General Data Protection Regulation
(GDPR) – How we look after your data.
This Privacy Notice explains what this means to you
What is GDPR?
New legislation came into effect on 25th May 2018 which changes the obligations for businesses that store and process data on individuals. As a K2 Subscriber, the regulations apply to the data we hold about you.
This notice (called a Privacy Notice) explains the data we hold about you, why we hold it, how long we hold it for and your rights to access and review your data should you wish to.
We hold the necessary details to enable us to offer you services within the K2 Network. For example, we hold your name, address, contact telephone number(s) and email address. When you become a K2 subscriber we ask you to supply this information.
Marketing and communications
Our communications are created with the aim of providing you with any relevant information to add value to your membership of the K2 Network.
For your protection
We may hold some data specifically to protect both our Tradesman and you, as a subscriber. Within GDPR we must have a lawful basis for holding and using your data. Lawful bases are important because they affect the rights you have to access and review your data (we discuss this in a later section). In supplying your services, our lawful basis is concerned with fulfilling our “Contract” with you. For the other reasons, we rely on the fact that we have a “Legitimate Interest” in using your data for the purposes explained in this document. For ongoing digital communications, we rely on your continued consent. We will only use your personal data for the purposes which we collected it, if we need to process your personal data for an unrelated purpose, we will notify you beforehand.
Where do we get your personal data from?
The personal data we hold about you generally comes from you. It is captured in a variety of ways both directly and indirectly. An example of direct capture includes the details you supply when joining the K2 network. Indirect data includes monitoring the way you may browse our Website and view emails.
How we protect your data
We store our data within the EU / EEA. We hold data on our IT systems. We use password security to limit access to our computer systems and ensure that those who access them have appropriate access to fulfil their legitimate interest in the data we hold. Ourselves and our data processing partners are subject to a duty of confidentiality when handling your data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long do we hold the data for?
We will only use and store information for as long as it is required for the purposes it was collected. How long information is stored depends upon the information in question and what it is being used for. We maintain your personal data for as long as you remain a K2 subscriber.
Who do we share your data with?
We may share your data with K2 Assured Tradesmen. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
Your rights to review the data we hold
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (not applicable where it is necessary for us to use the data for a lawful reason)
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Some of these rights may be limited depending on the lawful basis for which the data is processed.
You will have full access to view the K2 Assured portal and in addition, you have the right to access the data we hold about you by submitting a “Subject Access Request”. Details of how to do this are included in the next section. You have the right to object to us using your personal data, however, this may affect our ability to continue to grant you K2 subscriber status. If you object, we will make you aware of the implications of doing so.
Who you can contact if you have a query
If you have a query, if you wish to object to us using your personal data, if you wish to make a complaint about how we have handled your personal data, or if you wish to make a Subject Access Request, you can contact us by emailing: firstname.lastname@example.org quoting ‘GDPR’ in the subject line.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). The ICO is the UK supervisory authority for data protection issues.
K2 Contracts is the “Controller” of your personal data. Our business address is: Lletty Forge Barn, Llandyfan, Ammanford, SA18 2UB. You may write to us at this address.
We keep this Policy under regular review.
We may change this privacy notice from time to time. If so, we will notify you by email or website update or otherwise.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.