Privacy
Introduction
This Privacy Notice aims to give you information about how we collect and process personal data when you subscribe to use the “RACK” Application or visit the website “www.retailactioncrimekit.com” and “www.retailactioncrimekitco.uk”.
We want to make sure you know who we are, how you can contact us, the personal data we process, how we use it, who we share it with, how long we keep it for and the choices you have to exercise your legal rights.
It is important that you read this Privacy Notice together with any other documentation we may provide so that you are fully aware of how and why we are using your data.
This Privacy Notice covers the following topics:
- Who we are.
- How to contact us.
- How to complain.
- Changes to this privacy notice.
- Legal Basis for processing data.
- The personal data we collect and use
- Who we may share your personal data with.
- How long your personal data will be kept for.
- Transfer of your personal data out of the EEA (European Economic Area).
- Data subject rights.
Who are
We are Insight Retail Risk Ltd and Retail Action Crime Kit Ltd (RACK), across the United Kingdom and certain EU territories. Insight Retail Risk Ltd are the “data controller” of personal data that is collected when you interact with our application.
Retail Action Crime Kit Limited is registered in England and Wales (company number 15500233) with a registered office at 152 Plymstock Road, Plymouth, PL9 7LH.
In this privacy notice (“Policy”), when we mention “RACK”, “we”, “us” or “our”, we are referring to all of Insight Retail Risk Limited subsidiaries and affiliate companies. The term “personal data” as used herein is the same as “personal information” as defined in various applicable data privacy laws.
We respect and value your privacy and endeavour to comply with all applicable data privacy laws and regulations in the various regions in which we do business. This Policy is global in scope and intends to meet the requirements of all applicable data privacy laws in the countries that our users may operate within.
This Policy applies to (i) your registration and interactions with RACK via the application, (ii) your submissions and interactions with the RACK application as part of your subscription and (iii) visitors to the website.
How To Contact
We recognise the importance of your personal data. If you have any comments, questions, or requests regarding this Privacy Policy or our handling of your personal data, you can send an e-mail to:privacy@insightsretailrisk.com
How to File a Complaint
If you have concerns about how Insights Retail Risk Ltd processes and safeguards your personal data and privacy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK, or with any other relevant supervisory authority in your country of residence.
- The Supervisory Authority in the United Kingdom is the Information Commissioners Office (ICO), which can be contacted at https://ico.org.uk
We take the security of your personal data very seriously and have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner, altered or disclosed. Furthermore, we restrict access to your personal data.
Privacy Policy Changes and Updates
Any changes to this Privacy Policy will be published on the application and, where appropriate, communicated to users by email. Users are encouraged to periodically review this Privacy Policy to check for any updates or changes. Policy created 01/06/2024.
Legal basis for the processing of your personal data
If you are a user of RACK, we will store limited amounts of personal information relating to you, including your name, job title, qualifications, employer organisation and contact details.
We use this to administer and maintain records of users to fulfil our contractual obligation, and to commission the services we provide.
In accordance with the Data Protection Laws, our legal basis for processing this personal data is that it is necessary for our legitimate interests in running and promoting our business.
Whilst we recommend that end-users do not store personal identifiable information (PII) on subjects, our system may collect personal data, submitted by end-users/retailers, of other persons who are named as part of a potential criminal incident and may include the following:-
- Name, approximate age, description, ethnicity.
- Details to respond to submissions, requests or inquiries made through the app.
Retailers / end-users should take reasonable steps to ensure that any named / identifiable subject(s) on incident reports have been informed that their details may be stored on RACK reporting, and provide them information on how they can access the data in line with the Data Protection Act / GDPR.
We will only process the personal data that are strictly necessary to prevent or detect crime.
If you access our application or website, please be aware that we may process your browsing data for analytical and statistical purposes. This helps us understand how users interact with our website and application allowing us to make improvements based on user suggestions.
Personal Data We Collect on RACK Reporting and the use of data.
Category of Personal Data | Purposes for Collection and Processing |
Contact Information: Name, Surname, email address(es), address, telephone number(s). | By registering into the RACK database/application, you will have access to services and benefits reserved for our registered members. You can manage your application account profile, participate in other services. In addition, you can send requests or contact us. Should you no longer be a user of the services provided your personal data will be deleted as per the contractual obligation. |
Payment Information: Name, Card Issuer and Card Type, credit or debit card number (redacted), expiration date, and/or Billing Address. | We do not collect payment information on the RACK Reporting app, or the Tools and Resources platform,. |
Any Connection, Geolocation, and Browsing Data (e.g., location data, unique device identifier, IP address, and advertising ID) | To gather anonymous data about our application’s usage and ensure it functions optimally with your device, we aim to provide a seamless experience tailored to your device. When we gather your data from multiple sources, we may merge them under certain conditions to improve our analysis. This might mean merging data if, for example, submitted by another member. |
Information you provide about a third party: name, surname, age, description and contact details of individuals willing to provide further insights or subsequent legal proceedings (such as providing law enforcement witness information). | For the prevention and detection of crime, to support enquiries and improve analysis and insights. Or communicate with, the person(s) that have shared their contact details. |
Any data relating to your preferences and/or commercial choices | As a user we will use your personal data to manage your subscription, which may include sending you personalised information about products or services via email. Remember, you can unsubscribe from the Newsletter at any time without any cost by following the instructions we provide in every communication. |
Personal Data we may collect from third parties | |
Legal Information: fraud checks or flags raised about transactions, individuals, potential illegal activities, complaints, and/or assertions. | To safeguard you, our other patrons, and our enterprise from unlawful actions and threats, it’s essential to ensure we recognise and fulfil our legal responsibilities towards you and everyone else and can uphold our rights. |
We will retain personal data for the time strictly necessary to provide users with the requested services or to fulfil legal obligations for the minimum period prescribed by law.
