About Ultima Risk Management (URM)
We are a private limited company, registered under Company Number 5488337. Our registered company address is Blake House, Manor Park, Reading RG2 0JH. We provide organisations throughout the UK with consultancy, auditing and training services, along with software solutions, in the areas of information security, business continuity, risk management, governance and compliance to management system standards.
For the purposes of UK data protection law and the GDPR, URM is the ‘Data Controller’ of the personal data you provide to us
Who do we process personal data about?
As a data controller, we process personal data about our clients, potential clients, business partners, employees and potential employees
Why do we process personal data?
We only process your personal data in order to fulfil a service you have asked us to provide or in order to run our own business and promote our own services and products. With regard to the promotion of our services, we use data to carry out direct B2B marketing campaigns. The lawful basis we use for this processing is ‘Legitimate Interest’.
We may also process your personal data if required by law to support the prevention or detection of crime.
What personal data do we process?
In order to promote our services and products, and in recruiting employees and associates, we collect and process the following categories of personal data:
- Your name, business role/title, address, telephone numbers and email address.
We do not process any special category data on clients, potential clients or business partners.
Use of your personal data
Except as set out in this Policy, URM will not sell or rent to any third party any personal information that we collect without the permission of the person to whom that information relates. In the delivery of our services, URM may distribute the information to a third party who is working on our behalf and such use will be strictly limited to a specific activity and controlled by appropriate contracts.
From time to time, you may choose to supply us with personal information. If this information is provided to us for purposes that involve our business partners, it may be in our legitimate business interest to provide the relevant business partners/associates with the information that you supply.
Cookies are used to monitor the website usage. They enable us to gather statistical information to manage and develop the website to improve user experience and to assess the popularity of individual web pages. Please click here to access our Cookies Policy.
URM strictly limits the number of emails sent to contacts and the subject of these emails will always relate to the products and services that we provide. It is not in our interest to bombard our customers, or prospective customers, with unsolicited mail and we will remove a contact's details from our marketing activity when requested to do so.
Customer contacts: If your details are on URM's database because your organisation purchases products and/or services from us, we believe that email communications will contain useful information that is relevant to you in your professional capacity. If you do not wish to receive emails of this nature, please let us know by emailing email@example.com.
Other contacts: If you are not a URM customer, your details will be included on our database for one of the following reasons:
- Event registration/attendance. You have provided your details when registering for one of URM's seminars, or have provided your details when visiting URM at a conference/exhibition or requesting information from our website.
- Third party database. URM occasionally purchases lists of contacts from an approved data supplier as stated above.
If you do not wish to continue to receive emails promoting URM's products and services, please let us know by emailing firstname.lastname@example.org.
URM does not knowingly get involved in ‘spamming’ activities of any kind.
URM will always provide recipients with an opportunity to opt-out or 'unsubscribe' from receiving further email content. This is because we only want to send information to people who are interested in receiving it. URM is responsible for responding to 'opt-out' or 'unsubscribe' requests when asked to do so. In turn, our business partners are responsible for complying with all such requests by removing the appropriate person from their lists.
URM will always comply with the legal obligations on us in relation to data protection set out in the GDPR and the Data Protection Act 2018, and we are committed to complying with the Privacy and Electronic Communications Directive 2003. We will only work with business partners who adopt a similar approach.
Security of your personal data
URM secures your personal information from unauthorised access, use or disclosure. URM is certified to both ISO 27001, the International Standard for Information Security and ISO 22301, the International Standard for Business Continuity and is totally committed to maintaining the confidentiality, integrity and availability of your information.
Your data subject rights
Under the GDPR and the UK Data Protection Act 2018, you have specific rights over the processing of your personal data. These include the rights to:
- Be informed about the processing of your data
- Have your information processed securely
- Request access to a copy of your personal data
- Have inaccurate personal data corrected (rectification)
- Be informed about how long your personal information will be retained
- Erasure of your personal data if we do not have any legal, statutory or regulatory reason for continuing to process it
- Restrict the processing of your personal information causing, or likely to result in, harm or distress (subject to our legal obligations for processing)
- Portability in certain circumstances
- Object to the processing conducted by us (e.g. direct marketing)
- Have any automated processing and the logic used explained to you if any decisions about you are made solely by a computer program
- Complain to the Information Commissioner’s Office (ICO) if you believe your rights have been breached and we have been unable to resolve the issue, and a further right to obtain judicial remedy through the courts if your complaint is upheld by the regulator. For more information on how to make a formal complaint to the ICO visit www.ico.gov.uk)
If you would like to exercise any of the rights listed above, please email email@example.com. We will explain any applicable exceptions to these rights in our response.
Changes to this Policy
URM welcomes your questions about this Policy. If you have any such questions please contact us at firstname.lastname@example.org or telephone 0118 9027 450.