Kammac is committed to protecting the privacy and security of your personal information.
Kammac is a “data controller” referred to as “we”, “us”, “our” or the “company” in this privacy notice. This means that we are responsible for deciding how we hold and use personal information about you and are required under data protection legislation to notify you of the information contained within this notice.
This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018. We aim to give you information on how we use your personal data when you use this website, use or enquire about our products or services or if we decide to market our services to you. Data relating to prospective employees, current/former employees, self-employed contractors and agency workers are contained in a separate recruitment and employee privacy notice. Most of our interactions as an organisation are on a B2B basis.
It is important that you read this notice, together with any other privacy notice we may provide to you, This is so that you are aware of how and why we are using such data at the time we use it.
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way;
Collected only for valid purposes that we have clearly explained to you and not used
in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about;
- Kept securely
If you have any questions about our policies on data protection or your rights and how you can exercise them please contact email@example.com. This policy was last updated May 2018.
The nature of information we hold about you
We may collate, store and utilise the following categories of personal information about you:
- Personal contact details such as name, title, postal addresses, telephone numbers and personal email addresses;
- Financial information such as credit reference checks, details of financial/payment transactions, bank account and payment card details;
- Marketing information including contact details and your preferences in receiving marketing from us;
- Feedback. We may gather feedback from customers on how to improve our products or services or gather some personal data in order to deal with customer complaints or enquiries about ongoing orders or deliveries;
- Technical Data includes browser type and version, location (country and city), language, operating system and platform, ISP, screen resolution, device type (mobile or PC system), client ID (as assigned by Google Analytics not by Kammac)
- Profile Data we do not routinely collate profile data though do collect some profile data when online forms are utilised on our www.kegandcask.net and www.kammac.com sites. This data includes details such as name, company name, telephone number and email addresses
- Usage Data – we collect usage data to calculate the percentage of users accessing a specific website feature. We cannot identify you from the client ID assigned to you by Google Analytics.
We do not process any special categories of personal data or information about criminal convictions and offences from our website or from our customers or suppliers.
When our site includes links to other websites or applications, we would advise you to read the privacy and cookies policies of that website to assess how they use your personal data.
How do we collect your personal data?
We collect personal data about you in a variety of ways:
Direct from you – This could be when you make an enquiry about our products
and services, enter into a contract with us to deliver our products and services,
request marketing information or make a customer complaint or provide us with
feedback. You may provide personal data by contacting us direct or by completing
forms and forwarding them to us via post, email or using our online contact form.
You may provide personal data over the phone or in person or by using social
Third parties or publicly-available sources. We may also receive personal data
about you from various third parties such as:
a) Publicly-accessible resources such as Companies House, the Bankruptcy and Insolvency register;
b) Credit reference agencies
c) Due diligence providers
e) Your bank or another financial institution;
f) Local Authorities;
g) Analytics providers such as Google Analytics;
h) Advertising networks;
i) Financial and Transaction Data from providers of technical, payment and delivery services such as Paypal, Sagepay,Worldpay, Groupon, Paypal, Direct, Payaway IP, Bankline;
FAILURE TO PROVIDE PERSONAL DATA
We may not be able to enter into or fulfil a contract with you (for example, the delivery of
products or services) if you do not provide data we may need either by law or to perform that
contract. As a result, we may have to cancel a contract or delay goods or services. We would
inform you if this occurs.
HOW WE WILL USE YOUR PERSONAL DATA
We will only use your personal data for a lawful reason. This will usually be in the following situations:
In order for us to perform the contract we have with you;
- Where we need to comply with a legal obligation;
Where it is necessary for our legitimate interests (or those of a third party) and your
interests and fundamental rights do not override those interests;
- Where you have given consent
We may also use your personal information in the following situations, which are likely to be
- Where we need to protect your interests (or someone else’s interests)
- Where it is needed in the public interest (or for official purposes).
In the limited circumstances where you may have provided your consent to the processing of your personal data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We generally do not rely on consent as a basis for processing personal data though may do so in gaining your consent to direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us on email@example.com or by opting-out or unsubscribing to any communications.
SITUATIONS IN WHICH WE WILL USE YOUR PERSONAL DATA
We need all the categories of information in the list above (see ‘The nature of the information we hold about you’) primarily to allow us to perform our contract with you or for our legitimate interests.
