PRIVACY & DATA USAGE POLICY

Our Policy

Kudos Data Solutions Ltd (“Kudos”) is committed to protecting your privacy. This Privacy Policy explains our data collection and usage. By using the Kudos website or by contacting Kudos, you consent to the data practices described in this policy.

Kudos provide software, data processing, insight and consultancy services to help businesses manage data effectively and to turn data into marketing intelligence. Kudos Data Solutions Ltd is the data controller of our own data. Kudos is also the data processor for some of our clients. This privacy policy tells you how we collect and process data received from you. The Kudos named Data Controller is Tim Holt, Director.

Our registered address is Kudos Data Solutions Ltd, Hyatt Place, 50-60 Broomfield Road, Chelmsford, CM1 1SW. Our company registration number is 10715890

If you have any comments or questions regarding this privacy policy, please email them to help@kudos-data.com

How do we collect data?

We collect data that you put into forms or surveys on any of our sites and from communications we receive from you via email, telephone, mail or online. We keep a record of any contact or correspondence between us. We collect details of your visits to our websites and we also collect information about the device used for browsing (e.g. your device type, IP address, browser, operating system).

Recipients/categories of recipients

In carrying out our business including our obligations to you, we may use sub-contractors. These will be mailing houses, email broadcasters, marketing agencies. We will ensure that they respect your privacy and abide by all data protection laws.

Cookies

We use Google Analytics, CANDDi and SalesIQ cookies. You can find out more information about cookies including how to switch cookies on or off i.e. accept or refuse cookies from www.aboutcookies.org A cookie is a small text file which is placed onto your computer (or other electronic devices) when you access our website. We use them to:

• Recognise you whenever you visit this website, so you don't need to tell us your preferences on each visit;

• Carry out research and statistical analysis to help improve our content and services and to help us better understand our visitor and customer profiles; and

• To check our emails are delivered in a readable format that is useful to you

The types of cookies we use:

• Session Cookies: These are used by our webserver and are required to serve content to you and enable form submissions etc. These cookies are destroyed when you close your web browser.

• First Party Cookies: These are set by our website and can only be read by our website. We use these types of cookies to keep a record of the preferences selected and any settings that enable us to tailor content based on your choices.

• Third Party Cookies: These are set by our partners and enable us to analyse the use of our website and better understand the profiles of visitors to ensure they are finding the information of interest to them on our website.

We also embed video and rich media that is hosted by delivery partners including YouTube which set their own third-party cookies.

LiveChat service

We use a third party provider, ZOHO, to supply and support our LiveChat service, which we use to handle customer enquiries in real time. If you use the LiveChat service we will collect your name, email address (optional) and the contents of your LiveChat session. This information will not be shared with any other organisations. You can request a transcript of your LiveChat session if you provide your email address at the start of your session or when prompted at the end.

How we use what we collect

We use information about customers to carry out our contracts with you. This includes activities such as delivering your services, communicating with you regarding delivery of services, telling you our charges, managing and updating your personal information. You may be contacted to inform you of updates to our products and services, or similar products and services that are relevant to you. We will do so on the basis of GDPR legitimate interest for direct marketing. We may contact you by email and telephone under the PECR “soft opt-in” basis for processing of personal data.

If you are not a customer, we may use your information to tell you about products and services that we believe will be of interest to you. We will do so on the basis of GDPR legitimate interest for direct marketing. We may contact you by email and telephone under the PECR “soft opt-in” basis for processing of personal data. To unsubscribe from Marketing & Sales emails, Please email help@kudos-data.com with your unsubscribe request.

We will not sell your data to other organisations.

Legitimate Interests Assessment

The Information Commissioners Office (ICO) states that there are three elements to the legitimate interest basis:

1) Identify a legitimate interest;

2) Show that the processing is necessary to achieve it;

3) Balance it against the individual’s interests, rights and freedoms.

· The legitimate interests can be Kudos’ own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits.
· The processing must be necessary. If Kudos can reasonably achieve the same result in another less intrusive way, legitimate interests will not apply.
· Kudos must balance our interests against your interests. If you would not reasonably expect the processing, or if it would cause unjustified harm, your interests are likely to override our legitimate interests.
· Our legitimate interest assessment (LIA) can be found here

Source: https://ico.org.uk

Where we store your data

Data is stored using Microsoft Sharepoint “cloud” services. and in the ZOHO “cloud”. Both are GDPR compliant.

Your rights

You have rights in respect of your personal data. We will need to confirm your identity before we can consider your request so, if you wish to exercise any of these rights, we will need proof of your identity.

The right to be informed – you have the right to be told about the collection and use of the personal data you provide. This privacy policy sets out the purpose for which we process your personal data, how long we will keep your data, who we will share your data with. If you have any questions on how and why we process your data please contact the DPO. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/

Right of access – you have the right to know whether we are processing your personal data, and to a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/

Right to rectification – you have the right to have any incorrect personal data corrected or completed if it is incomplete. You can make this request verbally or in writing. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 28 days of receiving the request.  If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/

Right to erasure – this right, often referred to as the right to be forgotten allows you to ask us to erase personal data where there is no valid reason for us to keep it. We will look at any request and inform you of our decision within 28 days of receiving the request.  If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/

Right to restrict processing – you have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request.  If you want to exercise this right, please contact the DP at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/

Right to data portability – you have the right to move, copy or transfer your personal data from one IT environment to another. This right applies to data that you have provided to us and that we are processing on the legal basis of consent or in the performance of a contract and that processing is by automated means. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/

Right to object – you have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics.

• Legitimate interests/legal task – your objection should be based on your particular situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests.

• Direct marketing – you have an absolute right to ask us to stop processing for the purposes of direct marketing. We will action your request as soon as possible.

• Scientific/historical research and statistics – your objection should be based on your particular situation. If we are conducting research where the processing is necessary for the performance of a public task, we can refuse to comply with your objection.

If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-object/

Rights relating to automated decision making including profiling – you have the right in respect of automated decision making, including profiling. Where we carry out solely automated decision making, including profiling, which has legal or similarly significant effects on you, we can only do this if it is in connection with a contract with you, we have a right under law or you have provided your explicit consent. We will tell you if this happens and tell you how you can request human intervention or challenge the decision. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/rights-related-to-automated-decision-making-including-profiling/

Access to personal information

Kudos tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018. If we do hold information about you we will:

· give you a description of it;
· tell you why we are holding it;
· tell you who it could be disclosed to; and
· let you have a copy of the information in an intelligible form.

To make a Subject Access Request to Kudos for any personal information we may hold you need to put the request in writing addressing it to Tim Holt, Kudos Data Solutions Ltd, Hyatt Place, 50-60 Broomfield Road, Chelmsford, CM1 1SW.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone or email.

If we do hold information about you, you can ask us to correct any mistakes.

Links to other sites

Please note that our terms and conditions and our policies will not apply to other websites that you access via a link from our site. No links or references of any kind to third party sites should be considered to be a recommendation or endorsement by us.

Changes

If we change our Privacy Policy, we will post the changes on this page.