The purpose of the privacy notice is to inform you about what personal information we collect whether this is through our website, the recruitment process or other interaction with Ricardo. We will also define how we use the information, whether the information is disclosed and the ways in which we protect your privacy.
We want you to feel secure when interacting with Ricardo and are committed to respecting your privacy and complying with data privacy regulations, such as The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
Contents of this notice:
Your data and the Ricardo website
Whenever you visit this website, you consent to the collection, use and disclosure of that information in accordance with this privacy notice.
Non-Ricardo websites linked to or from our website are not covered by this privacy notice and we do not accept any responsibility or liability for those websites.
How do Ricardo collect my personal data through the website?
There are three ways which the Ricardo websites collect your information:
- Cookies and log files
- User account
These technologies enable us to identify what areas of the website you have visited and how you got there. We use the aggregated information from website visitors, for example aggregated information on the pages visited, to help us improve the design, performance and delivery of the website to provide a better user experience.
You can find out more about cookies at: http://www.allaboutcookies.org
Ricardo stores personal cookie information for 24 months
We use many different cookies on our website:
1. Session cookies
We use session cookies to ensure that you are recognised when you move from page to page within the website and that any information you have entered is remembered.
More information on session cookies and what they are used for is at: http://www.allaboutcookies.org/cookies/session-cookies-used-for.html
2. Persistent cookies
We use persistent cookies for website analytics and to improve website performance.
More information on persistent cookies and what they are used for is at: http://www.allaboutcookies.org/cookies/persistent-cookies-used-for.html
3. Third party cookies
We use suppliers who also set cookies on our website on our behalf to deliver the services that they are providing.
For example, Google Analytics collect anonymised data- more information can be found at: http://www.google.co.uk/intl/en/analytics/privacyoverview.html and: http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html
How to control cookies
Most browsers are set to automatically accept cookies. If you do not wish your progress through the website to be tracked then all recent versions of popular web browsers have the option to not accept cookies. However, by choosing not to accept cookies, some aspects of the website performance and user experience may be affected.
Further information on how to manage cookies can be found at: http://www.allaboutcookies.org/manage-cookies/
How is my data collected through website forms?
We use forms on the website to enable you to easily contact Ricardo about services, solutions and products that we can provide you with. We also use forms to enable access to resources or to register for events via our website. For example, we use forms to enable recorded access to white papers, videos or to register for conferences or webinars.
The information collected via forms enables us to understand what website users are interested in, which we use to improve the services, solutions, products, resources and events we provide you.
Each form includes a tick box that confirms you consent for us to store your personal information on our secure systems and to use your data for the purposes stated on the form. If you do not tick the box that confirms your consent your data will be erased.
What information is collected through Ricardo user accounts?
We have created user account functionality to enable regular users of the website to more easily download resources, register for events, access technical support or to contact us about services, solutions or products.
The information collected via user accounts enables us to understand what you are specifically interested in and to improve the services, solutions, products, resources and events we provide you. The user accounts also provide you with an easy to use management of your contact preferences and consent.
Below is the personal data collected when creating and using an account:
- Organisation name
- Telephone (optional – if you wish for us to make contact via phone based on the consent provided)
- Email (used as a unique field to create individual user accounts, to enable you to reset access to your account if required and to enable us to contact you via email based on the consent you have provided).
- Job role – to enable us to provide you with relevant organisational role based information based on the consent and communication preferences provided.
- Resources downloaded, support tickets logged, events registered for.
How long will Ricardo store my information?
Form data. We will hold the information provided through the forms for 12 months from collection. After the 12 months we will send you an email asking you to confirm if you wish to continue to consent to your data being stored and for us to communicate with you as previously described. If you do not respond to this email within one month we will unsubscribe you.
User accounts. We will hold the information for as long as you continue to use your account. If you do not access your account or engage with communications for example open or click through one of the emails, for more than a 12-month period, we will send you an email asking you to confirm if you wish to continue using your account. If you do not respond to this email within one month we will unsubscribe you.
Ricardo’s use of social media
Ricardo uses a wide range of social media channels and the processing of data within the channels is in line with the privacy policies and user agreements of each individual channel, as well as the relevant data protection regulations.
Ricardo’s recruitment process
Ricardo has recruitment personnel around the world looking for new people to join our wide variety of teams and disciplines, helping us to effectively and sustainably support our customers. As part of our recruitment process we advertise roles online and you can apply for these by completing the application form and providing us with your CV.
When you apply for one of the Ricardo vacancies your information is submitted to our secure applicant management systems. The data you submit will then be shared (via the system) with our professional recruiters, the relevant hiring manager and other people within Ricardo who are part of the recruitment process for the role.
How long is my application information / personal information stored in the Ricardo applicant management systems?
Your personal information will be stored in the system for up to 12 months from submission. We retain your information in our system to help us maintain suitable records of how we manage the recruitment process and to help us improve and quality check the consistent approach we take. After the 12 months we will send you an email asking you to confirm if you wish to continue to consent to your data being stored and for us to communicate with you as previously described. If you do not respond to this email within one month we will unsubscribe you.
