We collect some Personal Data from Users of our website, customers and prospects. It's entirely what you would expect, but, just to be explicit as per GDPR guidance, here's what we are collecting and why. Cookies and Usage Data is collected by our Google Analytics service for website analytics. If you sign up to our mailing list, your email address and full name (or first name and last name) is collected by our Mailchimp service for managing contacts and sending messages.
In brief, we hold what you would expect us to hold. Names and email addresses of clients and prospects, records of correspondence, and information needed for ordinary business tasks such as delivering work, recording contractual agreements, invoicing, marketing, or business development. These are Kaiasm Ltd’s "Legitimate Business Interest". Some of this is held by us on internal systems, much of it held via third parties: Google, Microsoft, Xero and so on. Because we, like any other business, need to do this, we now need to tell you a set of other things to ensure we are compliant with the law. If you are interested, please read on.
We will process (collect, store and use) such limited personal information as we have in line with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and keep it no longer than is necessary. Any personal information that is provided, collected or processed will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
How is Data Collected?
Personal data is collected through the standard business channels of general correspondence (phone/email), networking events, recommendations, referrals, business cards, and work-focused social media profiles (LinkedIn, really).
As part of the services provided, we may share your personal data with third party service providers - for example your name and email address will be unavoidably shared with Google via Gmail or GSuite; Microsoft via MS Office. Any third parties that Kaiasm Ltd shares your personal data with are obliged to keep your details securely and only use them to deliver the service they provide to Kaiasm Ltd. Kaiasm Ltd will never only pass on sensitive personal data to a third party without prior written consent.
If Kaiasm Ltd intends to transfer the personal data to a third country or international organisation outside of the EU (Google or Microsoft, say), we will ensure there are specific measures in place to secure your information such as:
- How long the data will be stored
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn't collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
Kaiasm Ltd uses cloud-based systems for the retention of business data, with two factor authentication in place where available. Please note that the transmission of information via the internet cannot be completely secure and therefore Kaiasm Ltd will do it’s best to protect your personal data but cannot guarantee the security of any data transmitted.
Consent is required and must be explicitly given for Kaiasm Ltd to process personal data. Should sensitive personal data ever be requested, Kaiasm Ltd will always outline how and when information will be used. You may withdraw consent at any time by emailing Kaiasm Ltd (firstname.lastname@example.org) and a written confirmation of your withdrawal and deletion of your personal data will be sent to you within 14 working days.
Kaiasm Ltd is required to retain information in accordance with the law. How long certain kinds of personal data should be kept may also be governed by regulatory bodies, agreed practices and specific business-sector requirements. Personal data may be held in addition to these periods depending on individual business needs. Unless otherwise required, Kaiasm Ltd will store and process personal data as long as this data is deemed relevant by the Kaiasm Ltd management team.
Your rights as a Data Subject
At any point while Kaiasm Ltd is in possession or processing your personal data, you, the data subject, have the following rights;
- Right of access – you have the right to request a copy of the information Kaiasm Ltd holds about you.
- Right of rectification – you have the right to correct data that Kaiasm Ltd holds about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data Kaiasm Ltd holds bout you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing of your personal data.
- Right to portability – you have the right to have the data Kaiasm Ltd holds about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review – in the event that Kaiasm Ltd refuses your requests under rights of access, Kaiasm Ltd will provide you with a reason as to why. You have the right to complain as outlined below.
Under what circumstances will Kaiasm Ltd contact me?
Kaiasm Ltd may contact you directly from time to time. We may also send you email via a mailing list if you have explicitly signed up for it.
Can I find out the personal data that Kaiasm Ltd holds about me?
At your request, Kaiasm Ltd can confirm what information we hold about you and how it is processed. In the event Kaiasm Ltd holds personal data about you, you can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Kaiasm Ltd or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
When personal data access is requested, Kaiasm Ltd accepts passport, driving licence, birth certificate or a utility bill no more than three months old.
In the event you wish to make a complaint about how your personal data is being processed by Kaiasm Ltd, or third parties, or how your complaint has been handled, you have the right to lodge a complaint directly with the ICO supervisory authority (https://ico.org.uk/concerns) or Kaiasm Ltd.
Changes to this Kaiasm Ltd Privacy Notice
Any changes Kaiasm Ltd makes to this privacy notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back on a regular basis to see any updates or changes.
Contact information for Owner and Data Controller
Liam McGee, Director
The Grange Offices,
Latest update: September 30, 2020