The security of your personal information is important to us. We strive to be as transparent as possible about how we use your data, and sought to design a policy to help you feel more confident about the privacy and security of your personal information when you're accessing any of our services. So that’s what we’ve done.
- who we are and how to contact us
- what information we collect on this website
- how we will use, store and share the information that you give us
- how we keep that information secure
- choices you have regarding the information you give us
Who we are and how to contact us
Kin and Carta plc is a company registered in England and Wales which is part of the Kin + Carta group of companies (collectively referred to as “we” or “us” in this policy). Our corporate details are:
Kin and Carta plc
Registered office address:
One Tudor Street
Registered in England and Wales with company number 1552113
Information Commissioners Office registration number Z6651639
You can get in touch with us in any of the following ways:
- By email: email@example.com
- By phone: 020 7928 8844
- Through this website: https://www.kinandcarta.com
- By post: Kin and Carta plc, One Tudor Street, London, EC4Y 0AH
For the purposes of this policy we are the controller of the personal information we collect. This policy sets out how we will use and share the information that you give us and covers personal data collected by us in our interactions with you.
What data we process about you
We may collect and process the following categories of personal data about you:
- Contact Details: for example your name, address, telephone number, organisation, employment details.
- Information generated by the services we provide or the relationships we may have with you: including your business details, bank and financial details, communication and correspondence.
- Information generated by visiting our website or engaging with us on social media: for example IP addresses, social handles or usernames. This may also include information about your computer and your use of our services, including (where available) your unique mobile device identifier (UDID), International Mobile Equipment ID (IMEI), Android ID, device MAC address, browser information, operating system, timestamps, the pages that you request, applications downloaded, traffic data, location data, weblogs and other communication data, and the resources that you access.
- Recruitment information / employment history: including information provided by you in relation to submitting a job application, such as your CV and contact details.
We do not actively collect personal information from children under 16 years of age. If you are under 16 years old, please do not provide any personal information to us. Equally, if you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have entered personal data onto our website, please contact us immediately using the contact details provided above.
Our website includes links to a number of third party websites (including social media sites such as Facebook, Twitter and LinkedIn and sites operated by other parts of the Kin + Carta group). If you use the links provided on our websites, please bear in mind that these sites have their own user and privacy policies governing their use of personal data. As a result, we don't have any responsibility or liability for these policies or any information you provide.
How we collect information about you
We may collect information that you provide during your interactions with us (or when you authorise a third party to share data with us) including via:
- Our website(s)
- Social media
- In person
- Communicating with us including via e-mail, telephone or written correspondence
- When you provide products or services to us
- At trade events such as conferences or exhibitions
- When you provide information directly to us, including filling in forms either on our website(s) or via other media
- Subscribing to our newsletter
- Enquiring about or buying any of our goods, services, downloads or other products
- From third party data suppliers
- Publicly available sources
Our legal basis for processing your information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where you have given consent for us to process your information.
- Where it is necessary for entering into or performing a contract we have with you or the business you are working with.
- Where we need to comply with a legal, regulatory or compliance requirement.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Why we collect and process your data
We use information held about you in the following ways:
- To identify you when you use our services.
- To send you direct marketing where we have your consent.
- To provide our services to you and to ensure that these are presented in the most effective manner for you, including adding it to information we or our subsidiary companies already hold on you or your organisation.
- To keep our website and systems secure and to prevent fraud.
- To deal with enquiries or complaints made by or about you relating to our services.
- To manage our relationship and administer our business either as a part of a contract or where we believe we have a legitimate interest to do so.
- To execute a contract or request or, where relevant, for the establishment, exercise or defence of legal claims.
- Where we have a legitimate interest to inform you about our products or services by appropriate communication methods, unless you’ve objected to us doing so.
- As part of our recruitment processes, including considering any CV and sharing it with our relevant subsidiary companies as necessary.
- Where relevant to meet our legal, regulatory and compliance requirements.
Your personal data may be shared with other companies within our group of companies (as further detailed at https://kinandcarta.com/about.html).
