Privacy Notice

This notice was last updated on: 21-04-2022 and is version 1.0

Welcome, our privacy notice is here to help you understand how we manage and protect your information as you use our website.

Scope

As a visitor to our website, this notice applies to you. We may also refer to you as a User.

Kennedy Business Solutions act as the ‘data controller’, and are responsible for determining the purposes and manner in which your Data is collected.

This notice does not apply to websites outside of our website domain (kennedybusinesssolutions.org) and its subdomains (subdomain.domain.co.uk). This includes any websites we provide links to.

Further information

About Us Kennedy Business Solutions is registered with the UK Information Commissioner as a data controller, our registration number is ZB323584

Links and Social Media This notice does not apply to websites outside of our website domain (kennedybusinesssolutions.org) and its subdomains (subdomain.domain.co.uk). This includes any websites we provide links to social media networks. Please refer to the relevant privacy policy for that website for details about how they process your personal information.

Other Relevant Policies This privacy policy should be read alongside, and in addition to the following additional terms, which also apply to your use of our site:

Definitions We use the following definitions in our privacy notice:

Data aka personal data: Any information you submit to our Website will be considered as Data.  This includes where applicable Personal Data, as defined by relevant Data Protection Laws.

Cookies: Are small text files placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website can be found within our Cookie Policy.

Data Protection Laws: Covers any applicable law relating to the processing of Personal Data, including the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679, Directive 96/46/EC (Data Protection Directive), and any national implementing laws, regulations and secondary legislation.

Kennedy Business Solutions, we or us: Located at 2 The Ivies, Church Street, Ashbourne, DE6 1AJ.

User or you: Any visitor that comes to see our Website, except for anyone who is either employed by us or is engaged in providing business services to us when accessing this website.

Website: The website that you are currently visiting, and any sub-domains of this site unless expressly excluded by their own terms of use.

General

You may not transfer any of your rights under this policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected

If any court or competent authority finds that any provisions of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that or any other, right or remedy.

This agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

Data we collect and how we collect it

Contact details icon

Contact Details

Such as your name, email address & telephone number.

 When you enter details into our contact us form or contact us directly via our contact details.

Technical Data icon

Technical Data

Collected as you use the website, including your IP address, browser type, version, device details.

 Automatically from the use of our website.

Further information

Sensitive or special category data: Just to let you know, we don’t use our website to collect anything categorised as special category information. For example racial or ethnic origin, political opinions, health data etc.

Children’s data: Our website and services are provided to businesses and are intended for use by those 18 or older. We do not knowingly collect personal data from anyone under 16 years old.

Cookies: We will collect your Data automatically via cookies, in line with your decision according to our Cookies Policy. For more information please see our Cookie Policy

How we use Data collected and why

Please keep us updated icon

Getting in contact with you

If you show interest in our products and services, for example by completing our contact us form, we’ll reach out and get in contact with you.

Improving our services and website icon

Providing our services to you

If you are a customer using our services we will use the information collected to help provide these services to you.

Marketing icon

Improving our services and website

Information we collect about how you use our website and services will be used to help us provide a better service and experience for you.

You're in Control

You may change your mind about how we get in contact with you, including opting-out (or into) receiving marketing material from us.
You can contact us via sherril.kennedy@kennedybusinesssolutions.com

Right to access icon

Internal record keeping

While operating our business and services we may need to use the information we have captured to evidence our legal compliance with applicable data protection law.

Lawful Basis for processing

Performance of a contract: this means processing your data where it is necessary for the performance of a contract, which you are a party to or take steps at your request before entering into a contract.

Legitimate Interest: where the processing of data is deemed necessary for the legitimate interests of our business, provided those interests are not outweighed by your rights and interests. If you object to our use of data collected you have the right to object in certain circumstances.  Please see the section “Your Rights” below

Comply with a legal or regulatory obligation: this means processing your data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Consent: where you have given clear consent for us to process your personal data for a specific purpose.

Our third-parties

We use a number of suppliers and third parties to help us provide our services and this may involve processing Data we capture. We’ve outlined our third-parties below with some links for further information.

