Rion Group
Rion Group

Privacy Policy

 

Introduction

Rion Group is committed to protecting the privacy and security of personal information. We understand that privacy is important to our employees, clients, customers, and other individuals whose personal information we process.

This privacy policy explains how we collect, use, store, and protect personal information in accordance with data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The organisation is committed to being transparent about how we handle personal information and ensuring that individuals understand their rights in relation to their personal data.

It is the organisation's policy to process personal information fairly, lawfully, and in accordance with data protection principles. We will only collect and use personal information where we have a lawful basis to do so.

This policy does not form part of any employment contract, and can be amended at any time.

What personal information is

Personal information (or personal data) is any information that relates to an identified or identifiable individual. This can include:

For example:

  • names and contact details
  • identification numbers
  • location data
  • online identifiers
  • employment information
  • financial information
  • health information
  • CCTV footage

These examples are considered to be the typical types of personal information that we may process. However, the organisation recognises that there may be other types of information that constitute personal data depending on the circumstances.

Types of personal information we collect

Employee information

We collect and process personal information about our employees for employment purposes. This includes recruitment, payroll, performance management, training, and other employment-related activities.

Client and customer information

We collect personal information from our clients and customers in order to provide our services and maintain our business relationships. This may include contact details, project information, and billing details.

Visitor information

We may collect personal information from visitors to our premises for security and health and safety purposes. This can include names, contact details, and CCTV footage.

Website and digital information

We may collect information about how individuals use our website and digital services, including IP addresses, browser information, and usage data.

Third party information

We may receive personal information from third parties, such as suppliers, contractors, and other business partners, in the course of our business activities.

Our approach to data protection

The organisation is committed to processing personal information in accordance with data protection principles.

We will ensure that personal information is:

  • processed lawfully, fairly and in a transparent manner
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary
  • accurate and kept up to date
  • kept for no longer than necessary
  • processed securely
  • processed in accordance with individuals' rights

The organisation is committed to protecting personal information through appropriate technical and organisational measures.

Lawful basis for processing

We will only process personal information where we have a lawful basis to do so under data protection law.

The lawful bases we rely on include:

  • consent of the individual
  • performance of a contract
  • compliance with legal obligations
  • protection of vital interests
  • performance of tasks in the public interest
  • legitimate interests of the organisation

For special category data (sensitive personal information), we will identify an additional lawful basis under data protection law.

How we collect personal information

Personal information may be collected in various ways:

  • directly from individuals through forms, applications, and communications
  • from third parties such as recruitment agencies or referees
  • from publicly available sources
  • through our website and digital services
  • through CCTV and other monitoring systems
  • in the course of providing our services

All collection of personal information will be fair and lawful, and individuals will be informed about how their information will be used.

How we use personal information

We use personal information for various purposes depending on our relationship with the individual:

  • employment and HR purposes
  • providing services to clients and customers
  • managing business relationships
  • compliance with legal and regulatory requirements
  • health and safety purposes
  • security and access control
  • marketing and communications (with consent)
  • improving our services and operations

Each use of personal information will have a lawful basis under data protection law.

Sharing personal information

We may share personal information with third parties in certain circumstances:

  • with service providers and contractors who assist us
  • with professional advisers such as lawyers and accountants
  • with regulatory bodies and law enforcement agencies
  • with clients and customers where necessary for service delivery
  • in connection with business transfers or restructuring
  • where we have consent or another lawful basis to do so

We will ensure that any sharing of personal information is lawful and that appropriate safeguards are in place.

International transfers

Where we transfer personal information outside the UK, we will ensure that appropriate safeguards are in place to protect the information in accordance with data protection law.

This may include:

  • transferring to countries with adequacy decisions
  • using standard contractual clauses
  • relying on other appropriate safeguards

Retention of personal information

We will only keep personal information for as long as necessary for the purposes for which it was collected.

Retention periods vary depending on the type of information and the purpose for processing:

  • employee records may be kept for up to 7 years after employment ends
  • client and customer records may be kept in accordance with contractual requirements
  • financial records may be kept for up to 7 years for tax purposes
  • CCTV footage is typically kept for up to 30 days

When personal information is no longer needed, it will be securely deleted or destroyed.

Data security

The organisation is committed to keeping personal information secure through appropriate technical and organisational measures.

Security measures include:

  • access controls and user authentication
  • encryption of sensitive data
  • regular security updates and patches
  • staff training on data protection
  • incident response procedures
  • regular security assessments

We require all staff and third parties to maintain the security of personal information and report any suspected data breaches immediately.

Individual rights

Individuals have various rights in relation to their personal information under data protection law:

  • the right to be informed about processing
  • the right of access to personal information
  • the right to rectification of inaccurate information
  • the right to erasure in certain circumstances
  • the right to restrict processing
  • the right to data portability
  • the right to object to processing
  • rights in relation to automated decision making

To exercise these rights, individuals should contact the Data Protection Officer using the details provided below.

Making a data protection request

Individuals can make requests to exercise their data protection rights by email or in writing.

Any request must include:

  • the individual's name and contact details
  • proof of identity (if requested)
  • details of the right being exercised
  • specific information about the request
  • any relevant dates or time periods

We will respond to requests within one month of receipt, though this may be extended in complex cases.

Data Protection Officer

Our Data Protection Officer is responsible for overseeing data protection compliance and can be contacted about any data protection matters.

Contact details:

  • Email: dpo@riongroup.com
  • Address: [Insert company address]

Complaints and further information

Individuals should raise any concerns about our processing of personal information with the Data Protection Officer in the first instance.

If concerns cannot be resolved directly with us, individuals have the right to lodge a complaint with the Information Commissioner's Office (ICO).

ICO contact details:

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

For further information about this privacy policy, individuals should contact the Data Protection Officer.

Changes to this policy

This privacy policy may be updated from time to time to reflect changes in our processing activities or data protection law.

Any significant changes will be communicated to relevant individuals through appropriate channels.

The current version of this policy is available on our website and from the Data Protection Officer upon request.

Last updated: 28/05/2025 Next review date: 20/05/2026

Copyright © 2025 Rion Group - All Rights Reserved.

Powered by

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept