Privacy Notice
Introduction
Kiros Partners Limited (“Kiros” or “we”) is committed to protecting the security and privacy of data subjects’ (“you” or “your”) personal data when processing the same.
Kiros endeavours to ensure that any personal data we collect about you will, where relevant, be held and processed in accordance with the UK General Data Protection Regulation (“UK GDPR”) and associated national laws, rules and guidance in force in the United Kingdom from time to time.
Scope
This Privacy Notice demonstrates how we handle the personal data you provide to us, or which we collect about you, in the following ways (your “Data”):
- by you submitting Data to us through our website www.kirosdata.com or from what we learn about you from your visit to our website;
- by you or a third party (such as your employer) submitting information to us when you complete one of our surveys;
- by you or a third party (such as your employer) submitting Data to us in the course of us providing services to you or a third party (such as your employer);
- by you or a third party (such as your employer) submitting Data to us where we are seeking to obtain services from you or a third party (such as your employer) as a supplier/service provider;
- as a result of us using your Data (whether obtained from you, a third party or the public arena) to contact you about potential investment opportunities in connection with our appointment to provide advisory services to our clients;
- as a result of us collecting Data about you from third party sources such as Preqin, organisers of events we sponsor or other publicly available sources, such as your employer’s website; and
- as a result of you applying (directly or indirectly through a third party) to be employed by us.
Identity and contact details of data controller
Where Kiros is not acting as a data processor, Kiros Partners Limited will be the controller of your Data. Additionally, in certain circumstances, we may agree with our clients that both we and our clients will act as joint controllers or controllers in common in connection with the processing of Data.
If you have any queries regarding this policy or complaints about our use of your Data, please contact us at info@kirosdata.com.
If you would rather contact us by post, please use the following address:
Kiros Partners LimitedDns House, 382 Kenton Road
Harrow, Middlesex, HA3 8DP
FAO: Data Processing
What we use your Data for
The table in Schedule 1 to this Privacy Notice sets out the categories of your Data that we hold, the purposes for which we may process your Data and the legal basis for the processing.
Kiros may use any of the following Data belonging to you for direct marketing purposes:
- name;
- telephone number(s);
- residential and/or correspondence addresses; and
- email address(es).
Your Data may be used for the direct marketing of any of our products and services which at present include the provision of IT consultancy services together with any related services that we may provide from time to time.
You may decide whether or not to allow us to use your Data for direct marketing and may opt out of receiving any direct marketing communications from us either at the time at which the communication is received or at any other time by contacting us using the info@kirosdata.com email address.
Your Data has been collected by us on a voluntary basis. If you do not wish for us to process your Data, please contact us using the details set out above. If we are unable to process your Data, we will not be able to involve you in any of our service activities.
Data security
We have put in place appropriate security measures to prevent your Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Data to those individuals who have a business need to know. We have put in place procedures to deal with any suspected Data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Who we share your Data with
We may on occasion be required to share your Data with the following categories of recipients:
- third parties who provide services to us or on our behalf. A full list of all our third-party service providers that potentially have access to your Data is available on request.
- other Kiros clients and corporate finance contacts where this is necessary in connection with the performance by us of services to our clients;
- in other cases where we are required to do so by law or enforceable request by a regulatory body;
- where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; or
- if we sell our business, go out of business, or merge with another business.
International Transfers
In certain circumstances, we may transfer your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the UK GDPR and European General Data Protection Regulation (“EU GDPR”).
Retention Period
We will only retain your Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, tax, regulatory or reporting requirements.
To determine the appropriate retention period for your Data, we consider the amount, nature, and sensitivity of your Data, the potential risk of harm from unauthorised use or disclosure of your Data, the purposes for which we process your Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
As a general rule this means that your Data will be stored for a maximum period of 6 years from the date on which our relationship with you ends, after which time it will be put ‘beyond use’ if it is no longer required for the lawful purpose(s) for which it was obtained.
Your rights in relation to your Data
Under the UK GDPR, you have the following rights in relation to how we process your Data:
- Right to request access: you may obtain confirmation from us as to whether or not your Data is being processed and the kind of personal data held by us and, where that is the case, you may request access to your Data together with details of our policies and practices in relation to personal data;
- Right to rectification and erasure: you have the right to obtain rectification of inaccurate Data we hold concerning you and to obtain the erasure of your Data without undue delay in certain circumstances;
- Right to restriction of processing: you may require us to restrict the processing we carry out on your Data in certain circumstances;
- Right to data portability: you have the right to receive your Data in a structured, commonly used and machine-readable format[cite: 36];
- Right to withdraw consent and object to processing: where you have provided your consent to us processing your Data, you have the right to withdraw your consent at any time. Additionally, where we are relying on legitimate interests to process your Data you have the right to object to such processing. You also have the right to object to direct marketing which uses your Data. This can be done by emailing info@kirosdata.com at any time; and
- Right to lodge a complaint: under UK GDPR you may lodge a complaint with the supervisory authority for the United Kingdom, the Information Commissioner’s Office.