To establish the retention period for personal data collected and stored through the Application with the User’s consent, we will consider multiple factors to ensure that personal data is not stored for a period longer than is strictly necessary for the purposes for which it was collected or for compliance with legal obligations. These criteria also include:
- the purpose for which the Application retains personal data.
- legal and regulatory obligations.
- any specific requests from the Data Subject regarding the erasure of personal data.
Therefore, we shall retain:
- personal data collected and processed in relation to the Data Subject’s personal account for a maximum period of 12 months from the date of the last interaction between the Individual and the Application or other contact (email, customer service) with us.
We will ensure the timely and secure erasure or anonymisation of personal data from the moment it is no longer necessary or the grounds for its lawful retention cease to exist.
Who we may share your personal data with
Exclusively within the scope of the processing activities carried out for one or more of the purposes described above, we may share or transmit some of your personal data to the following categories of Third Parties:
- Insight Retail Risk Ltd companies when they assist us in providing services to the user.
- Marketing service providers and advertising partners.
- Professional consultants (legal, accounting, etc.).
- Credit reference agencies, law enforcement agencies, and fraud prevention agencies, to help combat fraud and other illegal activities.
If any part of our business is outsourced, sold, or merged, where permitted by law, we will share your personal data with the new entity so that we can continue to sell and provide support for our products.
We will never provide your personal data to third parties who do not perform necessary services on our behalf or to whom we are not permitted or required by law to provide data.
Categories of Personal Data We Share with Third Parties
Name, address, phone number, email, gender, age, cookies, including your device detail and IP and MAC address.
Possible transferring of your personal data
In order to process your personal data for the purposes set out in this Privacy Policy, we may transfer your personal data to third parties and other companies located outside the EU/EEA or the UK.
Occasionally, we may manage/process your personal data and provide you with additional services/support from countries other than the one in which you reside.
We may transfer your personal data to other countries that have an adequacy status with the UK and/or within a country of the European Union or the European Economic Area (“EU/EEA”).
If there is a business need to transfer your personal data to a country that does not have an adequacy status with the UK or the European Union, we will ensure that appropriate transfer mechanisms are implemented as required by the UK GDPR and/or the EU GDPR.
Links to third-party sites
Our Sites may contain links to other third-party websites or resources, which are not controlled by us. Such websites may have their own privacy policies and terms and conditions which will govern your access and use of their site.
Data subjects’ rights
Data Subjects have specific rights regarding the protection and correct processing of their personal data, as detailed in the legislation of the country in which they reside. For residents of at least the UK and EU/EEA, your rights are as follows:
Right to Access | You can request information about the personal data we hold on you at any time. |
Right to Portability | If we process your personal data through automated means based on your consent or an agreement, you have the right to receive a copy of your data in a commonly used format. |
Right to Rectification | You can request correction of your personal data if it is inaccurate or incomplete. |
Right to Erasure | You have the right to request the erasure of your personal data under certain conditions. (Also known as “Right to be Forgotten” or “Delete My Data”).If you choose to exercise this right, please be aware that all account information will be permanently lost. To permanently delete your account, please select ‘delete account’ on the app. Please note, once you have requested account deletion, all records and incidents created by you will also be deleted and cannot be recovered. By email: You can request account deletion manually by emailing data@retailactioncrimekit.com making your request (this must be sent from your registered email address) |
Right to Restriction | You can request the restriction of processing of your personal data under specific circumstances, such as when you contest the accuracy of your data, the processing is unlawful, or the data is no longer needed by us but required by you for legal claims. |
Right to Withdraw Consent | You have the right to withdraw your consent for processing of your personal data at any time. This does not affect processing that has already occurred based on your prior consent. You may opt out of receiving promotional communication from us at any time. There are two ways you can do this. First, you can email uk.help@retailactioncrimekit.com expressing your wish to opt-out of marketing communications. Secondly, you can select ‘unsubscribe’ at the bottom of any of our marketing emails. |
Right to Object to Processing | You have the right to object to processing of your personal data that is based on our legitimate interest. |
We will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.
Obligation to notify third parties about the acceptance of the exercised Data Subject’s right
Once we have accepted and fulfilled a request to exercise one of the Data Subject’s rights we will notify subsequent third parties of your request.