Provider & Service Provided
Acting As
Data Storage Location
Data Storage Location
Krystal Hosting - Website Hosting
Data Processor
UK
Privacy Policy https://krystal.uk/terms#termsd ISO27001 Certificate: https://krystal.uk/blog/post/krystal-iso-27001-accredited
Calendly - appointment Bookings
Data Processor
USA
Data Processing Addendum: https://calendly.com/pages/dpa
HubSpot - our CRM system
Data Processor
EU and USA
Data Processing Addendum: https://legal.hubspot.com/dpa
Vimeo – video hosting
Data Controller
International
Privacy Policy: https://vimeo.com/privacy#data_we_collect_about_you
Google Analytics – website analytics
Data Processor
International
Data Processing Addendum: https://privacy.google.com/businesses/processorterms/ Datacentre details: https://www.google.com/about/datacenters/locations

How secure is the data we collect?

We will use technical and organisational measures to safeguard your Data, for example:

  • your use of this website is encrypted using secure HTTPS connections;
  • we store your data on secure servers;
  • we regularly update our website and its components;
  • we secure our site logins and services using multi-factor authentication
  • we will regularly back up our website.

Technical and organisational measures include measures to deal with any suspected data breach.

Suspect something's wrong?

If you suspect any misuse, loss or unauthorised access to your Data, please let us know immediately by contacting us via sherril.kennedy@kennedybusinesssolutions.com

Data Retention

Unless a longer retention period is required or permitted by law, we will only hold your data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Data be deleted.

Once we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.

Your Rights

Right to access icon

Right to access

You can request a copy of the personal data we hold about you at any time. Including supplementary information about our processing activities.

More information

Will I be charged? No, we won’t charge you for providing you with access to your personal data. The only exception where we would consider a charge for this service is if your request is manifestly unfounded or excessive.

How long will it take for me to receive this information? We will work to provide your requested information within 30 days of your request. If your request is complex or you are making multiple requests at the same time, we may extend this timescale by a further 2 months, if necessary.

Can we refuse a request? Typically we will work with you to provide the information requested, however there some exemptions. If we consider that a request is unfounded or excessive, we may refuse the request where we are legally permitted to do so. If we refuse a request we will write to you and explain the reasons why.

Will I need to provide ID? Yes, we may request you provide sufficient identification to verify you are the intended data subject before we disclose any information to you.

Right to correct icon

Right to correct

You can correct any personal data we may have if this information is incorrect or inaccurate. 

Please keep us updated

It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period of time we hold it.

Right to object icon

Right to object

The right to object to our use of your personal data, including where we use it for our legitimate interests. For example Direct Marketing activities. 

Right to erasure icon

Right to erasure

The right to request that we delete or remove your Data from our systems.

More information

Can I request you delete all my personal data anytime? There are certain circumstances where the right to erasure can be applied and some exemptions as well. For example, where the processing of personal data is no longer required for the purpose it was collected for, or where we are processing your personal data under the lawful basis of Consent or Legitimate interest, you have the right to withdraw and object to the processing of this data, unless we have another overriding legal requirement to continue processing.

What are the exceptions? If we are under a legal obligation to continue processing the personal information we may be required to refuse the request. We will notify you in writing if this is the case.

Where can I find more information? The ICO’s website has guidance relating to the right to erasure and the guidance for organisations and individuals, this can be found at

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/

Right to restrict our use of your Data

Right to restrict our use of your Data

You can restrict the way we process your personal information in certain circumstances, such as if you believe the information is inaccurate, or we are not processing the personal data lawfully.

Right to data portability icon

Right to data portability

The right to request that we move, copy or transfer your personal data. We will provide you with this in an open format such as a CSV or PDF file.

Making a complaint

If you have a complaint regarding how we process your Data, please let us know first, so we have a chance to address any complaint you make.

If we fail to address this complaint, you may refer your complaint to the relevant data protection authority. For the UK this is the Information Commissioners Office (ICO).  The ICO’s contact details can be found on their website at https://ico.org.uk/ 

Changes to business ownership and control

Kennedy Business Solutions may expand or reduce our business, including the sale and/or transfer of control of all or part of our business. Data we have collected and are processing as part of our business will be transferred to the new owner or controlling party. The new owner or controlling party under this privacy policy will be permitted to use the Data for the purposes for which it was originally collected by us.

In the event of a change in business ownership, we will take steps with the aim to ensure your privacy is protected during the transfer of ownership.

Updates to this policy

Kennedy Business Solutions reserves the right to change this privacy policy as we deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations.

This privacy notice was created in conjunction with Shout Cyber