For further information on your rights under UK GDPR, please see the Information Commissioner’s website.
Please note that, in circumstances where you are seeking to exercise your rights as a data subject, we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your Data is not disclosed to any person who does not have a right to receive it.
Additional Information
We do not undertake automated decision-making or profiling of your Data.
We keep our data protection policy (including this Privacy Notice) under constant review and may change it from time to time to reflect our practices or to remain compliant with relevant legislation. We will notify you of any material changes to our Privacy Notice at which point you will be given the option to request that we cease processing your Data.
Schedule 1
Categories of data processed, purposes for processing and legal basis
| Data subject | Categories of data | Purpose | Legal basis for processing |
|---|---|---|---|
| Applicants | Personal details, "Family, lifestyle and social circumstances", Financial details, "Employment, training and education details", Physical or mental health details, Racial or ethnic origin | Creation of employment relationships | Necessary obligations, Legitimate interests, Legal compliance, Performance of contract, Consent |
| Website users | Personal details | Direct marketing, Responding to queries | Legitimate interests, Consent |
| Potential clients | Personal details, Organisational details, Goods and services provided | Client activities | Legitimate interests |
| Third party service and product providers | Personal details, Goods and services provided | Direct marketing, Client activities, Discharging contractual obligations, | Legitimate interests, Legal compliance |
| Partnership contacts | Personal details, Organisational details, Goods and services provided | Direct marketing, Surveys, Client activities | Legitimate interests, Consent |
| Clients | Performance of contract, Legitimate interests, Legal compliance, Consent |
Interpretation
- Consent
- In the context of the table above, should be construed as follows:
- Website users: consent given by the relevant user clicking on an ‘OK’ button embedded in a pop-up banner on the website covering the processing of Data using cookies;
- Potential clients contacts: may cover consent to process Data under UK GDPR but is really aimed at consent to receive marketing communications under relevant marketing laws. Consent here will be by way of soft opt in which means that we may contact corporate finance contacts and give them the opportunity to opt out of receiving further communications; and
- Clients: consent given by our clients in our advisory appointments for us to process Data provided under such appointment;
- Potential clients and partnership contacts
- any data subject entered in our CRM Database that is not a client;
- Direct marketing
- keeping data subjects informed of any activities undertaken by us which we believe may be of interest to the data subjects and this may include sending data subjects email and postal marketing from time to time, calling data subjects up or sending them requests to respond to a survey;
- Discharging contractual obligations
- covers our activities in connection with the discharge of our obligations under a contract with a third-party supplier or service provider. This will principally cover the processing of any Data provided to and by the counterparty;
- Client activities
- covers the day to day activities associated with our business which may involve:
- reviewing and evaluating IT consultancy opportunities and sharing potential clients details (including individual names, personal details, organisation and location) within Kiros and with associated service providers reviewing partnership contacts Data and sharing details (including individual names, personal details, organisation and location) within Kiros, with clients and with associated service providers;
- contacting clients and potential clients and partnership contacts by email and by telephone in order to present consultancy and/or collaboration opportunities; and
- sharing client Data provided by clients (such as individual names, organisation and location) with partnership contacts in order to present consultancy opportunities in partnership with other IT consultancy services providers.
- Legitimate interests
- in the context of our business means the day to day activities that are undertaken to service client work (i.e. providing IT consultancy services, including in partnership with third party providers) together with any associated middle and back office support activities;
- Responding to queries
- covers the processing of Data (name and email address) for the purposes of responding to any questions sent to us using the info@kirosdata.com email address which is presented on the website. In responding to queries, data subjects’ contact details will be stored; and
- Surveys
- from time to time clients and potential clients’ details (name and contact details) will be used to send individual data subjects survey requests. Such requests are entirely optional and will contain further details of any processing activities that we will be undertaken in connection with the Data provided.
Schedule 2
Legitimate interests
- Preventing fraud
- Direct marketing
- Intragroup transfers for administrative purposes
- Ensuring network and information security
- Reporting possible criminal acts to a competent authority
- Enforcement of legal claims (out of court)
- Whistleblowing and prevention of money laundering
- Physical, IT and network security
- Processing for (market) research purposes
- Processing in order to provide services
- Compliance
- Internal risk management
- Creating employment relationships
- Recordkeeping and disclosure
- General financial and regulatory reporting to authorities