DATA PROTECTION PRINCIPLES:
KRPM Business Solutions Limited follows six principles when dealing with your personal data. We will ensure it is:
processed lawfully, fairly and in a transparent manner;
processed for specified, explicit and legitimate purposes;
adequate, relevant and limited to what is necessary;
accurate and kept up-to-date;
kept for no longer than is necessary; and
processed in a manner than ensures appropriate security.
We operate these principles alongside our duty of confidentiality to you.
2. SCOPE
This policy applies to our processing of personal data for individuals other than:
KRPM Business Solutions Limited employees. Our website contains links to other external websites. Clicking on these links may allow third parties to collect or share data about you. We have no control over these external websites or responsibility for the privacy policies they operate.
3. DEFINITIONS
Personal data is information that can be linked to a living individual.
A data controller can be an individual or an organisation. They decide what personal data to collect and how it will be used.
Processing data includes collecting, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, disseminating, aligning, combining, restricting, erasure or destruction of data.
4. DATA CONTROLLERS
This policy is provided on behalf of the following firms and individuals who are registered as data controllers with the Information Commissioner’s Office (ICO):
5. CONTACT DETAILS
For data protection queries and to exercise your rights, you can contact us in these ways:
6. WHAT WE USE YOUR PERSONAL DATA FOR
Our website www.krpm.co.uk provides an indication of the services we provide. We will use your personal data for the purpose of providing these services. In addition, we may use it for the purpose of direct marketing and for other legitimate business interests.
When we issue a letter of engagement or other client agreement to you, this also outlines the purpose for which we process your personal data. Where we judge the purpose to have changed, we will issue a further engagement letter or other documentation to reflect this.
7. OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
KRPM Business Solutions Limited must have a lawful basis to process your personal data.
More than one lawful basis may apply to the processing of the same personal data.
These are the bases for which we require the use of your data:
8. THE PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS
Where we request your consent for direct marketing by email or text, this is governed by the Privacy and Electronic Communications Regulations (PECR). You can withdraw this consent at any time via our preference centre or by contacting us using any of the contact details at the beginning of this policy.
9. CATEGORIES OF PERSONAL DATA
We deal with two kinds of personal data as defined under the legislation.
10. COOKIES
Our website does not use cookies.
11. PERSONAL DATA OBTAINED DIRECTLY FROM YOU
KRPM Business Solutions Limited obtains personal data from individuals directly when they, for example:
enquire about any of the services we provide;
sign up via our preference centre or by other means to receive marketing material from us;
negotiate or enter into a contract or client agreement with us to provide a service;
provide us with information connected with the contract or client agreement;
correspond with us via our website, by phone, e-mail or otherwise;
participate in meetings, seminars or other events we arrange;
give us a business card;
fill in forms on our website and submit information to us;
participate in other social media functions on our website or enter a competition, promotion or survey;
report a problem with our website;
visit our offices; or
use the wi-fi network in our offices.
12. OTHER SOURCES OF DATA AND WHO WE SHARE YOUR PERSONAL DATA WITH
Depending on the nature of the service we provide, the lawful basis and purpose of processing, we may need to share your personal data between the KRPM Business Solutions Limited data controllers listed at the beginning of this policy and other parties (examples listed below). These parties are subject to data protection legislation and principles. We will usually have notified you of the sharing of your data with these parties. However, certain legislation may prevent us from doing so. Many of these parties both receive personal data from us and provide it to us:
analytics providers
providers of technical, payment and delivery services
providers of business sector information and datasets (where they have obtained the data from publicly-available sources and surveys individuals have completed)
social media sites, including those associated with our fundraising activities
Companies House, HM Revenue & Customs, other Government agencies and departments, including the Care Quality Commission and NHS
law enforcement agencies and courts
solicitors, accountants, auditors and other professional advisers
agents and representatives
banks and other financial institutions
life insurance and pension providers
credit reference and fraud prevention agencies
providers of credit reference or fraud prevention services
our debt-tracing and recovery agency
marketing and social event organisers and venues and websites
online analytic and search engine providers
members of our business networks (normally where explicitly asked for by you)
industry bodies we are associated with (where we have been asked to undertake benchmarking and other analysis on behalf of their membership)
our regulators and governing bodies
quality assurance assessors and other business consultants
our insurers
parties associated with Corporate Finance transactions, or their advisers
data processors
Through our research we may also obtain information from publicly-available databases, such as Companies House or details on a company website.
Furthermore, we will disclose your personal information:
in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about customers will be one of the transferred assets;
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of KRPM Business Solutions Limited, our clients, or any other third parties.
14. DATA PROCESSORS
Where we are appointing any individual or organisation to process your personal data on our behalf (otherwise known as ‘data processors’), they may only do so for specified purposes and according to our written instructions. KRPM Business Solutions Limited seeks confirmation of the processor’s IT security arrangements and whether personal data is processed outside the European Union.
15. TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
KRPM Business Solutions Limited is located in the UK. You can find details of our office locations on our website.
Where possible, we or our appointed data processors will process your personal data within the European Union (EU). If your personal data does need to be transferred outside the EU, we ensure appropriate safeguards are in place to ensure that your data is properly looked after.
We ensure personal data is adequately protected and take into account:
where the European Commission has decided that a country, a territory or one or more specific sectors in a country, or an international organisation, ensures an adequate level of protection. This currently includes the US privacy shield framework.
other safeguards available to us under data protection legislation.
16. KEEPING YOUR PERSONAL DATA SECURE
We operate a series of security measures concerning access to our offices and our systems. The level and extent of each individual measure may vary, but can include, for example:
access controls to buildings, systems and, where appropriate, individual IT applications;
anti-virus and malware prevention;
breach logging;
encryption;
equipment/access logs;
arranging back-up copies of personal data; and
penetration testing, system monitoring and system updates (e.g. patching).
For applications running on our in-house systems, we operate a back-up facility as contingency.
The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.
17. HOW LONG WE KEEP YOUR PERSONAL DATA
The timescales for the retention of your personal data and related documentation are subject to various legal, regulatory or contractual requirements, which will reflect the purpose and lawful basis for processing the data.
Where you have told us you no longer wish to receive our direct marketing, we need to retain a record of this indefinitely. We keep a minimum amount of your personal data in order to maintain our marketing opt-out lists.
18. YOUR RIGHTS
Data protection legislation provides the following legal rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
You can exercise your rights at any time by contacting us using any of the contact details in section 5 of this policy. More information is available from the Information Commissioner's Office website https://ico.org.uk/
Some rights can only be exercised under certain circumstances. If we are unable to comply with your request for any reason, we will contact you to explain our reasoning.
Your rights under data protection legislation: download pdf
19. COMPLAINTS
KRPM Business Solutions Limited aims to deal efficiently with any query or to resolve any complaint you might have about how we handle your personal data.
Your right to complain
If you consider we have processed your data in a way that infringes the legislation, you have the right to complain to the Information Commissioner’s Office. Their contact details are:
https://ico.org.uk/
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate) 01625 545 745 (national rate)
20. CHANGES TO THIS PRIVACY POLICY
The content of this privacy policy was compiled using guidance provided by the Information Commissioner’s Office (ICO) at the date of its publication. The policy takes into account the General Data Protection Regulation (GDPR).
Subsequent changes to the policy may occur due to changes in the ICO’s guidance. Each version of the policy will be uniquely referenced.
21. MORE INFORMATION
Information Commissioner’s Office website https://ico.org.uk