Rico Logistics Ltd, and all its affiliates and subsidiaries, a company incorporated in England and Wales having a registered office at Kennet House, 4 Langley Quay, Waterside Drive, Langley, SL3 6EY (company number 02869014). www.ricogroup.co.uk
Circle Express Ltd, a company incorporated in England and Wales having a registered office at Unit 1, Polar Park, Bath Road, Sipson, West Drayton, Middlesex, UB7 0EX (company number 2265791) www.circleexpress.co.uk
SPC International a company incorporated in England and Wales having a registered office at Kennet House, 4 Langley Quay, Waterside Drive, Langley, SL3 6EY (company number 04722278) www.spcint.com
Triage Services Limited, a company incorporated in England and Wales having a registered office at 3rd Floor, Meadway Court, Rutherford Close, Stevenage, Hertfordshire, SG1 3EF (company number 3459830) www.triage-services.com
We take our obligation to protect the privacy of your personal information seriously.
Your personal information will be treated in a secure and confidential manner in compliance with all applicable laws and regulations. Any disputes in respect of the interpretation of this policy shall be determined by English law
When you use Rico Websites and application Services , we receive information that may directly or indirectly identify you (“personal information” or “personal data”).
In this Policy we will explain:
What types of personal information Rico collects and how it is used.
How Rico collects your personal information, including whether personal information is collected automatically.
How long Rico retains your personal information.
How and when Rico shares your personal information with others. How Rico protects your personal information.
What choices and rights are available to you regarding the use of your personal information, including how to access and update personal information.
How personal information submitted to our Services or collected through our Services on behalf of or at the direction of our Users is treated. How to update your communication preferences.
Depending on the context of personal information you provide, Rico may be the data controller (“controller”) or data processor (“processor”) of your personal information under this policy.
Where we are a data controller and a data processor
A data controller, according to the applicable data protection laws, means a person who determines the purposes for which and the manner in which any personal data is to be processed. A data processor means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
a data controller in respect of any personal data that you share with us, or that we collect on behalf of or at the direction of clients, through the services and solutions (including personal data you provide to us, or that we collect, during your registration for, and subscription to, the services we provide) or otherwise in your communications with us; and a data processor in respect of personal data that you share with us as part of your use of the Solution to book delivery or courier services from third-party providers, and in respect of which the third-party provider is the data controller.
What types of personal information does Rico collect?
The types of personal information we collect and share depend on which of our Websites or services you use. In general, we may collect information that identifies you, information about how you use our Websites, and the information that you create while you interact with our applications & Websites.
Information that we collect from you may include the following (this list is not intended to be exhaustive)
Information that can personally identify you, such as name, photograph, postal address, email address, telephone number, billing and payment data, bank details or credit card data Information about your Internet connection, the equipment you use to access our Websites, and your use of our Websites.
Information that you provide when you fill in forms on our Websites eg when you complete any of the request forms such as ‘Contact Us’ Enquiry Form. Providing your information on these forms means you will be added to our active marketing list unless you choose to opt-out at the bottom of the form.
Records and copies of your correspondence (including email addresses and social media handles), if you contact us.
Your responses to surveys that we might ask you to complete for research purposes.
Details of transactions you carry out through our Websites and applications or related to orders of our Services.
By being on the active marketing list you may be contacted occasionally via the website or email for direct marketing purposes, for example, with special offers, incentives or news which we feel may be of relevance and interest to you. If you are an existing customer opting out of the website active marketing list does not affect the information you already receive though our normal customer service. The personal information we collect from these website forms will not be sold to another company and is only accessible by Rico.
- How does Rico use my personal information
Rico uses personal information that you provide to us to deliver content on our Websites, and to provide our Services.
We may use this information in the following ways:
To manage your access to the Services.
To carry out our obligations and enforce our rights that arise from any contracts entered into between you and us, including for billing and collection.
To provide you with notices about your account and/or subscription, including expiration and renewal notices.
To present our Websites and their contents to you.
To allow you to participate in interactive features on our Websites.
To enhance the experience of using our Websites, Services, and Marketing Activities. To notify you about changes to our Websites or Services.
