavour to make this clear.
- Do we do any monitoring involving processing of your personal information?
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information will only be shared for the purposes described above.
- What about other automated decision making?
We do not make automated decisions about you using only technology, where none of our employees or any other individuals are involved.
- For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our business
- For as long as we provide information or services to you and then for as long as someone could bring a claim against us; and/or
- Retention periods in line with legal and regulatory requirements or guidance.
- What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not:
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- Rights in relation to any automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the DPO’s details shown below.
- Your right to object
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us using the DPO’s details shown below to exercise these rights.
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by emailing firstname.lastname@example.org. Alternatively, you can write to The Data Protection Officer, Verisk, 1 Prince of Wales Road, Norwich NR1 1BD.