Privacy Notice

IR&C LTD Customer Privacy Notice
Registered name: IR&C LTD
Last updated: 18 November, 2024
Contact details

Email: info@reg-1.com

What information we collect, use, and why
We collect or use the following information to provide and improve products and services for clients:
  • Names and contact details
  • Addresses
  • Occupation
  • Transaction data
  • Usage data
  • Employment details
  • Information relating to compliments or complaints
  • Records of meetings and decisions
  • Account access information
  • Website user information
We collect or use the following personal information for the operation of client or customer accounts:
  • Names and contact details
  • Addresses
  • Purchase or service history
  • Account information, including registration details
  • Information used for security purposes
  • Marketing preferences
  • Technical data, including information about browser and operating systems
We collect or use the following personal information for information updates or marketing purposes:
  • Names and contact details
  • Profile information
  • Marketing preferences
  • Purchase or account history
  • Website and app user journey information
  • IP addresses
We collect or use the following personal information for recruitment purposes:
  • Contact details (eg name, address, telephone number or personal email address)
  • Date of birth
  • National Insurance number
  • Copies of passports or other photo ID
  • Employment history (eg job application, employment references or secondary employment)
  • Education history (eg qualifications)
  • Right to work information
We also collect or use the following information for recruitment purposes:
  • Racial or ethnic origin
  • Religious or philosophical beliefs
We collect or use the following personal information for dealing with queries, complaints or claims:
  • Names and contact details
  • Address
  • Account information
  • Purchase or service history
  • Customer or client accounts and records
  • Financial transaction information
  • Correspondence
Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.


Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:


If you make a request, we must respond to you without undue delay and in any event within one month.


To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.


Our lawful bases for the collection and use of your data


Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation– we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • At REG-1, we process certain personal data. We collect and use data to enhance our services, improve user experience, and ensure the security of our systems. For example, we may use your information to personalise content, streamline compliance workflows, or conduct analytics to optimise our platform. The benefit to our clients and users includes better service delivery, regulatory compliance support, and improved product features. We carefully assess any potential risks to your privacy and have implemented robust safeguards to protect your data. Our goal is to strike a fair balance, ensuring our interests do not compromise your rights. If you have concerns, you may object to certain processing activities or request further clarification.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for recruitment purposes are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Where we get personal information from
  • Directly from you
  • Regulatory authorities
  • Legal bodies or professionals (such as courts or solicitors)
  • Publicly available sources
How long we keep information
NAMEROLESTATUS
Customer Contracts6 years after terminationRetained for potential legal claims or disputes.
Billing and Payment Records7 yearsIncludes invoices, receipts, and payment history.
Customer Support Records2 yearsEnsures continuity of service and dispute resolution.
User Account DataRetain while active + 1 yearDeleted or anonymized after account closure unless required by law.
Marketing PreferencesUntil consent withdrawnRegularly reviewed to ensure relevance and accuracy.
Employee Data6 years after employment endsIncludes contracts, performance reviews, and training records.
Audit Logs (Access/Activity)1 yearRetained for security and forensic investigations.
Incident Reports (e.g., breaches)6 yearsRetained to demonstrate accountability and compliance in case of audits.
Development Data (e.g., logs)90 daysEnsures technical troubleshooting and service continuity.
Cookies and Tracking DataRetain as per cookie policy (max 13 months)Retention should be stated in your Cookie Policy and user consent obtained.
Backup Data6 months after deletion of primary dataPeriodically reviewed and purged to ensure compliance with retention policies.
Vendor Contracts6 years after terminationRetained for potential disputes or audits.
Compliance Records7 yearsIncludes GDPR Data Protection Impact Assessments (DPIAs) and data breach records.
Recruitment Data6 monthsCandidate data retained only as long as necessary for hiring purposes.
Health and Safety Records3 yearsIncludes workplace incident reports.
Who we share information with
Data processors
Microsoft.

This data processor does the following activities for us: They manage our IT systems - Cloud Provider

Others we share personal information with

  • Professional or legal advisors for commercials, contracts or HR related activities.
  • Regulatory authorities – where we need to provide evidence from a HR perspective of right to work. Additionally any KYC/Sanctions or Screening related data we need to show if required.
How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.

The ICO's address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Accept Cookies

Blue Curve

Ready to Revolutionise your Compliance?

Be the part of the new regtech ecosystem.

Reg-1 Logo

REG-1 is a trading name of IR&C Ltd.
Company number: 13021505

Register for newsletter

30 Churchill Place, Canary Wharf, London, E14 5EUinfo@reg-1.com
Navigate
HomeAboutProductSolutionsPrivacy Notice
Copyright © 2024 REG-1. All rights reserved.