To provide you with information or services that you request from us.
To communicate with you about Marketing Activities, which may include promotional information. By being on the active marketing list you may be contacted occasionally via the website or email for direct marketing purposes, for example, with special offers, incentives or news which we feel may be of relevance and interest to you.
o If you are an existing customer opting out of the website active marketing list does not affect the information you already receive though our normal customer service. The personal information we collect from these website forms will not be sold to another company and is only accessible by Rico
To send promotional information and other communications regarding our products or Services.
To create a list of actual and prospective users and Users for our products or Services. To assemble statistics regarding the use of our Websites, product or Services.
To prevent fraud or abuse.
To comply with any legal or regulatory obligations.
For any other purpose we describe at the time we collect information. For any reason you engage us.
For any other purpose with your consent.
- How does Rico collect my personal information?
Rico may directly collect personal information you provide us in the following ways:
When you complete forms on our Applications and Websites, such as registering an account, subscribing to a Service, or posting a comment.
When you create an account to use our Services or create a new user for that account.
When you or a client complete transactions through our Applications and Websites, such as fulfilling an order for our Services.
When you perform search queries on our Websites.
When you post messages on our Websites, either in public areas or directly to other users or third-parties.
When you use our publicly accessible blogs.
When you contact us outside of our Websites, such as via email or Social Media When you request assistance from our Support team.
When you respond to surveys we ask you to complete for research purposes.
When you provide information that will be posted on public areas of our Websites.
When you transmit information to other users of our Websites or third-parties as a user contribution.
When you register for or attend our Marketing Activities.
Third-Parties and Data Supplementation
To the extent allowed by law, Rico may collect personal information about you from other sources, including publicly available databases or third-parties from whom we have purchased data. We may maintain this information or associate it with personal information we already have about you (“data supplementation”). This information helps us to improve our Websites, to deliver better and more personalized Services, to update, expand, and analyze our records, identify new customers, and provide products and services that may be of interest to you.
Examples of the types of personal information that may be obtained from public sources or purchased from third-parties and combined with information we already have about you, may include:
contact information about you from third-party sources to verify your address so we can properly prevent fraud or communicate with you, or data purchased from third-parties, such as social networking sites and conference attendee lists, that is combined with information we already have about you, to create more tailored advertising and products.
If you receive a marketing communication or promotion from us, you may opt-out of these communications at any time (i) by following the unsubscribe instructions included in the promotion (if sent by email), (ii) sending us an email at the address noted in the Contact Information section.
Rico’s website(s) may provide links to a number of external websites. Rico is not in any way responsible for the privacy practices or content of such websites.
If you have any questions concerning the privacy of your information please email your questions to GDPR@ricogroup.co.uk and you will be contacted by the appropriate person
We may use third-party payment processors to process payments made to us for some applications/services. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third-party processors. Our third-party processors currently include Paypal and AdFlex, and these privacy policies can be viewed at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full4, https://www.adflex.co.uk/
Does Rico collect personal information automatically?
As is true of most websites, Rico gathers certain information automatically as you navigate through and interact with our Websites. This information helps us to improve and personalize our Websites, Marketing Activities, and Services, as well as prevent fraud or abuse. This information may be gathered and stored in log files.
That we collect from you automatically may include the following:
Internet Protocol (IP) addresses, Internet Service Provider (ISP), browser type, referring/exit pages, operating system, date/time stamp, and/or browsing actions and browsing patterns.
Whilst you are browsing the Rico websites, a cookie is stored on your computer in order that we can identify your session. Your web browser destroys this cookie after 20 minutes of inactivity, or when you close the web browser application. At no stage is any personal information stored in a cookie, or any information that would allow us to identify you as an individual.
If you want to find out more information about cookies, go to http://www.allaboutcookies.org or to find out about removing them from your browser, go to http://www.allaboutcookies.org/manage-cookies/index.html.
- How long does Rico keep my personal information?
Rico may retain your personal information for a period of time consistent with the original purpose of collection. For instance, we may retain your personal information during the time you have an account to use our Websites or Services, or as agreed in our subscription agreements, and for a reasonable period of time thereafter. We also may retain your personal information during the period of time needed for Rico to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements.
For UK customers, your data will be kept for a maximum of 7 years to be compliant with UK Tax authorities (or such duration to be compliant with country tax/fiscal authorities if service is provided outside UK), thereafter all data older than 7 years will be deleted including backup data and hard copy information will be destroyed using a secure document service except where data deletion would compromise operational database integrity for the current operational systems
For Sameday customers and Circle Express Customers After 12 months, all Sameday/Circle Express related services are archived from primary system users and accessible on the system only by a restricted number of users with special permissions. All Rico sameday staff are DBS checked.
Sameday/Circle Express job information will be stored on the hand-held device, which is used by the driver and the customer to track the job and to sign POD etc, for a maximum of 7 days.
All data on Rico Sameday and Circle Express applications are fully encrypted. Data is held on Rico in-house servers, operating within the European Economic Area. These servers have off-site replication of data for Fail-over and load balancing purposes. Rico’s Datacentres are ISO27001 accredited and subject to restricted access controls
For Technical Courier/Field Engineering Customers after 12 months are archived from primary system users and accessible on the system only by a restricted number of users with special permissions. All Rico Technical staff are DBS checked
Encrypted technical job information will be stored on the hand-held device, which is used by the engineer and the customer to track the job and to sign Job Completion etc, immediately after the job is marked as complete by the engineer (once internet connection is made) then the data is deleted from the hand-held device.
UK Technical applications are G-Cloud II accredited and fully encrypted. The web application is subject to annual penetration testing by the NCC Group. Data is held on hosted servers operating within the European Economic Area. These servers have off-site replication of data for Fail-over and load balancing purposes.
For Warehouse and In-night customers – the application is via Rico’s Trace system.
Data is held on Hosted servers within the European Economic Area. These servers have off-site replication of data for Fail-over and load balancing purposes. The Data Centers are subject to restricted access controls and are ISO27001 accredited, and also conform with US security standards NIST 800-53 / 800-171 (DFARS), FISMA & FIPS.
For Smartconsign third party carrier services and Rico’s Non-account credit card Sameday portal All data are fully encrypted, and is held on hosted servers operating within the European Economic Area.
Data is then linked to individual carriers system for onward processing. The Smartconsign servers have off-site replication of data for Fail-over and load balancing purposes. The Data Centers are ISO27001 accredited and subject to restricted access controls
For Rico Sameday non-account/Credit Card Sameday service, data is then linked to Rico’s Sameday system for onward processing and to Paypal/Adflex for credit card payment.
6. When and how does Rico share my personal information with others?
Rico may share your personal information with certain third-parties. This sharing is based on our relationship with those third-parties, your consent, or legal or contractual obligations that require us to share such information.
We may share your personal information that we collect or you provide as follows:
To contractors, service providers for our applications and other third-parties we use to support our business. These entities are bound by contractual obligations to keep personal information confidential and can use it only for the purposes for which we disclose the information to them. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Rico’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by Rico about our applications and websites users is among the assets transferred.
You will be notified via email and/or a prominent notice on our Websites of any change in ownership or uses of your personal information, as well as any choices you may have regarding
your personal information.
To comply with any court order, law, or legal process (such as a subpoena), to investigate fraud, including responding to any government or regulatory request, lawful requests by public authorities, or to meet national security or law enforcement requirements.
To enforce or apply our Terms of Service and other subscription agreements, including for billing and collection purposes.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Rico, our Users or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. For any other purpose disclosed by us when you provide the information.
With your consent.
We may also disclose aggregated information about our users, and information that does not identify any individual, without restriction.
7. How does Rico keep my information secure?
Rico will maintain appropriate technical and organizational security measures designed to protect your personal information from accidental loss, unauthorized use, alteration, or disclosure. Although we implement and maintain security measures that are appropriate for our business activities, please be aware that no security measures are perfect or impenetrable and any transmission of personal information is at your own risk.
You must also make sure that your information is safe and secure.
You must make sure that as a Rico client if any of your employees leave your organization that you request that their password access to Rico’s systems used in their role are removed
We are not responsible if you circumvent any privacy settings or security measures on our applications or websites. Even if we give you (or you have chosen) a password for access to certain parts of our Websites, you are responsible for keeping this password confidential. Do not share your password with anyone. Please be careful about giving out information in public areas of our Websites, for example, community message boards or forums. The information you share in public areas may be viewed by any user of our Websites. We cannot control the actions of other users of our Websites with whom you choose to share your information; as such we cannot guarantee your contributed information cannot be viewed by unauthorized parties.
- What choices and rights are available to me regarding the use of my personal information?
Right to Access or Correct Personal Information
You have the right to access and correct your personal information. If you want to review or correct your personal information, you can login to the appropriate Website or Service and visit your account profile page where appropriate, or contact us through the appropriate Support Center, or you may send us an email at the address noted in the Contact Information section above.
Right to Delete Personal Information (“Right to be Forgotten”)
You have the right to request deletion of personal information we hold about you and we have the obligation to erase your personal information, where:
the personal information is no longer necessary in relation to the purposes for which it was
collected or otherwise processed,
you withdraw consent on which the processing is based and where there is no other legal ground for the processing,
you object to the processing and there are no overriding legitimate grounds for the processing, the personal information has been unlawfully processed, or the personal information has to be erased for compliance with a legal obligation in the European Union or a Member State law to which Rico is subject.
If you want to request removal of your personal information from our Websites or Services, you can login to the appropriate Website or Service and contact us through the Support Center, or you may send us an email at the address noted in the Contact Information section above. You can also request closure of your account. We will respond to your request within 30 days.
In some cases, we may not be able to remove your personal information, in which case we will let you know that we are unable to do so and why.
Right to Data Portability
You have the right to receive or transfer a copy of your personal information, where:
we are relying upon your consent or the fact that the processing is necessary for the
performance of a contract to which you are party as the legal basis for the processing, and personal information is processed by automatic means.
This copy will be provided to you in a common machine-readable format. You may also require us to transmit it to another party where this is technically feasible.
If you want to request a copy of your personal information, you can login to the appropriate Website or Service and contact us through the Support Center, or you may send us an email at the address noted in the Contact Information section above.
Right to Restrict Personal Information Processing
You have the right to request the restriction of processing of your personal information, where:
you contest the accuracy of the personal information until we take sufficient steps to correct or verify its accuracy, where the processing is unlawful but you do not want us to erase the personal information, where we no longer need the personal information for the purposes of the processing, but you require the information for the establishment, exercise or defense of legal claims, or where you have objected to processing justified on legitimate interest grounds (see below) pending verification as to whether Rico has compelling legitimate grounds to continue processing.
Where personal information is subjected to restriction in this way we will only process it with your consent or for the establishment, exercise, or defense of legal claims. This right includes restricting the processing of your personal information to only include storage of your personal information (e.g. during the time when Rico assesses whether you are entitled to have personal information erased).
If you want to request restriction of processing of your personal information, you can login to the appropriate Website or Service and contact us through the Support Center, or you may send us an email at the address noted in the Contact Information section above.
Right to object to processing justified on legitimate interest grounds
Where we are relying upon legitimate interest to process personal information, you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the personal information for the establishment, exercise, or defense of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
If you want to object to the processing of your personal information, you can login to the appropriate Website or Service and contact us through the Support Center, or you may send us an email at the address noted in the Contact Information section above.
Right to be informed of the appropriate safeguards where personal information are transferred to a third country or to an international organization
Refer to the Terms of Service for information on the safeguards that have been put in place to protect your personal information for transfer outside of the European Economic Area. For transfers to countries without an adequacy decision by the European Commission, Rico puts appropriate safeguards through contractual obligations.
Right to Withdraw Consent
Where you have provided us with your consent to process personal information, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You can do this by:
Rico collect personal information automatically?”, Section 6 “When and how does Rico share my personal information with others?” and Section 10 "Communication Preferences and Subscriptions”), logging into the appropriate Website or Service and contacting us through the Support Center, following the unsubscribe instructions included in emails, by accessing the email preferences in your account settings page in the Services user interface dashboard, or
sending us an email at the address noted in the Contact Information section above.
