GDPR Data Protection
Since its inception, RDC’s goal has been to provide the most accurate, timely, and trusted products and services to assist our customers in meeting their regulatory and fiduciary obligations. Data protection and privacy have always been at the forefront of our security and collection processes. This includes the information that we collect for our products and services and how we approach the privacy and protections of the personal data that may be provided by our subscribers. This approach includes supporting our subscriber’s compliance with European Union (EU) data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which becomes enforceable on May 25, 2018.
RDC’s GRID database contains more than nine million profiles on persons and organizations, developed from the curation of global government, regulatory, and disciplinary watch lists, politically exposed persons, and the collection of adverse media. This database exists to assist our customers in managing their financial risks, protecting organizations against fraud, and meeting compliance and regulatory obligations.
Because of the nature of RDC’s business, information that we collect may be classified as “personal data” under EU law as it is information that pertains to, and may assist in the identification of, an individual.
This GDPR Data Protection page provides information we are required to give in relation to the processing of personal data under EU law. If you have any questions please contact RDC’s Data Protection Officer at firstname.lastname@example.org.
What Information Does RDC Collect?
RDC collects personal data to the extent directed by our subscribers, and in support of our products and services so that RDC may supply the resulting curated service to our subscribers. The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, understand who they are doing business with, and meet compliance and regulatory obligations.
The personal data that RDC collects and processes comes from public and publicly available sources. In certain cases, RDC also employs sub-processors and content aggregators to assist in the curation of our products on behalf of our subscribers.
Personal data that is provided by our subscribers to be processed within our products and services is done so only under strict direction from the subscriber with a commitment to the privacy and protection of that information.
Personal data may be collected in conjunction with our website and marketing communications. If you would like to alter your subscription preferences, or opt out, you can do so at anytime by visiting our communications preference center. Any questions regarding your continued receipt of marketing communications, please send direct questions to email@example.com.
With Whom Does RDC Share Personal Data?
Subscribers will receive personal data as part of RDC products and service. Those services include certain personal data such as name, addresses, and other identifying information as necessary. This may include sensitive data such as religion, political affiliation, country of origin, and criminal data including convictions for certain crimes such as money laundering, bribery, fraud, terrorism, sanctions, and other crimes deemed necessary for meeting these obligations.
Employees and sub-processors will have access to certain personal data to collect, process, store, and manage subscriber requests. All employees and third parties accessing personal data do so only under the strict instructions of our subscribers and/or RDC.
Subscriber contract information is only available to those employees that need to execute and act on those agreements.
Personal data gathered through RDC’s website, or through trade shows and other marketing communications, is only shared within RDC to manage marketing communications and all are subject to opt-in/opt-out consent.
We transfer personal data to recipients outside the EU and rely on adequacy decisions, data transfer agreements, or other EU-approved mechanisms for such transfers. RDC is certified with the Privacy Shield and ensures all its sub-processors agree to the Privacy Principles or other EU approved mechanisms such as standard contractual clauses. If you require further information on this please contact our Data Protection Officer at firstname.lastname@example.org.
Personal Data is stored for varying lengths depending on the nature and purpose for which it was collected. We store personal data in line with any applicable statutory minimum periods, and then review it annually to ensure retention of it is necessary for the purpose for which it was collected.
Grounds of Processing
RDC processes personal data under the grounds of “legitimate interest”. RDC’s legitimate business interest is the supply of content, the purpose of which is to enable businesses to manage their financial risks, protect against fraud, understand who they are doing business with, and meet compliance, regulatory, and fiduciary obligations.
Data Subject Rights
As part of our products and services you have the right to request confirmation from RDC of whether we are processing your personal data, and if so access to that information. Additionally, if any of your personal data is inaccurate you have a right to request rectification.
You have the right to object to our processing your personal data and request it to be deleted. In considering our response to your request, we will undertake a process to ensure your interests, fundamental rights, and freedoms are properly balanced against our legitimate interests. We will also determine if it is still necessary to process your data for the purpose it was collected.
To place a request to confirm processing, accuracy or deletion, please see request section below for process and contact details.
Requests For More Information
If you have questions regarding RDC’s privacy and data handling policies, please contact our Data Protection Officer at email@example.com.
Any requests for information on whether or not your personal data is available through RDC products and services as well as any request for deletion or corrections to that personal data must be made by submitting the Request Form via email to GDPRrequests@rdc.com or mailed to:
Regulatory DataCorp, Inc
211 S. Gulph Road #125
King of Prussia, PA 19406
RDC will need to have the information required in the Request Form before we can begin our research. You should receive all the information that has been located and can be released in accordance with the law, along with an explanation for any information that cannot be provided within 30 days.
RDC does not release information held about individuals without their consent, unless there is a legally supported reason to do so. Therefore if information held about you also contains information related to a third party, RDC will make every effort to anonymize the information. If this is not possible, and RDC has been unable to secure the relevant consent, RDC reserves the right not to release the information.
Where possible, RDC will act on requests from individuals including right to erasure and accuracy of data. However, if RDC determines that retaining such personal data is necessary for its intended business purposes, RDC will provide the information and reasoning for the retention.