Who we are
Our website address is: http://www.aresriskmanagement.com.
This policy covers all data that is shared by a visitor with us when visiting our website or when contacting us directly by email or by phone. This policy has been created by the Cyber Division & Senior Management of Ares Risk Management Limited and is occasionally updated by us, to reflect changes in Data Protection & Online Privacy Legislation, therefore, we suggest you review this page from time to time.
This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you either directly via this Website, by phone or via email.
We are required under the Data Protection Act 1998 and General Data Protection Regulation 2016 to have a data controller. For the purpose of the Data Protection Act 1998 and General Data Protection Regulation 2016 our data controller is Anna M Heim and can be contacted via email at firstname.lastname@example.org.
What personal data we collect and why we collect it
When visitors leave comments on the site (in our blog) on our we collect the data shown in the comments form. This data might include the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We do not use contact forms on our website and invite you to either phone or email us with your service requests or enquiries.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behave in the exact same way as if the visitor has visited the other website.
Who we share your data with
In the main, we do not share your data, unless it is absolutely necessary to do so in order to provide our services to you. In situations where this might be the case, this will be clearly and fully explained in your contracted Services Agreement with us. Your Service Agreement explains
- What data we might have to share.
- Why we might have to share it.
- How your data might be shared.
- Who we might have to share your data with.
All data which we might have to obtain from you in order to provide you with our services and which may need to be shared is protected by Confidentiality and Non-Disclosure Agreements.
Our Email System is provided to us By Microsoft 365 – we do not store your contact details in Outlook 365. Your contact details are stored in our Customer Management System – HubSpot, which is integrated into Outlook 365. Only legitimate contracted customers, clients, subcontractors and supplier contact details are held in this system.
All enquiry data which you might have shared with us through the Booking Form which is provided to us through our Microsoft 365 Office Applications is irretrievably deleted from all our systems within 24-hours unless you become a customer, client, subcontractor or supplier.
When you purchase one of our online training courses or purchase tickets to one of our Workshops, Seminars or Events, we use PayPal to transact your payments. When using PayPal for this purpose you have the choice of
- Sign-up for a PayPal account
- Use your PayPal account if you are a pre-existing user of the PayPal Service or
- Use PayPal as a “one-time-only” service.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. If you at any time decide that you no longer want your comment to be featured on our blog, drop us a note and your comment will be permanently and irretrievably deleted.
If you sign up to our mailing list, you will find an unsubscribe link in the footer of every email we send. You are free to unsubscribe from our mailing list at any time. The minute you confirm that you want to unsubscribe your name and email address will automatically, instantly and irretrievably be removed from the list.
If you are a customer or client of Ares Risk Management and have purchased services from us the data retention period will be indicated in the Data Retention & Deletion Section of your Service Agreement. Please refer to your Service Agreement or contact us directly by email quoting the Service or Project Reference for more information. [email@example.com]
What rights you have over your data
If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
In addition, all our clients, subcontractors and suppliers have the following rights to their data under the Data Protection Act 2018 & GDPR 2016:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
Should you at any time wish to exercise your data rights please email us with your request at: firstname.lastname@example.org
Where we send your data
With the exclusion of visitor comments which may be checked through an automated spam detection service; we don’t send your data anywhere, we keep it safely and securely on our hybrid in-house systems or locked away in hard-copy in our filing cabinets.
Your contact information
If you have left a comment on our website which has been approved for publication in addition to the body of your comment, your published entry may include the user name you created when you registered to leave the comment.
If you email us directly we will keep your name, email address and any other contact details you have provide in a secure manner on our systems so that we can respond to your enquiry efficiently and effectively.
If you phone us with a service enquiry, we will ask you for your name, phone or mobile number and email address so that we can respond and deal with your service enquiry efficiently and effectively.
If you sign up to our mailing list, we will collect your name and email address only.
How we protect your data
Website: In addition to Secure Socket Layer (SSL) We utilise SiteLock security on our website as provided as a paid-for service by our hosting company, which provides our website with advanced layered threat detection to protect the integrity of our website and any personal data you might submit when you choose to register to leave comments, or when using the booking form.
Mailing List: We have done our due diligence and trust Mailchimp to protect your data in accordance with the highest standards in Cybersecurity – you can find out more about MailChimp’s Cyber Security measures here https://mailchimp.com/about/security/
Internal Systems: Ares Risk Management utilises CyberSmart Technologies, the guideline offered by UK’s Cyber Essentials Certification Scheme, advance Firewall and file-locking systems to protect any and all data which we might store and process on our internal computer systems.
Our cloud systems utilise VPN and encryption on all data when in transit and at rest – our cloud and SaaS providers are ISO27001 compliant as a minimum standard.
What data breach procedures we have in place
In the event of a data breach, you and the UK Regulatory Authority (The Information Commissioners Office) will be notified within 72 hours of such an event occurring and provided with detailed information on
- what happened,
- how it happened
- what we have or are doing to put things right
- what steps you might need to take (if any).
What third parties we receive data from
We do not accept personal data from third parties unless they can prove they have a contractual agreement with you and you have consented to them sharing your data with us.
What automated decision making and/or profiling we do with user data
Ares Risk Management does not undertake any automated decision making neither do we use any data you might have provided to us for profiling.
Industry regulatory disclosure requirements
Ares Risk Management is Registered with the Information Commissioners Office. Our Registration Number is: ZA110791
Ares Risk Management is a Limited Company Registered in England & Wales, our Registered address is: Donnington House, 33 High Street, Shoeburyness, Southend-on-Sea. Essex SS3 9AW UK our Company Registration Number is: 09456375
All our Consultants & Operators are Licenced & DBS checked by the Security Industry Authority (SIA).
Our contact details are in the footer of every page on this website.
Updated: 27 October 2020