Ref: PP_KBS Version 3 7th June 2022
This policy is provided to you by KBS Group which is responsible for the processing of your personal data and is the Data Controller for all such information. We regard your privacy as very important.
Being transparent and providing accessible information to you about how we use your personal information is a key element of the Data Protection Act (DPA) 2018, EU General Protection Regulation (GDPR) and UK General Data Protection Regulation (GDPR).
We describe below the type of personal information we may collect from you and the purpose for our collection of it. If you use a specific KBS service, we will usually let you know how that service will use your personal information via separate service and project specific Privacy Notices. These provide further details on how we process your personal data.
- Data Controller
A Data Controller is an individual or organisation that determines the purposes and means of processing personal data. KBS Group is registered as a Data Controller with the Information Commissioner’s Office.
As a Data Controller we take all necessary steps to comply with the DPA 2018 and the UK GDPR/EU GDPR when handling any personal information.
2. Why do we need your personal information?
As a business, KBS delivers services to you. In order to do this in an effective way we will need to collect and use personal information about you. Where we can, we will only collect and use personal information if we need it to deliver a service or meet a legal requirement. The services we deliver to you include:
- order processing,
- contract management,
- contract engagement,
- Business scoping and discovery activities,
- marketing campaign engagements,
- webinars, events and meetings
- sign up newsletters
- requests for information
- access to information requests,
- customer services,
- job Applications
- employee documentation
3. How do we protect your information?
The personal information that we collect from you must be handled and dealt with properly, covering how it is collected, recorded and used whether it is on paper, in computer records or recorded by other means and how long it is kept.
The DPA 2018 and the GDPR ensure that we comply with a series of data protection principles. These principles are there to protect you and they make sure that we:
- Process all personal information lawfully, fairly and in a transparent manner.
- Collect personal information for a specified, explicit and legitimate purpose.
- Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
- Ensure the personal information is accurate and up to date.
- Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
- Keep your personal information securely using appropriate technical or organisational measures.
4. What personal information do we collect?
Personal information covers anything that identifies and relates to a living person. This includes information that, when put together with other information, can then identify a person. For example, this could be your name together with your contact details.
5. Do we use Surveillance cameras and CCTV?
Closed Circuit Television (CCTV) is operated in our Head Office at 159 Dargan Crescent and Warehouse Operations at Westbank Drive. The purpose of our use of CCTV is for staff safety and crime prevention and detection. The footage from these cameras is normally held for 30 days.
Our fixed cameras are prominently situated in areas to which the public have unrestricted access and within public view. All our CCTV usage has clear signage stating that CCTV is in operation.
6. Who do we share your information with?
To ensure that KBS provides you with an efficient and effective service we will sometimes need to share your information between teams within KBS as well as with our partner organisations that support the delivery of the service you may receive, for example:
Vendor and Supply Chain Partners
Credit Card Companies
Third Party Partners
Third Party Transaction-level Data
Law Enforcement and Protection of Users
We may also need to supply your information to other organisations we have contracted to provide a service to you. We will only ever share your information when necessary for performance of a statutory public task or with your consent and if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.
Before sharing information KBS will ensure that:
Privacy Notices are completed if appropriate.
Technical security such as encryption and access controls are in place to keep information secure.
Data Sharing Agreements are completed showing the rules to be adopted by the various organisations involved in the sharing exercise.
Data Protection Impact Assessments are completed to assess any risks or potential negative effects.
Common retention periods and deletion arrangements are set for the information.
Subject access rights are catered for.
We do not sell your personal information to anyone else, nor do we share your personal data with third parties for marketing purposes.
Details of transfers to third country and safeguards
If your personal data needs to be transferred outside of the EEA we will make sure that an adequate level of protection is in place.
7. How long do we keep your personal information?
We will only keep your information for as long as it is required to be retained. The retention period is either dictated by law or by our discretion controlled by procedures. Once your information is no longer needed it will be securely and confidentially destroyed.
8. Your rights
You have certain rights under the Data Protection Act 2018 and the EU GDPR, UK GDPR. These are:
- The right of access to any personal information KBS holds about yourself.
- The right to be informed via Privacy Notices.
- The right to withdraw your consent. If we are relying on your consent to process your data then you can remove this at any point.
- The right to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
- The right of rectification. We must correct inaccurate or incomplete data within one month. If this data has been shared with other organisations we must also inform those organisations of any changes so they can update their records.
- The right to restrict processing. We can retain just enough information about you to ensure that the restriction is respected in future.
- The right to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.
- The right to object. You can object to your personal data being used for profiling, direct marketing or, in some circumstances, research purposes.
- You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.
If you want to exercise any of these rights, then you can do so by contacting us:
Information Governance Team
159 Dargan Crescent
9. Data Protection Leads
Monitoring KBS compliance with the GDPR and other data protection laws. Monitoring our data protection policies, awareness-raising, training, and audits.
Providing advice and monitoring the Data Protection Impact Assessment process.
Acting as a point of contact for the Information Commissioner’s Office (ICO) and, employees and members of public on any matter relating to Data Protection.
Data Protection Leads are:
Gary McIlveen – Data Protection Lead KBS NI Ltd
Karen McKee – Data Protection Lead KBS Computer Supplies Ltd