Privacy Policy

Privacy Policy

1.0 OUR USER PRIVACY AND DATA PROTECTION

We take user privacy and data protection very seriously

We understand we have a duty of care to the people within our data

We only collect and process data when absolutely necessary

We will never spam you

We will never sell, rent or otherwise distribute or make public your personal information

This privacy notice will let you know what happens to any personal data you give us or that any we might collect from or about you.

 2.0 RELEVANT LEGISLATION

Kynex complies with the following national and international legislation with regards to data protection and user privacy:

UK Data Protection Act 1998 (DPA)

EU Data Protection Directive 1995 (DPD)

EU General Data Protection Regulation 2018 (GDPR)

Specifically, our website, internal business and IT systems comply to said legislation.

 3.0 PERSONAL INFORMATION THAT WE COLLECT AND PROCESS

 Personal details, contact details: Title, full name, date of birth, mother’s maiden name, bank details, contact details including address, mobile and landline.

Products and services you hold with us, as well as have been interested in and associated payment methods used.

The usage of our products and services, including landline and mobile numbers you have called with associated minutes.

Product and service information, including any current and previous packages.

Personal information obtained from Credit Reference agencies, including public (including defaults and CCJs) and shared credit history, financial situation and financial history.

Your residency and/or citizenship status, if relevant, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK.

Call recordings, between you and Kynex staff for training and quality purposes.

4.0 THE SOURCE OF YOUR PERSONAL INFORMATION

Personal information is collected from the following sources:

From you directly.

Information generated about you when you use our products and services.

We buy information from third parties including name, address, landline and mobile number.

Data that is provided by verified third party call centres, who are GDPR compliant.

5.0 PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT

This website collects and uses personal information for the following reasons:

5.1 Google Analytics 

We use Google Analytics to collect website metrics and track user interaction.  The data is used to determine the number of visitors, how long visitors stay on the website and what pages they are viewing.  We do this to drive improvements into the website and to provide a better user experience.  Google Analytics provides geographical location, device, internet browser and operating system although we will never be able to identify you personally.  We do not have access to your computer’s IP address.  Google Analytics uses cookies which can be found on Google’s developer guides.  Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to pages within this website.

5.2 Contact Forms and email links 

If you wish to contact us via our contact us page, your data will not be held on this website or be passed to any third party data processors.  The data will be collated into an email and sent to us over the SMTP. The email content is then decrypted by our local computers and devices.

5.3 Email newsletter 

If you sign up to our newsletter, the email address you provide will be forwarded to MailChimp who provide us with email marketing services.  MailChimp are a third party data processor.  The email address supplied will not be stored within our website’s database or on any internal computer system.

Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing and if this changes we will inform you.  You can also specifically request removal from the list by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. Please send your email to us using the email account that is subscribed to the mailing list.

If you are under 16 years of age you must obtain parental consent before joining our email newsletter.  You will receive periodic newsletter emails from us, approximately once a year.

6.0 OUR THIRD PARTY DATA PROCESSORS

This website uses third parties to process personal data on our behalf. All of them comply with the legislation. The following third parties are based in the USA and are EU-U.S Privacy Shield compliant:

Google (Privacy policy)

MailChimp (Privacy policy)

7.0 WHAT DO WE USE YOUR PERSONAL DATA FOR?

For assessing and processing your application including the consideration about whether or not to offer the product or service and associated credit, the price, risk of doing so, availability of payment method and terms.

Providing the service including collecting direct debit payments, provisioning your line, notifying Openreach engineers and you if an engineer visit is deemed necessary.

Ensuring your records are kept up to date, tracing your whereabouts and recovering debt.

To offer you an improved package or service in the future should one become available.

Managing all aspects of your service.

To perform and test the performance of your service.

To improve the operation of our business and business partners.

To record calls between you and our staff for quality assessments and training purposes.

For direct marketing communications to help us offer you relevant messages regarding our services or information about the business. We may send you a limited amount of marketing messages to you via SMS, email, phone, post and social media channels.

To process any donations, where relevant, to any of our chosen charities.

8.0 WHAT ARE THE LEGAL GROUNDS FOR OUR PROCESSING OF YOUR PERSONAL INFORMATION?

If you have ordered or take a service from us, we are entitled to process your information so we can provide you with a service and bill you for this.  Our lawful grounds for processing your data is that it is necessary for entering or performing a contract with you, the data subject.

For assessing your application for our services including whether to offer you the requested service and associated credit.

Updating your records, tracing your whereabouts and recovering debt if relevant.  In some instances, this information will be passed to a third party debt collection agency.

Managing all aspects of delivering the service to you as detailed in your contract including sharing your information with business partners to be able to service your account.

To perform and to test our services that we provide to you.

To carry out credit checks using a third party Credit Reference Agency.

Secondly, if we want to collect and use your information for other purposes, this will be with your consent:

For some direct marketing messages, either service related or information about the business.

Consent will be collected using a positive action from you, such as ticking a box, in a clear and unambiguous way.  You are also free to remove your permission at any time.

