General Data Protection Regulation
The General Data Protection Regulation (GDPR) came into force on 25th May 2018. This statement sets out the information required by customers, suppliers and others that have a relationship with KPC Leisure Limited (KPC).
1 Data Protection Officer
1:1 KPC does not require a Data Protection Officer, but Paul Limb, KPC Director, is the main point of contact for any Data Protection issues.
2. Processing of Data
2:1 KPC deals with the customers, suppliers and contractors. All information about people, irrespective of the context, will be treated with the same level of care.
2:2 KPC is both Controller and Processor of the data that it holds. It uses data to: • Raise invoices • Pay invoices • Communicate
2:3 No unnecessary data is held. No sensitive data is held.
2:4 Data is held in five ways: • Web Server • Accounting Software • E-mail • Iphone/Ipad/Icloud • Hard Copy Paperwork kept for accountancy reasons
2:5 Other parties that we share data with KPC does not routinely share information with contractors and suppliers. Customer contact information will, with consent, been given to identified contractors or suppliers for specific purposes/jobs.
2:6 Contractors KPC requires contractors to submit a GDPR statement about how they manage and control data. Our Terms and Conditions require them to remove access/delete any data that they have used as a part of their contract. Data is accessed by desktop/laptop and other mobile devices. All such devices have password or other device-specific security. All passwords are complex.
3. Web Server
3:1 Some data is held on a web server, which is hosted by Jubilee Computing Ltd.
3:2 The computer is password secured.
4. Accounting Software
4:1 Spreadsheets are used for accounting.
4:2 Accounting data is held on a Xero server housed in an office secured by alarms connected to a monitoring service.
5. E-mail
5:1 KPC uses a webmail service for e-mail, with local copies of e-mail on laptops, telephones and tablets. All devices are password secured.
5.2 The email hosting service is provided and secured by Jubilee Computing Ltd
6: Access to Data
6:1 Should you want to see the data that we hold about you, please contact P Limb at sales@kpcleisure.co.uk.
7. Deletion of Data
7:1 Should you want us to delete the data that we hold about you, please contact, P Limb at sales@kpcleisure.co.uk.
7:2 Please note KPC cannot delete financial or contractual information for seven years.
8. Data Breach
8:1 It will be mandatory to report a personal data breach under the GDPR if it's likely to result in a risk to people's rights and freedoms.
8:2 If we are notified of, or detect, a data breach we will first investigate to ensure that the source of the breach is identified and, if necessary, closed. If our investigation shows that there has been a breach, we will: • Notify the Information Commissioner's Office and other bodies as appropriate • Assess the level of risk of the accessed data • Notify those impacted by the breach and inform them of any actions that they should take • Take appropriate steps to stop the breach being repeated.
"We've been researching the GDPR and modifying many of our internal practices and policies over the last year, because we are committed to achieving compliance with the GDPR in 2018. For example, we're in the process of updating our Data Processing Agreement and third-party vendor contracts to meet the GDPR's requirements. As further guidance is released and our research progresses, we'll continue to look for ways we can help our users around the world get ready for the GDPR."
Your privacy is very important to us. We use your name and other data relating to you only in the manner set out in our privacy statement. We use your personal data only in a way that is fair to you. We keep your information only for so long as is needed for legal requirements or relevant for the purposes for which it was collected.
By submitting personal information to us and using this website, you consent to our use of your personal information in its collection, storage and processing.
*Previous Policy*
If you have any questions, comments or suggestions about the way in which we use your personal data or if any of your personal data changes, please email us at info@kpcleisure.co.uk.
You may request details of personal information which we hold about you. If you would like details of the information held on you please email us.
We may also collect certain information about your computer hardware and software. This information is used for the website's operation and to provide general statistics regarding use of the website. We may also collect information about which pages you visit within the website.
We may occasionally use other organisations to provide limited services on our behalf, for example to mail out newsletters. We recommend that you check the privacy and security polices and procedures of all other websites you visit from our website.
We will endeavour to maintain the confidentiality and security of your personal information both online and offline.
The website may contain links to other websites. Please be aware we are not responsible for third parties' privacy practices or the content of their websites. Links to and from the website do not imply endorsement of third party services.
We will attempt to ensure that the information available on the website at any time is accurate. However, we will not be held liable for any errors or omissions, nor for what might arise from your use of and reliance on the information contained on the website. We will make all reasonable endeavours to correct errors and omissions as quickly as practicable after becoming aware or being notified of these.