Please read the following carefully to understand our views and practices regarding your data and how we will treat it.

RiskFirst is committed to protecting and respecting your privacy. This policy (together with our website ) sets out the basis on which any personal or other data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your data and how we will treat it.

For the purpose of applicable data protection law in the United Kingdom (the Data Protection Act 2018 once this has been enacted), our nominated representative is our Data Protection Officer. We hold four registrations on the Data Protection Register administered by the Information Commissioner’s Office (ICO), as follows:

  • Risk First (Holdings) Limited – Registration Number ZA126476
  • Risk First Group Limited – Registration Number ZA126470
  • Risk First Limited – Registration Number Z997395X
  • Risk First Management Services Limited – Registration Number 1781205

Details of our Data Protection Register entries can be accessed at and then navigating to “Search the register”.

Scope of this policy

This policy is relevant and applies to any persons, including clients, suppliers and other persons. Generally and subject to the following paragraph, RiskFirst is a data processor and not a data controller in relation to your data. We will only process that data to the extent reasonably necessary for our interactions with your organisation, and we will follow the instructions of the data controller. Our arrangements with your organisation, such as NDAs and licences or other commercial contracts, may contain contractual terms that limit our access to personal or other data in this context, and prevent you or your organisation from furnishing personal data to us.

If you are a RiskFirst employee or contractor (or a candidate to become one), there may be additional data that we, as data controller, collect and hold about you for recruitment, HR, payroll and other legitimate purposes. There are supplemental data protection provisions applicable to RiskFirst personnel, which can be accessed via our internal systems or documents, the details of which have been advised to our personnel.

Information we may collect from you

We may collect and process the following data about you:

  • Information that you provide by filling in forms on our internet sites, including, and any sub-domains (our site). This includes information provided at the time of registering to use our site, subscribing to our services, posting material or requesting further services or information.
  • We may also ask you for information when you report a problem with our site or our services.
  • If you contact us, we may keep a record of that correspondence (including your business contact details, such as email address and telephone number).
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of your visits to our site (including traffic data, location data, weblogs and other communication data) and the resources that you access.

IP addresses and cookies

We may retain information about your computer, including where available your IP address, operating system and browser type, for system administration and to collect and assess aggregate information (statistical data about users’ browsing actions and patterns). We may also obtain information about you by using a cookie described further in the following paragraph.

Our site uses cookies to enhance the operations of the site, and also to collect information on site users and the details their visits. At present, we use three types of cookies: one collects information from you for purposes of aggregated and anonymized assessment through Google Analytics, a widely-used tool for collection and review of website use metrics. The second type of cookie is also anonymous but helps us assess your preferences in relation to our site, so that we can enhance future visits.  The third type of cookie is created only when you voluntarily complete a Contact Form and this cookie may store your business contact information; when you complete a Contact Form, a dialog box within the site will offer you more information. However, we may in future use cookies for other purposes. If, having given a consent to our use of cookies, at any future date you want to revoke your consent, you can always do so by removing RiskFirst’s cookie, generally through the options feature in your browser. You can also access further independent information on cookies at and

Where we store your data

Unless we have agreed otherwise with you in writing, data that we collect from you may be transferred, and stored, outside the European Economic Area (EEA). It may also be processed by our staff or contractors operating outside the EEA. By submitting such data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored securely. If you have a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. Please do not share your password with anyone.

Transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your risk. Once we have received your information, we will use procedures and security to try to prevent unauthorised access.

Uses made of the information

We use information held about you to:

  • Ensure that content from our site is presented in the most effective manner for you and for your computer.
  • Provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • Carry out our obligations arising from any contracts entered into between you and us.
  • Allow you to participate in interactive features of our service, if you choose to do so.
  • Allow us (or third parties acting on our behalf) to send marketing materials to you.
  • Notify you about changes to our service.

We may use information in different or additional ways in the future. If we do so, we will post the updated disclosure on this page or elsewhere on our site. However, we will not sell your information to third parties for their own use, nor will we disclose it to third parties other than as described in the following section.

Disclosure of your data

We may disclose your data to any company in our group, and to our staff. We may disclose your information to third parties.

  • Who provide services to RiskFirst (for example, those who conduct marketing campaigns to our clients on our behalf).
  • In the event that we sell or buy any business or assets, in which case we may disclose your data to a prospective seller or buyer (including in any sale of RiskFirst, in which case data held by it about its clients may be transferred).
  • If we must disclose or share your data in order to comply with any legal obligation, or in order to enforce or apply our Access Rules (if these apply to you) and other agreements; or to protect the rights, property, or safety of RiskFirst, our clients or others. This includes exchanging information with other companies and organisations for fraud protection and risk reduction.

Your rights

You have the right to ask us not to process your data, in which case we may also unsubscribe you from our site and delete your account and data. You can exercise this right at any time by:

  • Writing to our Data Protection Officer (details below under “Contact”)
  • Following links from marketing emails.

Our site may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these may have their own privacy policies; we do not accept any responsibility or liability for these policies. Please review these policies before you submit any personal or other data to these websites.

Access to data

Data protection law in the UK gives you the right to access personal data held about you, and your right of access can be exercised in accordance with that law. Any access request may be subject to a fee to meet our costs in providing you with details of the information we hold about you.

Call recording

RiskFirst does not normally record telephone conversations. In certain limited circumstances (for example, for training or quality assurance purposes), RiskFirst personnel are able to record telephone calls; when doing so, they will inform all other parties to the call that it is being recorded and the reasons for recording it. We will make reasonable efforts that no personal data is communicated over the telephone.

Changes to this privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page or elsewhere on our site and, if we determine it is appropriate, notified to you by e-mail or such other means as we consider appropriate.


Questions, comments and requests regarding this privacy policy should be addressed to the Data Protection Officer, RiskFirst at 14th Floor, Aldgate Tower, 2 Leman Street, E1 8FA.

Last Revised and Approved: March 2018