We may also share some of your personal data with third parties in the following circumstances:
- With creative agencies who help us promote ourselves or deliver our services.
- With printers, email service providers or other suppliers who help us to reach out to you.
- With suppliers providing services to us to help us run our business.
- To protect the rights, property or safety of us or other users of our services.
- Where we are allowed to do so under applicable laws, regulations or legal processes.
- If we or one of our subsidiary companies (or substantially all of their assets) is acquired by a third party, in which case personal information about users will be one of the transferred assets.
- We may also pass aggregated information to third parties about how our users use our service but this will not include information which could be used to identify you.
We require third parties to respect the security of your data and to treat it in accordance with the law.
International transfers of data
We may share your data with group companies, our partners and service providers who are located outside the European Economic Area (being the European Union and Iceland, Liechtenstein and Norway - also referred to as the “EEA”) including to Argentina and USA.
Where your personal data are transferred or accessed outside of the EEA, we will ensure that your data is processed in accordance with the General Data Protection Regulation ("GDPR") and any other relevant data protection legislation. We also ensure that appropriate safeguards are in place to protect that data. The safeguards we use may include:
- standard data protection clauses in the form of template transfer clauses adopted by the Commission (the so-called "Model Clauses");
- standard data protection clauses in the form of template transfer clauses adopted by a supervisory authority and approved by the European Commission;
- compliance with an approved code of conduct approved by a supervisory authority, together with binding and enforceable commitments to apply the adequate safeguards; or
- certification under an approved certification mechanism as provided for in the GDPR, together with binding and enforceable commitments to apply the adequate safeguards.
Your choices in relation to personal information
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
You have certain rights in relation to personal information we hold about you. Please be aware that we may require evidence of your identity before we are able to act on your request. Details of these rights and how to exercise them are set out below:
- Access: you have the right at any time to request a copy of the personal information that we hold about you. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
- Erasure: in certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or our processing is based on consent and there are no other legal grounds on which we may process the information.
- Correction / completion: if personal information we hold about you is not accurate or is out of date and requires correction you have a right to request that we have the data rectified or completed.
- Object or restrict our processing of your information: in certain circumstances, you have the right to object to our processing of your personal information. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes. You may also have the right to restrict our use of your personal information, for example during a period where we are verifying the accuracy of information you have challenged.
- Data portability: in certain circumstances, you have a right to receive personal information that we hold about you in a structured, commonly used and machine-readable format such as Excel, CSV etc. You can also ask us to transmit that information to you or directly to a third party organisation. This right exists only in respect of personal information that you have provided to us previously and is processed using automated means. We are not able to guarantee technical compatibility with a third party organisation's systems. We are also unable to comply with requests that relate to personal information of others without their consent.
- Withdraw consent: where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
For more information or to action these rights, please contact using us on firstname.lastname@example.org
Retention and destruction of personal information.
We will take reasonable steps to ensure the accuracy of the information we hold about you. We will not use your personal information unless it is (to the best of our knowledge) accurate and up to date.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider: the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of your personal data; the purposes for which we process your personal data and whether we can achieve those purposes through other means; and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
When the purposes we collected the data for have ended we will retain and securely destroy your personal information in accordance with applicable laws and regulations. Details of retention periods for different aspects of your personal data are available in our retention policy. For further details about data retention please contact the data protection officer whose details can be found in this policy.
Data Protection Officer
If you have concerns that you would like to raise with us, please contact our Data Protection Officer:
Chief Data Protection Officer
Kin + Carta
You also have the right to complain to the Information Commissioners Office if you believe we have not acted within the law or have infringed your rights.
Unfortunately, the transmission of data over the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee its security. Once we have received your data we will use strict security measures to try to protect it against loss, misuse, or unauthorised alterations.
We take appropriate organisational and technical measures to protect your personal information that we hold and to ensure that your personal data is treated in accordance with this policy. We take steps to limit access to your personal information to those who we believe reasonably need to come into contact with that information in order to carry out their jobs. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of such breaches where we are legally required to do so.
This policy was last updated on 14 November 2018.