Privacy Policy

RISC respects your right to privacy and is committed to protecting it. The purpose of this document is to inform you of RISC’s privacy policy with respect to customer data.

Data Protection for EU, UK, and Swiss Individuals

RISC Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  RISC Inc  has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) with regard to the processing of personal data received from the European Union, United Kingdom, and Switzerland in reliance on the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) respectively.     To learn more about the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) program, and to view our certification, please visit Data privacy framework website. European Union, UK or Swill individuals with inquiries or complaints regarding our Data Protection policy should contact RISC at:

DataPrivacy@risc-inc.com

RISC has certified that it adheres to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) of notice, choice, access and accountability for onward transfer for EU, UK, and Swiss Individuals. If there is any conflict between the policies in this privacy policy and the EU-U.S. Data Privacy Framework, the EU-U.S. Data Privacy Framework Principles shall govern. To learn more about the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and to view our certification page, please visit Data privacy framework website.

RISC has designated the Legal Department to oversee its information security program, including its compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) programs. The Legal Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to DataPrivacy@risc-inc.com.

All RISC employees who handle Personal Data from EU, UK, and/or Swill Individuals are required to comply with the Principles stated in this Policy.

The Federal Trade Commission has jurisdiction over RISC, Inc’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Collection of Information

RISC provides various products that may collect personally identifiable information (Personal Data).

RISC Web Site

Personal Data is collected only when you complete the information requested on the Contact RISC page of our web site. This information is collected for the purposes of sending the requested information to you.  RISC does not share this information with any external organization. RISC does not sell or rent your Personal Data, nor will we send you any unsolicited email.

RISC Products

The information collected by RISC products will vary from customer to customer.  In some cases the data collected is provided by you directly to the application.  In other cases, your employer may provide this information to RISC in order to facilitate your access to RISC products and/or training materials provided by your employer.  In general, this data may include: contact information, name, email address, title, work location and other data from an HR system.  This information will never include salary information, credit card data or banking information.  In some RISC products, if you attempt to purchase items through the product you will be asked to provide credit card information.  RISC does not store this information and it is used only for the purpose of completing your purchase.

The purpose of RISC products is to manage training.  Personal Data is collected in order to:

  • Verify your identity for access to training.
  • Provide reporting on the status of training.
  • Facilitate other business purposes required or permitted under applicable law.
  • Satisfy government reporting requirements.

RISC uses server logs that may collect some information about your browser. This information is not personally identifiable to any site visitor and is used internally by RISC for statistical purposes only.  This data is generally purged after 30 days.

RISC does not disclose Personal Data to third parties. Please know that RISC may be required to disclose Personal Data to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements.  If, the future, RISC does transfer personal information to a third party acting as an agent RISC shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage. In the case of such disclosure, affected individuals will be notified by RISC of the type or identify of the third parties to which personal information was disclosed and the purpose for which it was disclosed. If RISC makes a change to this policy in the future, we will provide individuals with an opt-out or opt-in choice before we share their data with third parties or before we use it for a purpose other than which it was originally collected.

Your Rights

EU, UK and Swiss Individuals have the right to know what Personal Data is stored about them in RISC databases to ensure that such data is accurate and relevant to the purposes stated for collection.  Upon reasonable request and as required by the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) principles, RISC allows EU, UK, and Swiss Individuals access to their Personal Data in order to correct or amend inaccurate data.
When requesting Personal Data changes, Individuals must provide only truthful, accurate and complete information. To request review, erasure or modification of Personal Data, EU, UK, and Swiss Individuals should submit a request to DataPrivacy@risc-inc.com.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles, RISC, Inc., commits to resolve DPF Principles-related complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our EU-U.S. DPF (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (Swiss-U.S. DPF) policy should first contact RISC at:

DataPrivacy@risc-inc.com

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RISC Inc commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by RISC, EU individuals may seek redress from the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) partner International Center for Dispute Resoluton – American Arbitration Association, a binding arbitration mechanism.

Cookies

Cookies are small text files that may be stored on your computer as the result of visiting a web site. The RISC web site does not use tracking cookies.  RISC products may use temporary cookies that are automatically cleared when you close your browser.

Our sites may contain links to other websites including share and/or “like” buttons. These other websites, services and applications may set their own cookies on users’ computers, collect data or solicit personal information. You should refer to their cookie and privacy policies to understand how your information may be collected and/or used.

Hyperlinks

Some RISC products may provide links to third-party websites for your convenience in completing training activities. If you access these links, you will leave the RISC product web site. RISC does not control these sites or their privacy policies, which may differ from those of RISC. RISC does not endorse or make any representations about third-party web sites.

Updated 27 July 2024

Menu