The situations in which we will process your personal information are listed below. We have
indicated the purpose or purposes for which we are processing or will process your personal
information, as well as indicating which categories of data are involved:
|Processing activity||Categories of data||Lawful Basis|
Customer administration and accounts
To register you as a new customer
Identity, contact and financial details.
Customer administration and
To process and deliver your order
Identity, contact, financial and transaction details.
Business Development, Sales and Marketing
We may use your personal data to market our services to:
We may also undertake customer surveys or monitor how you use our website.
Identity and contact details, data obtained from usage of and cookies on our website.
Managing premises, equipment
Identity details, stills and video of visitors to site and vehicle registration details.
To monitor, maintain and test the
website and other ICT.
|Identity, contact and technical details.|
CHANGE OF PURPOSE
We will only use your personal data for the purposes we outlined to you at the outset. We will continue to process your personal data for another reason if we consider that the revised reason is compatible with the original purpose. If the revised reason is for an unrelated purpose, we will notify you and outline the basis upon which we believe we have a lawful reason for continuing to process your data. We will not notify you of the change of purpose if the processing is required by law.
Your duty to update us
It is important that the personal data we hold about you is accurate. Please update us if this changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we collect about you and an outline of why we are using it;
- Request correction of the personal data that we hold about you. This enables you to have inaccurate information corrected;
- Request erasure of your personal data. This enables you to request the deletion or removal of your personal data in certain circumstances. You also have the right to request the deletion or removal of personal data where you have requested the right to object to processing;
- Object to processing of your personal data where the basis for processing is a legitimate interest (or those of a third party) and you wish to object to processing on this basis. You also have the right to object where we are processing personal data for direct marketing purposes;
- Request to restrict the processing of your personal data;
- Request the transfer of your personal data to another party.
If you want to exercise any of the above rights, please contact firstname.lastname@example.org.
You will not normally have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request for access is unfounded, excessive or involves a repeat or duplicate request. Alternatively, we may refuse to comply with the request in such circumstances.
What we may require to process your request
We may need to confirm your identity and assess your rights to access the data. This is purely to ensure we comply with the requirements of the GDPR especially where there may be data that relates to another individual.
We may have to share your personal data with third parties including third-party service providers in order to administer our working relationship with you or where we have another legitimate interest in doing so.
We require third parties to respect the security of your data, treat it lawfully and as only as per our instructions.
Which third-party service providers process my personal information?
“Third parties” includes third-party service providers and other entities within our group. The following activities are carried out by third-party service providers
- Staff and site administration where we provide onsite logistics;
- Managing facilities;
- HMRC, HSE and other regulatory bodies;
- Insurance provision;
- Legal Advice;
- ICT services and applications;
- Credit reference agencies;
- Interpretation of telematics and tracking information;
We may also share your personal information for example in the context of the possible sale or restructuring of the business or with a regulator or to otherwise comply with the law.
Transferring information outside the EU
Kammac hosts some of its applications in industry-leading Amazon Web Services, whose data centres are located within the EEA, which have been thoroughly tested for security, availability and business continuity.
All data is stored within the EEA and the data will not be processed outside of the EU by Kammac. However, Kammac uses multiple third-party providers as part of our business operations and architecture for the purposes of logging, billing and system monitoring. In connection with this, data might be transferred outside our EU data centre.
To ensure that your personal information does receive an adequate level of protection we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. This is available on request from email@example.com.
We have put in place measures to protect the security of your information which include physical and application security. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure
We have put in place appropriate security measures to prevent your personal information from being lost or used in an unauthorised way. In addition, we have access controls in place to ensure information is kept secure and only relevant and limited individuals have access to it. Our staff are subject to a duty of confidentiality. Details of these measures may be obtained from firstname.lastname@example.org.
Protocols are in place to deal with suspected data security breaches. We will notify you and the ICO of a potential breach where we are legally required to.
We will only keep information as long as is necessary for the purposes we have informed you about. Details of retention periods are available by contacting email@example.com. To determine relevant retention periods, we consider a number of factors including business need, regulatory and legislative requirements, the nature and sensitivity of the data and the potential risks of unauthorised disclosure.
DATA PROTECTION CONTACT
If you have any questions about this privacy notice or how we handle your personal information, please contact firstname.lastname@example.org. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), https://ico.org.uk the UK supervisory authority for data protection issues.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this privacy notice at any time. We will provide you with a new privacy notice when we make material updates or may notify you periodically about the processing of your personal data
If you have any questions about this privacy notice, please contact email@example.com.