Privacy Notice – Business Activities for Black Rainbow

1.  Introduction

We understand the importance of privacy to our customers. We are committed to protecting any personally identifiable information we hold and process and fulfilling our obligations under the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 (UK DPA).

Under the GDPR, Black Rainbow is a data controller, in respect of information we collect and process about you.

This Privacy Notice describes what personal information we collect and process, how and why we use this information, and the options we provide to you to access, update and request deletion of the information we hold about you. It also describes the arrangements we have in place to protect personal data that we process on your behalf and ensure this processing activity complies with the GDPR and UK DPA.

By continuing to engage with Black Rainbow, you are indicating your acceptance of this Privacy Notice. If you wish to request access to, rectification or deletion of personal data we hold about you, or you wish to raise an objection to our processing activities, you can do so at any time, the methods to do this are outlined later in the Notice.

 

2.  Who are we?

BlackRainbow design and build off-the-shelf and bespoke software solutions for the security industry. NIMBUS, BlackRainbow’s core product, is the next generation Investigations Management System specifically designed for forensic, investigation and intelligence divisions.

 

3.  Personal data that we collect and process as a Data Controller

If you communicate with us by email or telephone we may collect and process personal information about you. We act as a Data Controller in respect of this information. We control what information is collected, how this information is used, and how long the information is retained for.

Personal data we collect and hold about you includes:

  • your name
  • your business addresses
  • your email address
  • your telephone numbers
  • your position
  • records of your communication with us (i.e., emails, phone calls and meetings)
  • personal data provided by you within any forms or surveys you complete

 

4.  Purposes for which we process your data

The purposes for which we process your information are to:

  • perform the functions expected of us by you
  • carry out our obligations arising from any contracts that may be entered into between us and you
  • send you information related to the services we provide or notify you of any changes to these services
  • respond to any communication and enquiries from you, and provide you with information that you request from us
  • promote and market our services
  • issue invoice and perform accounting
  • comply with any court order, law enforcement, or legal process, including to respond to any government or regulatory request.

If we collect any of your personal data for purposes besides those listed above, these purposes will be disclosed to you when you provide your information. If we decide to process information we have already collected from you for purposes besides those listed, we will notify you by email. You will then have a choice as to whether we continue to use your data in the way defined.

Our processing activities are lawful based on necessity to contractual performance, or in serving legitimate interests pursued by BlackRainbow, our clients and visitors to our website.

 

5.  Who has access to your personal data?

Personal data that we process about you is accessed only by authorised employees of BlackRainbow and trusted third parties within our supply chain. All BlackRainbow employees and third party employees are subject to confidentiality agreements.

We only share the personal data we collect and process about you with third parties when this is strictly necessary to fulfil the purposes set out within this Policy. Any third parties appointed to process your personal data act only in accordance with our documented instruction and are prohibited from utilising, sharing, or retaining your data for any purposes besides which they have been specifically contracted for.

We make every effort to ensure any contracted third party processors comply with the GDPR and UK DPA and implement controls necessary for keeping personal data they process secure and confidential.

The suitability of third-party processors is reviewed on an ongoing basis, considering the following:

  • The level of risk the third party presents
  • The third party’s data protection procedures and adherence with established standards
  • Known incidents related to the third party’s services
  • Security within the third party’s supply chain
  • Disaster recovery and contingency arrangements.

We may, at our sole discretion, disclose the data we hold about you, or process on your behalf, to meet legal obligations or respond to any valid government or regulatory request; prevent or mitigate fraud; protect against imminent harm to the rights, property or safety of Black Rainbow, its employees, its customers and/or the wider community; or to prevent or stop any activity we consider to be illegal or unethical.

We will not sell or rent your information to third parties or share your information with third parties for their own marketing purposes.

 

6.  How long do we keep your personal data for?

We will retain the personal data we collect and process about you only for as long as necessary to fulfil the purposes for which the information has been collected, and thereafter for as long as retention serves our legitimate interest, legal or business purposes. This might include retaining personal data:

  • when mandated by law, contract, or similar obligations applicable to our business operations
  • for preserving, resolving, defending, or enforcing our legal/contractual rights
  • necessary for maintaining adequate and accurate business and financial records.

We regularly review the personal data we hold to ensure its continued accuracy and necessity to our purposes.  Inaccurate or redundant data is updated or deleted as appropriate.

 

7.  Where do we process your data?

Personal data that we collect and process about you will only be held and processed within the UK and Ireland.

 

8.  How do we keep your personal data secure?

We implement all necessary technical and organisational measures to ensure personal data you provide to us, or that we process on your behalf, is held and treated securely.

We are certified to ISO27001, NCSC Cyber Essentials Plus and operate a robust information security management system.

Please do not send us any sensitive personal information or organisational data via insecure means.

 

9.  What are my rights as a data subject?

Under the GDPR, you have the following rights in respect of your personal data:

  • Right of access– you have the right to request a copy of the information we hold about you.
  • Right of rectification– you have a right to correct information that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten– in certain circumstances, you can ask for the information we hold about you to be erased from our records.
  • Right to restriction of processing– where certain conditions apply you have a right to restrict the processing.
  • Right of portability– you have the right to have the information we hold about you transferred to another organisation.
  • Right to object– you have the right to object to certain types of processing such as direct marketing.

If you wish to request access to, rectification or deletion of personal data we hold about you, or you wish to raise an objection to our processing activities, you can do so at any time by contacting us via the methods below.

Email: dataprotection@blackrainbow.com

Post:  Bury Lodge, Bury Road, Stowmarket, Suffolk, United Kingdom, IP14 1JA

For data we collect and process about you, requests for deletion will only be honoured to the extent that data is no longer necessary for us to hold to provide services to you or meet our legal and contractual record keeping requirements. We reserve the right to refuse to change or deletion of data if doing so would violate any law or legal requirement or cause the information we hold to be incorrect.  If BlackRainbow declines a request made by you, we will provide you with a reason why which you have the right to legally challenge.

You also have the right to make a complaint about our processing activities to the UK Information Commissioner’s Office (ICO).

You can contact the ICO by calling +44(0) 1625 545 700 or emailing casework@ico.co.uk. Or via the ICO website www.ico.org.uk.

Get the support you need, when you need it.

FAQs

If you have a question about Black Rainbow or the NIMBUS ecosystem, visit our FAQs page or get in touch.

VIEW FAQS

Live Demo

We love showing off our next-gen product suite so please get in touch for a demo of the NIMBUS ecosystem.

REQUEST A DEMO

Resource Library

A wide range of guides, white papers, thought leadership articles and videos authored by our expert team.

LEARN MORE

Help Center

Looking for technical support? Visit our customer support portal where someone will be on hand to assist you.

GET SUPPORT
Close

Schedule a Demo

Complete the form below and one of the team will get back to you as soon as possible.

"*" indicates required fields

Please select your location.
Product Demo*
Please select the product that you would like a demo for.

"*" indicates required fields

Please select your location.
Product Demo*
Please select the product that you would like a demo for.

Request a Demo