Privacy Policy

Risk Leadership Network is a global membership network for risk managers.

Risk Leadership Network is operated by Gambit Media Limited. Gambit Media Limited’s company registration number is 12155167 and its registered office address is Jubilee House, 92 Lincoln Road, Peterborough, England, PE1 2SN.

Introduction

This privacy notice (Privacy Notice) sets out how Gambit Media Limited processes your personal data only within the scope of operating the Risk Leadership Network, your use of this website and the Risk Leadership Network services.  

Personal data is information about individuals or information from which individuals can be identified (personal data). 

Gambit Media Limited will be the controller of your personal data. "Controller" is a legal term which means that we determine the purposes for which and the ways in which your personal data is used. As a controller we have registered with the Information Commissioner's Office (ICO) in the UK and our registration number is ZA627791.

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

If you have any questions about this Privacy Policy or our privacy practices, please contact our data privacy manager at the address above or via email: tim.whitehouse@riskleadershipnetwork.com.

How does Gambit Media Limited collect your personal data?

We collect personal data directly from you when you provide it to us when signing up to our services or when you participate in benchmarking surveys that we conduct using a software programme provided by Pointerpro.  We also collect your personal data through third party service providers, for example, HubSpot, LinkedIn and Zoom.  Finally, we also collect some personal data about you from payment processors (such as Integral2) for Membership payments. 

What personal data does Gambit Media Limited collect?

We may collect the personal data listed in the Schedule at the end of this Privacy Notice. 

The only personal data we capture when we run benchmarking surveys is name/email addresses and the rest is commercial information.

We may also receive detailed information with regards to your behavioural patterns, including in connection with your email communications relevant to our services and your use of our services. For more information on this please visit https://knowledge.hubspot.com/contacts/hubspots-default-contact-properties.  

We may also collect personal data about you that is available in the public domain. 

How does Gambit Media Limited use your personal data? 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Generally, we do not rely on consent as a legal basis for processing your personal data and we may process your personal data without your knowledge or consent where this is required or permitted by law. We will get your consent as identified in the table below as well as before sending third party direct marketing communications to you via email or text message.

The following is a list of the purposes for which we process your personal data, and the lawful basis on which we carry out such processing:

Purpose

Lawful Basis

To set-up, administer and manage your account with us

Necessary for the performance of a contract

To complete security checks 

Consent 

To take payment from you, fulfill orders and produce invoices for you

Necessary for the performance of a contract

To make event related information available to you

Necessary for the performance of a contract

To facilitate the sharing of knowledge and expertise within the Risk Leadership Network and the communication between its members 

Consent 

To track the location of your device to provide tailored recommendations

Legitimate interests of ensuring our services and website are as useful as possible

To seek your views on our products, services and events

Consent

To conduct market research 

Legitimate interests of better understanding our customers areas of interest and the services they find most useful

To deliver personalised advertising communications to you

Legitimate interests of promoting our offerings

To send out marketing about our goods and services, including information about events 

Legitimate interests of promoting our offerings

To respond to communications, including customer support queries 

Consent 

To record and analyse customer communications for training purposes 

Legitimate interests of improving our customer service 

To send you service messages and updates about our website and services 

Necessary for the performance of a contract

To undertake profiling with a view to suggesting products or services that are relevant to you and understand the likelihood of you becoming a member

Legitimate interests of understanding our customer basis 

To prepare and analyse statistics relating to the use of our website and services by you and other customers, to investigate complaints and to seek and analyse feedback 

Legitimate interests of ensuring our services and website are as enjoyable as possible

To run our everyday operations, e.g. communications between employees in connection with the provision of our services

Legitimate interests of running our business 

To administer and protect our business and the website including troubleshooting, data analysis and system testing

Legitimate interests of running our business, provision of administration and IT services, including network security

To administer a sale of the whole of or part of our business or the restructuring of our business

Legitimate interests of completing any such transaction or restructuring

To consider any job applications we may receive 

Consent


We may also process your personal data (a) to comply with a legal obligation we are under; and (b) for additional purposes in the future, but only if such purposes are compatible with those listed above and if we believe that the same lawful basis applies.

We also collect cookies. More information on how we use cookies can be found at [www.riskleadershipnetwork.com/cookie-policy]. 

When does Gambit Media Limited disclose your personal data?

We may disclose your personal data to other parties. Such parties may include companies that process data in and/or are incorporated in territories outside of the EEA and which do not provide the same level of protection to personal data as countries subject to the GDPR (international processors).  