Right to Submit Complaints or Report Abuse
You also have the right to lodge a complaint with a supervisory authority, in your particular country of residence, if you consider that the processing of your personal information infringes applicable laws. They are contactable at the following web address for the UK however, we would appreciate the chance to deal with any concerns before any approach is made to the ICO so please contact us in the first instance by email at GDPR@Ricogroup.co.uk
- Data submitted to our Services or collected through our Services (on behalf of our Users)
Rico Users electronically submit (or cause to be submitted) data to the Services for related processing. Rico processes data only as provided in our service agreements with our Users
As Users (or in some cases their internet clients or end users) control the data to be processed, Rico’s network, platform, and Services may be used as a conduit for information.
The use of personal information collected through our Services at the direction of our Users shall be limited to the purpose of providing the Services for which the subscriber has engaged Rico.
Although Rico collects personal information related to subscriber personnel as they configure a subscriber’s use of our Services, Rico has no direct relationship with individuals whose personal information is hosted or transmitted through the Services by Users or their permitted internet clients or end users. Users are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the data to Rico for processing purposes.
Our Services may collect personal information for our Users. As a data processor of this personal information on our subscriber’s behalf, Rico has limited ability to access personal information our Users submit to our Services. If you are a data subject for whom a client has submitted personal information to the Services and would like your information not to be disclosed to a third-party or to be used for a purpose that is materially different from the purpose(s) for which the personal information was originally collected, then you should contact the client organisation directly. Concerns with personal information hosted or transmitted at the direction of our Users may be reported according to our acceptable use policy available at GDPR@ricogroup.co.uk . We will refer your requests to the appropriate client.
Rico is responsible for the processing of personal information it receives, and subsequently transfers to a third-party acting as an agent on its behalf in accordance with our service agreements. Rico may use from time to time third-party service providers, contractors, and sub-processors to assist in providing the Services on our behalf. Rico maintains contracts with these third-parties restricting their access, use, and disclosure of personal information.
Rico maintains administrative, physical, and technical safeguards to protect data submitted to the Services, including personal information. These security measures are outlined within this document, further detailed information can be obtained by the Client account manager.
Subscriber Data Integrity and Purpose Limitation
As a data processor, Rico hosts, transmits, discloses, and processes data, which may include personal information about EU personnel of our Users administering, using or supporting the Services. Rico may process data to provide the Services, to prevent or address technical or service problems, to follow the instructions of our Users and their personnel who submitted the personal information, or in response to contractual or legal requirements. Rico does not control or own the data submitted by its Users, or their internet clients or end users, to the Services. Rico may share personal information with its subsidiaries, contractors, or third-parties if Rico undergoes a business transaction, such as a merger, acquisition by another company or sale of all or substantially all of its assets.
Data Subject Rights to Data
Rico acknowledges that you have the right to access your personal information. In some cases Rico has no direct relationship with the individuals whose personal information our Services process on behalf of our Users. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate personal information should direct his or her query to the appropriate subscriber (i.e., the data controller). Users have the ability to fulfill these requests, and Rico will provide assistance for requests that Users are not able to complete. If the subscriber requests that Rico remove the personal information, we will refer your request to the applicable subscriber and we will respond to the request within 30 days.
Rico retains the personal information we process on behalf of our Users for as long as needed to provide the Services to our Users and in accordance with our subscription agreements. To the extent not deleted by our Users, Rico may also retain and use certain personal information for a reasonable period of time thereafter as necessary to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements.
- Communication Preferences
Rico offers visitors of its Websites and Services, personnel of our Users whose personal information is collected through our Websites or Services, and attendees or recipients of Marketing Activities a means to choose how we use the information provided. You may choose to stop receiving or participating in Marketing Activities, including newsletters, by following the unsubscribe instructions included in emails,
- or sending us an email at the address noted in the Contact Information section above.