KOR Communications (“We / Our”) are committed to protecting and respecting your privacy.
By visiting www.korcommunications.co.uk (our site) you are accepting and consenting to the practices described in this policy.
For the purpose of the General Data Protection Regulation (“GDPR”) the data controller is KOR Communications, The West Wing, Old Broadclyst Station, Exeter, Devon, EX5 3AS.
We reserve the right to make changes to this notice as necessary. When we do so we will make previous versions available on request so you can see what these changes are.
GDPR states that the personal data we hold about you must be:
- Processed fairly and lawfully;
- Used in a way that you would reasonably expect;
- Collected and used only for valid purposes that we have clearly explained to you;
- Relevant to the purposes we have told you about;
- Accurate and kept up to date;
- Kept only for as long as necessary for the purposes we have told you about;
- Kept securely including ensuring that appropriate technical and security measures are in place to protect your personal data from loss, misuse, unauthorised access and disclosure.
What is personal data?
Personal data is defined by the Information Commissioner’s Office (ICO) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.” This may include but is not limited to name, address, email, identification number, location data or online identifier. Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual.
Information we collect from you
We may collect the following information:
- Names, titles and job titles;
- Contact details such as telephone numbers, addresses and email addresses;
- Photography and video;
- Where relevant or where you provide them to us, we may collect information such as gender, date of birth, national insurance number, marital status, employer, passport details, and dependants;
How we collect your data
You can give us your personal data in a number of ways. For example:
- When you become a client or do any form of business with us;
- When you make contact with us through our website, via email, on social media, via telephone or by post;
- When you become a supplier or prospective supplier;
- If you apply for a job.
When we collect data from you we will ensure it is adequate for the purpose and never excessive.
How we use your personal data
We require personal data to provide the service you have requested or for other purposes that will have been made clear to you, including:
- To carry out our obligations arising from any contracts entered into between you and us;
- To provide you with the information and services that you request from us;
- To notify you about changes to our service;
- To ensure that content from our site is presented in the most effective manner for you and for your computer;
- To contact you about a submission you have made to the website, or contact you have made via email, on social media, via telephone or by post;
- For internal record keeping;
- For management reporting and business planning to monitor our own activities;
- For other legitimate business purposes;
- To keep you updated on our activities;
- To contact you for market research purposes, for example to obtain feedback about the service you have received;
- Disclosures required by law – the law can require the disclosure of information for various reasons and in such circumstances, we must comply with those requests.
You may opt-out of receiving updates and other information at any time by emailing firstname.lastname@example.org or using the unsubscribe link in the footer of each email or contacting us by post or telephone (see contact details at the end of this notice). We will then delete all the data we hold about you, unless it is required for business purposes.
Who we share your personal data with
In the course of business, we may share information with carefully selected organisations which we engage with to provide certain services or to meet our legal obligations. These include:
- Software suppliers and tools including MailChimp, Sprout Social, Google Analytics and Response Source;
- Website developers AB Multimedia Limited;
- On occasion, we will user printing companies for Mail Merge communications, or similar;
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users;
- In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If KOR Communications Ltd or substantially all of its assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets;
Sending data outside the EEA
Any personal data transferred to countries or territories outside the European Economic Area (“EEA”) will only be placed on systems complying with measures giving equivalent protection of personal rights, either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data may be accessed from overseas.
How long do we keep your personal data
We will endeavour to keep data only for as long as we need it and delete it when no longer required.
- When submitting a request or message online, we will keep the data for as long as it takes to process your request.
- When applying for a job, we will keep your information until the application closing date. In some cases, we may wish to keep your data on file for future job vacancies but will seek your consent to do so.
- When sharing data to become a client or to do business with us, we will keep data for the length of the contract and review what data will be deleted or returned to you upon termination of contract.
- When you become a supplier or prospective supplier we will keep data for as long as we require your services.
Your rights and personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
- The right to access personal data we hold on you
- The right to correct and update the personal data we hold on you
- The right to have your personal data erased
- The right to object to processing of your personal data or to restrict it to certain purposes
- The right to data portability
- The right to withdraw your consent to the data processing
- The right to lodge a complaint with the Information Commissioner’s Office – details for contacting them are available here.
When we receive your request for any of the above, we will confirm what actions we have taken or the reason why we are not complying with your request.
Cookies and other forms of tracking
GDPR: Film, Photography and Audio recordings
Under GDPR personal data is defined as any information that could be used to identify an individual. As such, under these regulations, photographs, videos and audio recordings where the subject is easily identifiable are considered data and therefore KOR will process them in the same manner as other forms of data. This includes the capturing of the data (ie taking the photograph, filming & recording audio) and storing it.
When a subject is easily identifiable in a photograph, a film or audio recording, KOR will gain the persons consent by asking the subject to sign a photography/ film/ audio release form which will include information about how the photographs, film and audio will be used, distributed and stored. KOR will scan and store the forms in the appropriate project folder so that at any time in the future the data subject can be identified against the image or can ask to see what data you hold on them and for them to request to have it deleted or transported to another controller.
When a subject is below the age of 16 (although this may be lowered to a minimum of 13 in the UK), KOR will seek consent from the child’s parent or guardian and they will be asked to sign the release form on behalf of him / her.
- To help with identification when filming or recording audio, the KOR team will encourage the data subject to say ‘on camera’ their name and that they give consent to being filmed or recorded in this way.
- Where appropriate the KOR team will seek permission from the venue / location to undertake photography or filming.
- When taking crowd photographs or film shots it may not be possible to get consent from each individual. KOR will make sure that the photography or filming is undertaken under the legitimate interest basis due to the fact that their data is being used in a manner which they would “reasonably expect” and with minimal impact on their privacy. To mitigate any potential risk KOR, where possible, will endeavour to announce or make visually clear its intention to photograph or film an event and to ask attendees to make it clear if they would prefer not to be filmed or photographed.
- Where possible the KOR photographer or cameraman will be instructed to get a range of crowd photographs or film on the chance that someone may object to their image being used in a particular shot.
- KOR will always consider existing privacy laws.
Storage and security
We constantly review our security and follow the guidelines set out by our professional body the PRCA.
KOR office – physical assets;
- Our office is alarmed and our main door (the only external door) is locked at all times.
- Key internal doors are locked at night
- Our server is kept in a locked cabinet
- Network firewall
- Email virus scanning
- Daily backups made and stored off site
All digital media created by KOR in the form of photographs, film or audio is stored on its office-based server. It is backed up initially onto a NAS drive and then again onto a series of 3 portable hard drives which when not in use are stored off site in a KOR Director’s alarmed house.
If you have any questions regarding this statement or you wish to discuss your data, you can contact KOR’s data protection representative:
- Email: email@example.com
- Telephone: 01392 466733
- Post: Guy Newman, KOR Communications, The West Wing, Old Broadclyst Station, Exeter, Devon, EX5 3AS