Key Capital Partners LLP (“KCP”) is committed to protecting your personal data and your privacy. We endeavour to ensure that any personal data we collect about you will be held and processed strictly in accordance with the Data Protection Act 1998 (DPA) and, on and from 25 May 2018, the European General Data Protection Regulation (GDPR). The terms Personal Data, Data Controller and processing have the meanings given to them in the GDPR unless otherwise indicated.
• by you interacting with us as a prospective, current or former client and in connection with ongoing services we are providing to you or your organisation;
• by you submitting information to us through our website http://www.keycapitalpartners.co.uk or when you hand over a business card to a member of staff.
2. Identity and Contact Details of Data Controller
For the purposes of the DPA and the GDPR, KCP is the controller of your data. If you have any queries regarding this policy or complaints about our use of your data, please contact us at the address below and we will do our best to deal with your complaint or query as soon as possible.
Key Capital Partners LLP
13 Park Place
3. Your data
When we collect personal data about you, this will comprise a combination of one or all of the following:
• your name;
• your contact details, consisting of professional / work telephone / mobile number, email address and office address;
• your job title;
• the name of your employer.
We may in exceptional circumstances collect data about any past criminal convictions where you have disclosed this to us in the course of business.
We will neither collect not hold any other personal data relating to any of your personal financial situation, ethnicity, religion or other data that might be described as sensitive.
4. What we use your data for
The table below sets out the purposes for which we may process your data and the legal basis for the processing:
To provide services to you
We are unable to provide services to you unless you disclose personal data to us. That may include the services set out in our Engagement terms with you or our response to any enquiry you have submitted.
As such, your disclosure of personal data to us is on the legal basis of our performance of our contract with you and our legitimate interest in so doing.
To respond to requests for information from regulated bodies or government agencies
Exceptionally we may be requested or required to disclose to (for example) the Financial Conduct Authority details about you and the services we provide. As such, our disclosure of your personal data to us is on the legal basis of our performance of our compliance with a legal obligation or our legitimate interest in so doing.
To keep you informed of any activities undertaken by us which we believe may be of interest to you
This use will include sending you email and postal marketing
5. Who we share your data with
Please note that we may on occasion be required to share your information with third parties who provide services on our behalf. For example, we use Sugar CRM to provide marketing automation services. We have taken steps to ensure that all such entities keep your data confidential and secure and only use it for the purposes that we have specified and have informed you of. Our service providers are subject to data processing agreements that are, or are in the process of being updated to become, compliant with the requirements set out in the GDPR.
In relation to any other third parties, we will only disclose your information in the following circumstances:
• where you have given your consent;
• where we are required to do so by law or enforceable request by a regulatory body;
• where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
• if we sell our company, go out of business, or merge with another company.
6. Retention Period
Any information we use for marketing purposes purposes will be kept with us until you notify us that you no longer wish to receive this information, unless we request your consent to store it for a longer period.
7. Your Rights in relation to your data
Under the GDPR, you will have the following rights in relation to how we process your data:
• Right to request access – you may obtain confirmation from us as to whether or not your data is being processed and, where that is the case, access to your data.
• Right to rectification and erasure – you have the right to obtain rectification of inaccurate personal data we hold concerning you and to obtain the erasure of your data without undue delay in certain circumstances.
• Right to restriction of processing or to object to processing – you may require us to restrict the processing we carry out on your data in certain circumstances or to object to us processing your data.
• Right to data portability – you have the right to receive your data in a structured, commonly used and machine-readable format.
• Right to withdraw consent – where you have provided your consent to us processing your data, you have the right to withdraw your consent at any time. This can be done by contacting us at the above address at any time or by clicking the “unsubscribe” link on any marketing communications you receive from us.
• Right to lodge a complaint – you may lodge a complaint with the Information Commissioner’s Office.
8. Additional Information
There is no statutory or contractual requirement for you to provide your data to us and you are not obliged to do so. Please note, however, that we may not be able to provide you with the services you have requested if you do not provide your contact details.
We do not undertake automated decision-making or profiling on your data.