References to “you” or “your” means any individual whose personal data we process in connection with the users of this website and provision of the RR Index Platform and includes individuals employed by our members and affiliate audit companies and individuals whose personal data is processed in connection with the provision of information to members.
It describes in detail who is responsible for the personal data that we collect about you, the nature of the personal data we collect and how we will use it. We will also set out who we disclose it to and your rights and choices in relation to your personal data.
The personal data that we process tends to consist of:
- Name and E-mail details of individuals who use our website
- Sales data in terms of numbers or mass
- Product data and their raw material details
- Product quantity data and their packaging weight data
You may submit your personal data to us directly, or indirectly via RR Index platform that you are employed or engaged by or otherwise in connection with our services.
RR Index is committed to protecting your privacy. RR index uses any personal data of yours or your organization submit to us in accordance with this policy.
You have the right to object to our use of your personal information in certain circumstances. Please see the What are your data protection rights? section below for a summary of your right to object (along with your other rights under data protection legislation) and the details of who to contact if you want to exercise them. Please see the Who can you contact for privacy questions or concerns? section if you need to get in touch.
Who can you contact for privacy questions or concerns?
We have appointed a Data Protection Officer whose role in relation to data protection includes informing and advising us and those of our employees who are involved in processing personal data of their obligations under data protection legislation.
How do we collect personal data?
We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us their information on RR Index portal, complete our online forms, subscribe to our newsletters and preference centre, register for webinars, attend meetings or events we host, visit our offices or apply for open roles. We may also obtain personal data directly when,
for example, we are establishing a business relationship, or through our hosted software applications.
We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our Members. We may attach personal data to our customer relationship management records to better understand and serve our Members, subscribers and individuals, satisfy a legal obligation, or pursue our legitimate interests.This personal dataincludes names and email details of those individuals.
What categories of personal data do we collect?
How do we process your personal data?
Under data protection legislation we can only use your personal data if we have a proper reason to do so (this is also known as a legal basis). We have set out our reasons for using your personal data below.
You have the right to object to our use of your personal information at any time. Please see the What are your data protection rights? section below for a summary of your right to object and the details of who to contact if you want to exercise them. Please see the Who can you contact for privacy questions or concerns? section if you need to get in touch.
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
We may process personal data in order to perform our contractual obligations where we have a contract with an individual.
We may rely on your freely given consent at the time you provided your personal data to us.
We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include:
- Delivering services to our Members – to deliver the professional services our Members have engaged us to provide
- Direct marketing – to deliver timely market insights and speciality knowledge we believe is welcomed by our Members, subscribers and individuals who have interacted with us
- Compliance with applicable legal and regulatory obligations, and any guidelines, standards and codes of conduct
- Improvement and development of our business operations and service offering, or those of a third party
- Protection of our business, shareholders, employees and customers, or those of a third party
- Analysing competition in the market for our services – for example, by carrying out research, including market research.
- Legal obligations and public interests:
We may process personal data in order to meet regulatory and public interest obligations or mandates.
Where we process your personal data on the legal basis of our legitimate interests, we have carefully considered and assessed your rights and freedoms which require protection of your personal data in respect of each specific purpose. Having undertaken this assessment, we have determined that our legitimate interests are not overridden by your rights under data protection legislation. If you would like further information about
how we have balanced your rights and freedoms against our legitimate interests, please get in touch using the details in the Who can you contact for privacy questions or concerns? section above.
We may be required to obtain your personal data to comply with our legal requirements, to enable us to fulfil the terms of our contract with you or in preparationof us entering into a contract with you. If you do not provide the relevant personal data to us, we may not be able to provide you with membership services or otherwise interact with you.
If you wish to change your marketing preferences and you do not wish to hear from us, please let us know by contacting us on the details provided in the Who can you contact for privacy questions or concerns? section above.
Why do we need personal data?
It’s important to us that we are transparent when we collect and use personal data, and that we tell you why we need it and more specifically the purposes for which we process it. These typically include:
- Providing professional advice and delivering reports related to our professional services
- Providing the accurate recycled data after taking the quantity and the net amount of information from the customers.
- Promoting our professional services, products and capabilities to existing and prospective Members
- Sending invitations and providing access to guests attending our events and webinars or our sponsored events
- Administering, maintaining and ensuring the security of our information systems, applications and websites
- Authenticating registered users to certain areas of our sites
Do we share personal data with third parties?
We may occasionally share personal data with trusted third parties for the purposes set out above. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:
- Parties that support us as we provide our services (e.g. providers of
telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services)
- Payment services providers
- Marketing services providers
We may share your personal data with other third parties, for example:
in the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets
if we or substantially all of our assets are acquired by a third party (or are subject to a reorganisation within our corporate group), personal data held by us will be one of the transferred assets
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our legal rights under any contract we have with you.
What are your data protection rights?
You have certain rights with respect to your personal data. The rights will only apply in certain circumstances and are subject to certain exemption
Your rights are highlighted below.
You have the right to receive a copy of your personal data that we hold about you and information about how we use it, subject to certain exemptions.
You have the right to ask us to correct your personal data that we hold where it is incorrect or incomplete.
You have the right to ask that your personal data be deleted in certain
circumstances. For example:
o Where your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise used
o If you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal data
o If you object to the use of your personal data (as set out below)
o If we have used your personal data unlawfully
o If your personal data needs to be erased to comply with a legal obligation.
You have the right to suspend our use of your personal data in certain
circumstances. For example:
– Where you think your personal data is inaccurate but only for so long as is required for us to verify the accuracy of your personal data
– The use of your personal data is unlawful and you oppose the erasure of
your personal data and request that it is suspended instead
– We no longer need your personal data, but your personal data is required by you for the establishment, exercise or defence of legal claims
– You have objected to the use of your personal data and we are verifying
whether our grounds for the use of your personal data override your
You have the right to obtain your personal data in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where it is technically feasible.
The right only applies:
->To personal data you provided to us
->Where we rely on the following legal bases
->For the performance of a contract
->When the use of your personal data is carried out by automated (i.e.
Right to object:
Right to object to the use of your personal data (including to object to direct
marketing, automated decision making and profiling)
You have the right to object to the use of your personal data in certain
circumstances and subject to certain exemptions. For example:
->Where you have grounds relating to your particular situation and we use
your personal data for our legitimate interests (or those of a third party)
->If you object to the use of your personal data for direct marketing
purposes. We may need to keep some minimal information to comply
with your request to cease marketing to you.
Right to Withdraw Consent:
You have the right to withdraw your consent, to one or more forms of processing, at any time where we rely on consent to use your personal data.
This will not affect the lawfulness of any processing carried out before you
withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
Right to complain to the relevant data protection authority:
If you think that we have processed your personal data in a manner that is not in accordance with data protection legislation, you can make a complaint to the data protection regulator
What about personal data security?
We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse,
alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
If you have access to parts of our website or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site, and any transmission is at your own risk.
How long do we retain personal data?
We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance
with these uses, we retain personal data for two years. We will dispose of personal data in a secure manner when we no longer need it.