Privacy

Ryan recognises and is committed to compliance with the new General Data Protection Regulation
(GDPR) promulgated by the European Union (EU).

Please click here to view and print Ryan’s Data Subject Access Form.

If you believe that you've consented to Ryan collecting your personal data and you'd like to withdraw your consent, please click here for more information.


Ryan has created this privacy statement to demonstrate our firm commitment to privacy. Our information gathering and dissemination practices for http://www.ryan.com are outlined below.

Ryan Privacy Notice
Version Date: December 2020

Ryan is dedicated to protecting and respecting your privacy. Please read this Privacy Notice to learn how Ryan complies with relevant data protection laws when you share personal data with us.

Primarily, we collect personal information online and during the ordinary course of business so that we can offer our business services or provide employment opportunities. This Privacy Notice contains important information about Ryan, LLC and the Ryan Entities, why and how we process your information, our retention periods, any third parties we may share information with, and how we transfer information to another country.

Please also refer to our Cookie Notice to learn about the use of cookies and other web tracking functions on our website.

Ryan is the controller for this information unless this notice specifically states otherwise.

Important Definitions:

“Ryan”, “We”, “us”, “our”

Ryan, LLC and its affiliates and associated offices in other countries, including but not limited to Ryan Netherlands B.V., VAT Systems S.A.S., and Ryan Tax Services UK Limited. For a full list, please see https://ryan.com/locations/ (the “Ryan Entities”). 

GDPR

General Data Protection Regulation

Privacy Officer

Our Privacy Officer can be contacted at gdpr@ryan.com

Personal Data

Any information that identifies, or could reasonably be used to identify, a living individual, either on its own or together with other information

Special Category Data

Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership; genetic and biometric data. Data concerning health, sex life, or sexual orientation


What Personal Data We Collect

Where it is permitted under local applicable law pertaining to your country of residence, we may collect and process Personal Data throughout the course of providing our services to you, your use of our website, your request for further information, your application for employment, or otherwise during your engaging with us as a client or potential client, including through our client platform and survey tools. We may collect the following categories of Personal Data:

  • Contact Details: your name, address, business and personal contact telephone numbers (landline and mobile), business and personal email addresses
  • Basic Information: your job title, your position or role, your employer, the industry in which you work
  • Service Information: details related to the advice you are seeking from Ryan
  • Job Applicant: details provided in your CV and online application
  • Identification Details: background information obtained to verify your ID
  • Details About Personal Life: information obtained from reference and background checks, emergency contacts and their contact information
  • Contact Forms, Subscriptions, Surveys: information you provide when completing a contact form, event or webinar form, or subscribing to services such as “Ryan Thought Leadership” or completing feedback or satisfaction surveys online
  • Connection or Traffic Data: online identifiers, login/user ID, timestamp information, IP address, and information on how you use our website
  • Other Data: your images that may be captured on CCTV footage where CCTV installed in our office, details captured during your visit to our premises
  • Special Category Data: sensitive Personal Data which you provide to us such as health-related information, for example, disability information or special dietary requirements provided for the purpose of attending meetings or events

How, When, and Why Your Personal Data Is Collected

We may collect information directly from you, your employer, your authorised representative or agent, or other third party:

