Foresight - Privacy Policy

Data Privacy Policy - Foresight - Pre-Travel Risk Assessment

Effective Date:  21/11/2024

INTRODUCTION

Peregrine Risk Management is committed to safeguarding the privacy and security of the personal data processed through our platform. This Privacy Policy outlines how we collect, use, store, and protect personal information when organisations (“Clients”) and their authorised users (“Users”) engage with Foresight.

By using the Foresight platform, you acknowledge that your personal data will be processed in accordance with this Privacy Policy. If you have any questions or concerns about this policy, please contact your organisation’s data protection officer or designated representative.

ROLES AND RESPONSIBILITIES

In the context of data protection laws, Peregrine acts as a Data Processor, processing personal data on behalf of our clients, who are the Data Controllers. The Data Controller determines the purposes and means of processing personal data, while Peregrine processes the data in accordance with their instructions and applicable laws.

INFORMATION WE COLLECT

Personal Data Provided by Users

Depending on the configuration established by the Data Controller, we may collect various types of personal data, including but not limited to:

Identification Information

Such as your name, email address (required for account creation and login), employee or contractor ID, and contact details.

Travel Information

Including planned travel dates, destinations, itineraries, accommodation details, and modes of transportation.

Personal Characteristics

Such as age, gender, nationality, medical conditions, dietary requirements, and emergency contact information.

Assessment Responses

Answers to risk assessment questionnaires and feedback forms within the platform.

Automatically Collected Data

When you use the Foresight platform, we may automatically collect technical information, including your IP address, browser type and version, operating system, device identifiers, and details about your interactions with the platform, such as access times, pages viewed, and actions taken.

HOW WE USE YOUR INFORMATION

As the Data Processor, we use your personal data solely to provide the services as instructed by the Data Controller. This includes facilitating pre-travel risk assessments, generating risk profiles and reports, and enhancing the functionality and user experience of the platform based on aggregated usage data. We do not use your personal data for our own purposes unrelated to the services requested by the Data Controller, nor do we engage in profiling, marketing, or selling of your personal data.

LEGAL BASIS FOR PROCESSING

Our processing of personal data is based on contractual necessity, legitimate interests pursued by the Data Controller (such as ensuring the safety and well-being of travellers), and compliance with legal obligations related to travel risk management and duty of care responsibilities.

DATA SHARING AND DISCLOSURE

We limit access to personal data to authorised personnel who require it to perform their job functions. Peregrine does not access personal data within the platform unless explicitly requested by the Data Controller, typically for technical support or troubleshooting purposes. When access is necessary, it is granted to a designated senior manager under strict controls, limited to the minimum data required, and for the shortest duration necessary. All access activities are logged and monitored to ensure compliance and accountability.

We do not disclose personal data to third parties except when directed by the Data Controller, required by law, or necessary to protect the rights, property, or safety of Users, the Data Controller, or others in accordance with applicable laws. We may engage trusted third-party service providers (“Sub-processors”) to assist in delivering the services, such as cloud hosting providers. All Sub-processors are bound by contractual agreements that require them to adhere to data protection obligations consistent with this Privacy Policy and applicable laws.

INTERNATIONAL DATA TRANSFERS

Personal data is primarily stored and processed within the United Kingdom (UK) or the European Economic Area (EEA). We do not transfer personal data outside these regions unless explicitly instructed by the Data Controller. In cases where international transfer is necessary, we ensure appropriate safeguards are implemented, such as Standard Contractual Clauses approved by relevant regulatory authorities.

DATA SECURITY

We are committed to protecting personal data against unauthorised access, alteration, disclosure, or destruction. Security measures include encryption of personal data both in transit and at rest using industry-standard protocols, strict access controls with authentication mechanisms and role-based permissions, secure physical facilities for data centres and servers, regular security assessments including vulnerability scans and penetration tests, and a comprehensive incident response plan to address any security breaches promptly.

DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy and as instructed by the Data Controller. Upon termination of services or at the Data Controller’s request, we will securely delete personal data from our systems or provide the Data Controller with a copy of the personal data in a structured, commonly used format if requested. We may retain certain data as required by law or for legitimate business purposes, such as auditing and compliance, provided it is handled in accordance with applicable data protection laws.

YOUR RIGHTS

As a User, you may have certain rights regarding your personal data under applicable data protection laws, including the right to access, rectify, erase, restrict processing, data portability, and object to the processing of your personal data. To exercise these rights, please contact the Data Controller (your organisation), as they are responsible for handling such requests. We will assist the Data Controller in fulfilling these requests in accordance with our contractual obligations and applicable laws.

COOKIES AND TRACKING TECHNOLOGIES

The Foresight platform uses cookies and similar technologies to enhance user experience and analyse platform usage. Cookies are small text files stored on your device when you access the platform. We use essential cookies necessary for the operation of the platform, enabling core functionalities like user authentication and session management. We may also use analytical cookies to collect aggregated data about platform usage to help us improve performance and user experience. This data does not identify individual Users. You can control the use of cookies through your browser settings, but disabling certain cookies may affect the functionality of the platform.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make significant changes, we will inform our Clients of the upcoming changes, update the effective date, and provide access to the updated policy. Your continued use of the Foresight platform after the effective date constitutes acceptance of the updated Privacy Policy.

CONTACT INFORMATION

If you have questions or concerns about your personal data, please contact your organisation’s data protection officer or designated representative. For inquiries about this Privacy Policy or our data protection practices, Data Controllers can contact us at:

Peregrine Risk Management Ltd

Address: Office 100, BLOCK Plymouth, Melville, Royal William Yard, Plymouth. PL1 3RP

Email: enquiries@peregrine-rm.com

Complaints

If you believe that your personal data has been processed in a manner that does not comply with this Privacy Policy or applicable data protection laws, you have the right to lodge a complaint with the supervisory authority in your jurisdiction.