Third party processors we may share your personal data with include:

  • Integral2
  • HubSpot
  • Pointerpro
  • Content Catalyst
  • Zoom

We may transfer your personal data to third parties in the context of a sale or possible sale of the whole of or part of our business or the restructuring of our business.

We may also disclose your personal data to law enforcement agencies in order to assist with any investigations, when we bring a claim or defend ourselves against a claim that requires the disclosure of the personal data, and when we engage professional advisors.  

Except as specifically provided in this Privacy Notice, we will never sell or rent your personal data to third parties.  

We will not share your personal data with third parties for marketing purposes without your consent.

International transfers

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. For example, to processors within the EU.
  • We may transfer your personal data subject to specific contracts approved for use in the UK which give personal data the same protection it has in the UK. For example: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long does Gambit Media Limited keep your personal data?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

We will retain your personal data for the following purposes and retention periods.

Purpose

Retention period 

User profile 

After 3 years of being inactive 

Marketing

After 3 years of being inactive

Payment logs for the processing of subscription orders

After 3 years of being inactive

Future employment opportunities with us when a job application has been unsuccessful

2 years

Potential claims

7 years


If you unsubscribe from our marketing communications, we will maintain a record of your unsubscribe request and associate it with your email address to ensure you do not receive future communications. 

Your communications preferences

We would love to stay in touch with you, but we completely understand if you do not want to receive communications from us via email. You are able to select your choices for communication when you sign up to our mailing list or purchase a product from us. Additionally, we always offer an unsubscribe option at the bottom of every email you receive from us and you’re welcome to use it to change your email preferences.

Your Rights

You have the following rights under data protection legislation. If you have any questions about your rights, or you wish to exercise any of these rights, please email tim.whitehouse@riskleadershipnetwork.com

We may require you to provide forms of identity should you wish to exercise one of your rights below.

Access: You are entitled to confirmation that we process your personal data and a copy of such personal data.  

Rectification: If the personal data we hold on you is incorrect, you have the right for this to be rectified. You may also update your personal data through your account settings. 

Erasure: You can request us to erase your personal data where there is no compelling reason to continue processing. Please note, however, that we may not always be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Restriction: You may request us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data's accuracy.
  • Where our use of the data is unlawful but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data

Objection: You may object to our processing of your personal data if our processing is carried out on the basis of legitimate interests. Please note, however, that should we determine that our interests are so compelling as to override your objection we may continue to process your personal data.  

You may object to receiving direct marketing at any time.  You have the right to withdraw consent to marketing at any time by contacting us.

Portability: You have the right to receive some of your personal data in machine readable format.  This right extends to you being able to request that such data is sent to a third party controller.

Withdrawing consent: If the lawful basis we rely on to process your personal data is consent you have the right to withdraw this consent. Please email us at tim.whitehouse@riskleadershipnetwork.com to withdraw consent for the processing of your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Complaining to a supervisory authority: Further information about your rights can also be obtained from your national data protection regulator – in the UK, this is the ICO (https://ico.org.uk/).  If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with your national data protection supervisory authority, although we would ask that you contact us in the first instance.  

Your right to be informed: You can contact us to find out more or to ask any questions you may have about our use of your personal data.

No fee usually required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond: We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Schedule: Personal data we collect

Type of personal data

Method of collection

Salutation 

Directly from you or through third party services 

Full name

Directly from you or through third party services 

Email address

Directly from you or through third party services 

Email domain

Third party services

Password

Directly from you 

Order ID

Autogenerated 

Billing address

Directly from you

Phone numbers 

Directly from you or through third party services

Fax number

Third party services

Preferred language

Third party services

City, state, region

Directly from you or through third party services

Country

Directly from you or through third party services

Postal code

Third party services

Job title

Directly from you or through third party services

Job function 

Directly from you or through third party services

Seniority level  

Directly from you or through third party services

Organisation

Directly from you or through third party services

Associated organisation

Third party services

Organisation type

Directly from you or through third party services

Organisation sector

Directly from you or through third party services

Number of employees of organisation

Directly from you or through third party services

Annual revenue of organisation

Directly from you or through third party services

Industry 

Third party services

Area of risk expertise

Third party services

Area of risk interest

Third party services

Position as an influencer of purchase decisions or responsibility to make purchase decisions 

Third party services

Subscriptions to information services

Third party services

Website URL

Third party services

Opt-in/opt-out of marketing updates

Third party services

IP address

Third party services

Fax number

Third party services

Location of device

Third party services

Device model and operating system

Third party services

Device ID

Third party services

Changes to this Privacy Notice

We keep this Privacy Notice under regular review. This Privacy Notice was last updated on 15 August 2023.