  • When you or your employer contact us or seek advice from us in respect of our services
  • During your onboarding as a client
  • When you subscribe to any of our newsletters, webinars, events
  • When you sign up to our client platform, DXP, or when you interact with our systems
  • When you participate in (optional) surveys which are used to improve our services
  • When you or your employer offers or provides Vendor services to us
  • When you complete a job application or otherwise apply for a job, whether directly from you or from an employment agency
  • From referees, either external or internal
  • From security clearance providers, regulators, government or credit reporting agencies, or publicly available records (such as Companies House)
  • CCTV images from our landlords or taken using our own CCTV systems to monitor security of our premises and IT systems: Online log activity analysis in offices where CCTV is installed for security and criminal activity monitoring; office Access Control (badges) where one is provided to you for registering your visit to our premises
  • When you browse or interact with us online, we use cookies and other technologies to collect certain types of information during your visit online in order to create a bespoke experience based on your preferences as well as improve our online functions and measure those marketing activities permitted
  • When you attend a Ryan event or trade event or otherwise engage with us
  • During the day-to-day operations of our business managing our business relationship with your or your organisation, your Personal Data may be used
    • In our communications with you, to notify or update you of changes in our services, to facilitate investigation of any complaint, for evidential purposes in any dispute
    • To facilitate transactions, including accounting, recordkeeping, reporting, research and statistical analysis, risk management purposes, including business continuation planning, and disaster recovery, including the creation of back-ups
    • To improve our services through global reporting and analysis
    • To facilitate, analyse, and improve the use of, and the security of, our network and websites and to prevent fraud or criminal activity
    • For document retention and storage, for database management
  • Information relating to your health and wellbeing and other special category data when permitted, such as
    • Occupational health and safety and wellbeing of visitors to our offices, for example, to facilitate access
    • Health and wellbeing information declared by you, for example, dietary requirements
    • Accident records if you are injured on our premises
  • For the purposes of the legitimate interests of the Firm in providing our services to clients provided that such interests are not overridden by your interests or your fundamental rights and freedoms

Lawful Basis for Processing Your Personal Data

Depending on the processing activity, we rely on the following lawful basis for processing your Personal Data under the GDPR:

  • Article 6(1)(b) the processing of Personal Data is necessary for the performance of our obligations under a contract
  • Article 6(1)(c) so we can comply with our legal obligations, such as recordkeeping for tax purposes, responding to a law enforcement agency, or providing information to a public body
  • Article 6(1)(f) where it is in our legitimate interest in running a business provided always that they do not outweigh your rights and freedoms and are not excessive or overly intrusive
  • Article 6 (1)(a) in some instances, where it is lawful, because you have provided your consent

Special Category Data
Where the information we process is special category data, for example, your health data. The additional basis for processing that we rely on are:

  • Article 9(2)(a) where you have given your consent (except where local law prohibits the lifting of such consent by you), e.g., notification of disability to facilitate access to our premises or dietary requirements during attendance at an event
  • Article 9(2)(c) where processing is necessary to protect your vital interests where you are unable to give consent, e.g., an accident on our premises
  • Article 9(2)(e) where processing relates to publicly available information
  • Article 9(2)(f) for the establishment, exercise, or defence of legal claims

How Long Your Personal Data Will Be Kept

Our policy is to retain your Personal Data for so long as it is required for the purpose for which it was collected and longer where we are obliged to do so for legal obligation(s) under applicable law to comply with legal, regulatory, and business or policy requirements. For information about how long we hold your Personal Data, you may request a copy of our retention schedule.

Data Sharing

Third Party Processors: We may share Personal Data with third party processors, such as those data processors listed on Annex A.

Legal and Regulatory requirements: We may also share data to comply with court orders and other legal and regulatory requirements, including sharing information with government agencies and external auditors and tax authorities for the purpose of collecting tax contributions. This will always be in accordance with the relevant data protection and privacy laws applicable.

Your Rights in Relation to This Processing

You have the right, in respect of your Personal Data, to:

  • receive information from Ryan regarding Ryan’s treatment of your Personal Data
  • require Ryan to rectify any mistakes in your Personal Data
  • not be subjected to automated individual decisionmaking

and in certain circumstances, to:

  • require erasure of your Personal Data
  • require restriction of processing of your Personal Data
  • object to the processing of your Personal Data
  • require data portability of your Personal Data

To exercise these rights, please contact us using the Firm’s Data Subject Access Request Form which can be found here: https://ryan.com/globalassets/gdpr/data-subject-access-request-form.pdf. If you wish to complain about how we have handled your Personal Data, please submit a complaint via e-mail at gdpr@ryan.com.

If you still believe that your Personal Data has not been handled appropriately according to the law, you can contact the relevant data protection authority in your country and file a complaint with them.

Transfer of Personal Data

Ryan is an international firm and your data may be shared outside of the European Economic Area (EEA) to perform our services and run our business:

  • as between the Ryan Entities and member firms of the Ryan network, including those located in the U.S., UK, and India
  • with third party service providers to the Ryan Entities
  • within IT Systems used by the Ryan Entities that host and support IT functions and applications

Where your Personal Data is transferred outside the EEA, in the absence of EU adequacy decisions relating to a Country, Ryan will have appropriate safeguards in place, such as Standard Contractual Clauses, and appropriate security technical and organisational measures to ensure that your Personal Data will be processed in accordance with the GDPR, this Privacy Notice, and local applicable data protection and privacy laws.

