Kmatrix Data Services is committed to protecting your personal data and to being transparent about what information we process. Our data protection policy and procedures are governed by the Data Protection Act (DPA) 1998 and, from 25th May 2018, the European Union (EU) General Data Protection Regulation (GDPR). Kmatrix Data Services limited is registered with the Information Commissioner’s Office (ICO), registration reference ZA373389
This notice in intended to set out how and why Kmatrix Data Services processes personal data about you and it also sets out your rights as a data subject. If you require further information, please contact: firstname.lastname@example.org
1. Personal Data
1. Why we process personal data about you – We process personal data about you on a lawful basis, such as: when you enter into a contract of employment with us or a contract to supply services to or receive services from us; when you apply for a job with us; for legitimate business interests including conducting industry research (some personal data is collected from publicly available sources e.g. company website); when you subscribe to our mailing list (to receive marketing communications); when you make an enquiry or a complaint which requires a response from us; or when you visit our website.
2. The categories of personal data that we process
1.1.1 Personal contact information for the purposes of making contact with you and / or sending marketing communications, including your name, job title, home or work address and / or email address and / or telephone number;
1.1.2 Financial information for the purposes of administering salaries, fees or payments;
1.1.3 Education, qualifications and work history information for the purpose of assessing the suitability of job applicants and suppliers;
1.1.4 Employment records for employees such as the right to work in the UK (copies of passports and other documents required to comply with Home Office requirements), date of birth, photograph, personal development and performance, dates of employment and emergency contact details;
1.1.5 Sensitive personal data you provide to us for the purpose of monitoring equality and diversity, such as gender, ethnicity and disability;
1.1.6 Information related to your access and use of our website for the purpose of improving user experience (see our Cookie Notice);
1.1.7 And / or any other personal data you provide to us.
1.2 Sharing your personal data with third parties
1.2.1 We contract with third parties for IT and other services such as payroll, accounting and email marketing. These third parties host or handle some personal data as part of providing their services to us. We do not share your personal data with any other third party, except as required by law. We do not sell your personal data to third parties under any circumstances or permit third parties to sell on the data they host or handle on our behalf.
1.2.2 With your permission, we may share information about you in a client report for industry research purposes and / or online and social media for publicity and marketing purposes.
1.2.3 In the event that we are involved in a bankruptcy, merger, acquisition, reorganisation, or sale of assets, your personal data may be sold or transferred as part of that transaction. This Privacy Notice will apply to your personal data as transferred to the new entity.
1.3 Transfer of personal data to other countries
1.3.1 Where data is shared within the UK or the EU, the third party will be required to comply with and safeguard the data under the terms of the DPA and, from 25th May 2018, the GDPR and any other applicable regulations.
1.3.2 Your personal data will only be transferred to countries, outside of the EU, whose data protection laws have been assessed as adequate by the European Commission, or where adequate safeguards, such as the EU-US Privacy Shield, are in place.
1.4 Protecting your personal data – We take all necessary technical and organisational measures to protect the confidentiality and security of your personal data. This includes storing your personal data in secure systems that are not available to the public and that are only accessible to authorized Kmatrix Data Services personnel and to certain third-party suppliers who host or handle your personal data on our behalf (see 1.2).
1.5 How long your personal data is kept for – We will keep your personal data for only as long as is necessary for the purpose(s) for which it was collected, and we will only retain the personal data that is necessary in relation to the purpose. We are also required by law to retain some personal data for a set period of time. All personal data will be securely destroyed when it is no longer required.
2. Your Rights
2.1 To be informed – This Privacy Notice provides the information you are entitled to receive.
2.2 To access – You have the right to access your personal data. There is no charge for us providing you with this data and it will be provided within one month of you requesting access (unless the request is unfounded or excessive).
2.3 To rectification – You have the right to rectify your personal data if it is inaccurate and we will respond within one month of you requesting rectification.
2.4 To erasure – You may exercise your right to have your personal data erased in a number of circumstances, e.g. if the data is no longer necessary in relation to the purpose for which it was created or you withdraw your consent. Where possible we will comply with all such requests, though some personal data may need to be retained to comply with law.
2.5 To restrict processing – You can tell us that we can keep your personal data but must stop processing it, including preventing future marketing communications.
2.6 Notifying third parties regarding rectification, erasure or restriction – Where a third-party supplier is hosting or handling your personal data on our behalf, and you have subsequently exercised any of your rights of rectification, erasure or to restrict processing, we will notify those third parties of you exercising those rights.
2.7 To data portability – Your personal data may be processed across manual records and electronic records. If you exercise your right to data portability, we will do our best to provide information in a portable format but it is unlikely that we can create systems to do so.
2.8 To object
2.8.1 We will stop processing your personal data if you object, on grounds relating to your particular situation, where the legal basis for the processing is either public interest or our legitimate business interests. We will continue to process your personal data if we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or if we require the data in order to establish, exercise or defend legal rights.
2.8.2 We will stop processing your data for direct marketing purposes if you tell us to. You may opt-out of receiving marketing communications from us at any time by using the unsubscribe function provided in the communication you received.
2.8.3 We will stop processing your data for the purposes of scientific and historical research purposes or statistical purposes if you tell us to.
2.9 Not to be subject to automated decision-making including profiling – We do not use any automated decision-making or profiling.
2.10 To lodge a complaint – You have the right to lodge a complaint with the ICO at https://ico.org.uk/concerns
We reserve the right to judge what personal data we must continue to process to be able to fulfil a contract or to comply with law.