There might also be other Ricardo roles that you would suit and by storing your application information on our secure systems we can make recommendations to you about other relevant roles.
The information you submit is processed under the lawful basis of legitimate interest. You are entitled to know what information we hold about you and for this to be corrected if it is inaccurate – click here for more information.
Ricardo’s business development process
Working with our customers and prospective customers
To help deliver customers our wide range of products, services and solutions, Ricardo maintains sales management solutions such as our financial management systems and customer relationship management solution. The personal information stored in these systems is managed in line with contractual agreements, our Information Security Policy (https://ricardo.com/policies/information-security-policy) and processed on the legal basis of legitimate interest (see legitimate interest).
We want to contact you with information about our products, services or solutions, as well as industry or regulatory information that you find relevant and useful. To manage this effectively we use consent as the lawful means for processing your personal data for marketing purposes. When requesting information from us, such as downloading a white paper or through interaction with one of our employees at an exhibition or conference, we will collect your consent to do so and manage this through our secure systems.
You are entitled to know what information we hold about you and for this to be corrected if it is inaccurate – click here for more information.
Crisis and chemical incident emergency response
Ricardo provides a range of crisis and chemical incident emergency response services to both private companies and government organisations. These services are delivered through one of our business divisions, the National Chemical Emergency Centre (NCEC).
NCEC’s services require our highly trained emergency responders to handle telephone calls, on behalf of our customers, to provide the caller with support during a business related or personal emergency. For example, an individual might phone our emergency response telephone support due to coming into contact with a harmful chemical.
During these calls our emergency responders may collect personal information to help us support the caller. This information is stored on our secure emergency response database. The information is used for the purposes of managing the incident and shared with the relevant customer or the emergency services to help them better understand and respond to the incident.
The information collected is processed under the lawful basis of legitimate interest to enable us to deliver fast and effective emergency response support, reducing the impact to health and the environment.
The data collected will be stored by Ricardo for 7 years, to enable us to maintain an audit trail of the emergency call.
You retain the right to understand what data is being stored about you relating to these services and for that information to be updated if it is inaccurate. Click here for more information.
General privacy questions
Can I access my personal information that Ricardo is storing?
You are entitled to know whether we hold information about you and, if we do, to have access to that information and require it to be corrected if it is inaccurate. In the next section you can find the details of how to contact us about your personal data.
How do I contact Ricardo if I have a personal data question?
You can do this by addressing requests to: Data Protection, Ricardo UK Ltd, Shoreham-by-Sea, West Sussex, BN43 5FG, United Kingdom. Alternatively, you can email firstname.lastname@example.org.
Contacting Ricardo about your personal data does not impact your right to lodge your concern with the relevant authorities, for example the Information Commissioners Office in relation to EU based data concerns - https://ico.org.uk/concerns
How does Ricardo store my data?
We take appropriate steps to maintain the security of your data, these are set out in our Information Security Policy https://ricardo.com/policies/information-security-policy
You also have a responsibility to take reasonable steps to protect your data, for example protecting your password to your Ricardo website user account.
Ricardo is registered as a data controller with the Information Commissioner.
What is the legal basis for the processing of my data?
We want to enable you to have a clear understanding of the data we hold about you, how it is used and the approach we take to processing your data. Below details to two approaches Ricardo uses to process data:
To keep you updated with information on our products, solutions, services, research and news we collect your consent at the point at which we collect your information. Your consent and the date consent is provided is stored on our secure systems to help us maintain an accurate record of how we collected and the reason for storing your information.
When you complete a form on the Ricardo website we will ask you to tick a box that you consent to us storing your information and contact you for the purpose stated (next to the consent check box). If you do not tick the consent box, your data will be erased.
You have the right to withdraw your consent to the use of your data at any time. To contact Ricardo for this purpose, please click here.
There are a small number of instances where we process data under the lawful basis known as ‘legitimate interest’. When we adopt this approach, we carry out a legitimate interest test in accordance with the GDPR regulations to enable us to understand if it is an appropriate method.
We use the legitimate interest approach to process your data during the recruitment process to most effectively support you in your application process when applying for a role with Ricardo. This helps us to assess your CV and skills to match you with current and / or future vacancies at Ricardo and provides mutual benefit, enable us to recruit efficiently and providing you with a wider range of job opportunities.
What type / category of data does Ricardo store?
As defined through this privacy notice, Ricardo collects and manages ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.
Ricardo also collects a limited amount of sensitive personal data also known as ‘special categories of personal data’ and will collect your consent when doing so.
Will Ricardo share my information?
Ricardo does not sell individuals’ information. We will share it only with our authorised Data Processors, who must always act on our instructions as the Data Controller under relevant data protection laws including GDPR. An example of an authorised Data Processor is our recruitment solution provider, who develop and supply our recruitment based application management system.
Changes to this privacy notice
We may change this notice from time to time and any changes will be posted to this page.
Last update: 13/04/2018