Last updated: 15th February, 2023
RiskStormingOnline (the “Service”) is a product and service provided by Isle of IT BV (“us”, “we”, or “our”) and operates https://RiskStormingOnline.com and all of its subdomains (the “Site”). For European Union data protection purposes, when we act as a controller in relation to your personal data, Isle of IT BV (company number BE0699644172) is based in Belgium.
This page informs you of our policies regarding the collection, processing, use and disclosure of Personal Information we receive from users of the Service. It also informs you of your Personal Data rights.
By using the Service, you agree to the collection, processing, use and disclosure of Personal Information in accordance with this policy.
Purposes and legitimate basis of information collection, processing and use
Our goal in collecting information from you is to provide you with a product made available via the Service. We use the information to communicate with you and to manage your registered user account. We may also use your information to operate, maintain, and enhance the Service and its features, and to provide customer support.
We may provide you with the opportunity to “opt-out” of having your Personal Information used for certain purposes when we ask for this information. If you decide to opt-out, we may not be able to provide certain features of the Service to you.
We may use your contact information to contact you with information about the Service via a newsletter and other promotional material. If you feel you no longer wish to receive such information you can unsubscribe (opt-out) using instructions provided in any of the communications. Alternatively you can send your request to RiskStorming@Isleof.it. It may take up to 7 business days for us to process your request and you may continue to receive promotional communications from us during that period. Please note, however, that you may be unable to opt-out of certain service-related communications.
Data collected upon registration
We collect and process the data that you provide when registering for an account. This may include certain personally identifiable information such as your IP address, full user name, password, email address, city, time zone, credit card and other billing information. We may link such information with other information you provide about yourself.
Data Subject Rights
You have certain rights with respect to your Personal Data.
To make any of the following requests, contact us using the contact details referred to in the “Contact us” section of this policy. Please note that in some circumstances we may ask you to provide us with additional information in connection with your request, which may be Personal Data, for example, if we need to verify your identity or the nature of your request.
- Access: You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
- Objection: You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
- Erasure: You can request that we erase some or all of your Personal Data from our systems.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
- Portability: You have the right to ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to provide consent on a case-by-case basis for the use of certain parts of your Personal Data, if such disclosure is necessary to enable you to utilize some or all of the Service.
- Right to File Complaint: We will always try our best to resolve any data privacy issue you may have. You have the right to lodge a complaint about Isle of IT BV’s Personal Data practices with the Information Commissioner’s Office.
Sharing Your Information with Third Parties
We do not sell, trade, share or transfer your Personal Information to third parties except in the following limited circumstances:
- We may share your Personal Information with service providers to permit such parties to provide services that help us with our business activities. This may include:
– Data processing and storage via Microsoft Azure on European servers. This includes accountinformation and sessions on the digital application of app.riskstormingonline.com
– Direct emailing via MailChimp
– Payment processing via Stripe
- We may share your Personal Information when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to:
– Satisfy any applicable law, regulation, legal process or enforceable governmental request
– Enforce an Agreement, including investigation of potential violations thereof
– Protect against imminent harm to our rights, property or safety, or that of our users or the public as required or permitted by law;
- We may share your Personal Information with third parties (including our service providers and government entities) to detect, prevent, or otherwise address fraud or security or technical issues;
- We may share your Personal Information with our business partners who offer a service to you jointly with us, for example when running a cross-promotion;
- We may share and/or transfer your Personal Information if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets;
- We may share your Personal Information with a third party if we have your consent to do so.
We collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics related to the use of the Service. It may also include sensitive data relating to your account.
Cookies and local storage
Our Site puts small files (known as ‘cookies’ and ‘local storage’) onto your computer to collect information about how you use the Site and to securely identify you when you return. We use Google Analytics software to collect information to better understand how you interact with our Site and our Service. For account holders, we share a unique account identifier with Google Analytics so that we can understand your behaviour across devices. We don’t collect or store your personal information (for example your name or address) in any of our cookies or local storage. You can opt out of Analytics tracking by installing the Google Analytics opt-out browser add-on.
When you enter sensitive information (such as your password), we encrypt that information in transit using industry-standard Transport Layer Security (TLS) encryption technology (TLS with at least 128-bit AES encryption). No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. While we strive to use reasonable efforts to prevent unauthorised access to your Personal Information, we cannot guarantee its absolute security.
International Data Transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Where we disclose Personal Data to a third party in another country, we have safeguards in place to ensure your Personal Data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Your data will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).