Security

We use servers to host data globally unless otherwise agreed with you that data will reside in the EEA. We have appropriate security measures in place to help protect your Personal Data from unauthorised loss, misuse, alteration, or destruction. Access is limited to those who are authorised, have a genuine business need to access it, and are subject to a duty of confidentiality. We utilise various means of technical and organisational measures to protect your information and review the same periodically. However, the transmission of information to us via the internet is not completely secure and security cannot be guaranteed against all threats.

Change

We may modify or amend this Privacy Notice from time to time. In the event that this Privacy Notice is modified or updated, the Version Date will be updated, and the modified or amended Privacy Notice shall be in effect as of such date. Should a change in our processing of Personal Data significantly affect you, notice of an update will be communicated to you.

Further Information

Marketing and Communications
Where you are an existing client, we may send marketing communications to you about our business such as new products, service lines, updates, industry developments, and surveys that may be of interest to you or your organisation. We rely upon our legitimate business interests to do so and will not seek consent. We will however stop such communications where you request that we do so.

Just In Time “JIT” Privacy Notices/Layered Privacy Notice
Where we invite you to submit Personal Data to us for a new purpose (such as using a new tool or joining us as a new employee) you will be provided with a JIT Privacy Notice setting out the purpose of processing, the lawful basis, and other relevant information at that time.

Annex A – Data Processors

We engage with third parties to provide services to us and with whom we may share your Personal Data. We select our third-party service providers with care and enter into contracts that include provisions, where applicable, that they may only process Personal Data for the service they are providing to us and that they must provide suitable security standards. This Annex A contains both generic and specific data processors engaged by us:

Data Processors
(including but not limited to)

Purpose

Microsoft Azure

For hosting/storage of data when data is resident in Europe

Microsoft Teams

Software to facilitate team organisation of projects

Accountants, Auditors, Lawyers, or Similar Advisers

Professional legal and financial services and advice to support our business

Salesforce

Customer relationship management system

HireRight

Background checking service (UK, NL)

Rackspace

For cloud computing to manage private and public cloud deployments

IT Service Providers

For shared service centres

Insurance Brokers and Banks

For services to support our business

Third-party Venue Providers

To facilitate the hosting of our events or functions

Any third party where we have a duty to share Personal Data

To comply with a legal or regulatory obligation, or to comply with a court order, tribunal, regulator, or government agency where we are under a duty to disclose Personal Data

A potential third-party investor and its professional service providers

To comply with due diligence in the event of a corporate transaction or an actual or potential sale related to Ryan


Privacy Notices for any third party who may have access to your personal information can be provided upon request by contacting the Privacy Officer at gdpr@ryan.com.

Cookies

To assist us in gathering information needed to grow a useful and interesting site, we collect visitation data utilising cookies. On a user's first visit, a cookie is placed on the user's machine and is then recognised by our site on each subsequent visit. This helps us to identify new and returning visitors. The information collected with the cookies issued by this site includes the IP addresses from which users access our site, the date and time of their visits, the URLs of the pages that they view, and the browser used to view the site. We do not identify individual users or their searches, nor do we enable cookies to gather users' personal information. No information gathered on our site is shared, sold, rented, or traded outside Ryan.

Security

This site has security measures in place to protect the loss, misuse, and alteration of the information under our control. Ryan has network-wide security measures in place to ensure your privacy. Our internet service provider also has security precautions in place to protect you.

We do not use any information submitted by you for marketing purposes. Ryan does not sell, trade, or lend any information collected. Where identifying information is asked, it is used only for responding to users' comments or questions and is not made available for other purposes.

This site contains links to other websites. Ryan is not responsible for the privacy practices or the content of such websites.

Contacting the Website

If you have any questions about this privacy statement, the practices of this site, or your dealings with this website, you can contact us at:

Ryan
Three Galleria Tower
13155 Noel Road
Suite 100
Dallas, Texas 75240-5090
972.934.0022
info@ryan.com