Thirdly, it may be that contacting you falls within a legitimate interest.  This may occur for example, that we have met you at an event and exchanged business cards.

9.0 WHEN DO WE SHARE YOUR PERSONAL INFORMATION WITH OTHER ORGANISATIONS?

We share information with companies mentioned above including:

Debt collection agencies

Business Partners (including telecoms suppliers, financial institutions)

Back up and server hosting providers, IT software and maintenance providers

Credit reference agencies

Additionally:

External billing providers

Government and regulatory bodies such as HMRC, Ofcom, The Ombudsman, CICAS.

External human resource and employment law providers

10.0 CALL RECORDINGS

Call recordings are kept in a secure and encrypted file that is password protected and only accessed by the IT Manager (who is also our Data Protection Officer).  Should another Manager require access, a unique password is provided for that file.

Where calls are held on behalf of our business customers and we are acting as a data processor, the call recordings are downloaded onto a secure FTP site.  Only the IT Manager (DPO) and Tech Manager have access to these.  The customer is provided with a unique password and after they have downloaded their call recordings, they are deleted immediately.

11.0 HOW AND WHEN CAN YOU WITHDRAW YOUR CONSENT?

Where we’re relying upon your consent to process personal data you can withdraw this at any time by contacting us using the following email address: [email protected]

12.0 DATA BREACHES

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen. We have a full internal data breach process which is available upon request.

13.0  KEEPING PERSONAL DATA UP TO DATE

If your personal details change, you should tell us as soon as possible, either by emailing [email protected] or using the contact us form on our website www.conceptdatasolutions.co.uk. We will do our upmost to keep our personal records up to date and may contact you to ensure your details are correct.

14.0 DO YOU HAVE TO PROVIDE YOUR PERSONAL INFORMATION TO US?

It is not possible to deliver our services to you if certain information is not provided.  If there are instances where providing information is optional, we will make this clear in our marketing preferences.

15.0 ACCESSING YOUR PERSONAL DATA

You have the right to access the personal data we hold on you.  You can make a Subject Access Request (SAR) by emailing [email protected] or using the contact us form on our website www.conceptdatasolutions.co.uk. We will respond to your request within 28 days however we do reserve the right to take up to two extra months for extensive requests as per the ICO website: ico.org.uk/your-data-matters/your-right-of-access/.  You will be informed within 28 days if we need the extra time.

16.0  FOR HOW LONG IS YOUR PERSONAL INFORMATION RETAINED BY US?

Your personal information is held for as long as it reasonably takes us to fulfil our business commitment to you.

Once the contract has come to an end, we will keep your data as long as someone could reasonably bring a claim against us.

Retention periods in line with legal and regulatory requirements or guidance.

17.0  EMAIL MARKETING

B2B email marketing is still acceptable under GDPR.  The data for some email campaigns has been bought from a reputable and GDPR compliant data organisation. Consent is generally obtained on all marketing data at point of collection and is renewed by the data company periodically.  However, it is important to note that consent is not the only valid ground for processing data under the GDPR. Due to the stringent consent requirements, including the need for granularity (which is difficult to achieve for the data company and its suppliers, due to the size and broadness of our customer bases), the data company is continuing to supply marketing data on “legitimate interests” grounds under GDPR and Kynex is legally covered by this legitimate interest.

This is specifically acknowledged in recital 47 of the GDPR as being a plausible ground for marketing (“The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”). In our case, we rely on legitimate interests on the basis that a business has made its details available and it is for the benefit of all businesses that marketing is facilitated. For businesses which do not wish to receive marketing, there are legitimate means to prevent it, including not supplying the details for inclusion in business registers, objecting to direct marketing under the GDPR, and/or registering with the TPS/CTPS.

In the case of non-limited businesses, the Privacy of Electronic Communications Regulations apply and dictate that express must be obtained, and the data company complies with this legal requirement.

The data company remains the data controller in all instances, and is wholly responsible for all its processing activities and ensures it only shares personal data when it is lawful to do so.

All emails sent from Kynex give a clear, unambiguous opt out and if selected, you will be removed from all future mailings and added to a suppression list to ensure you receive no future contact.

18.0 THIS PRIVACY POLICY ALSO APPLIES IF YOU ARE NOT A CUSTOMER OF Kynex

This Privacy Policy applies even if you’re not one of our customers and you interact with us such as by:

Using one of our products or services paid for by someone else.

Taking part in a survey or trial.

Entering a prize promotion.

Calling our help desk.

Enquiring about our product or service.

19.0 WHAT DOESN’T THIS PRIVACY POLICY APPLY TO?

This Privacy Policy does not apply to any employees within Kynex.  We have a separate policy designed for our employees’ data that is held internally.  It also does not cover any other organisations or call centres who advertise and sell our products and services.

20.0 CHANGES TO OUR PRIVACY POLICY

We may change this privacy policy from time to time in line with legislation or industry developments. We will not contact our clients or website users of these changes but all changes will be notified on this page.

11/07/2023