Kammac is committed to protecting the privacy and security of your personal information.
Kammac is a "data controller" referred to as “we”, “us”, “our” or the “company” in this privacy notice. This means that we are responsible for deciding how we hold and use personal information about you and are required under data protection legislation to notify you of the information contained within this notice.
This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018. We aim to give you information on how we use your personal data when you use this website, use or enquire about our products or services or if we decide to market our services to you. Data relating to prospective employees, current/former employees, self-employed contractors and agency workers are contained in a separate recruitment and employee privacy notice. Most of our interactions as an organisation are on a B2B basis.
It is important that you read this notice, together with any other privacy notice we may provide to you, This is so that you are aware of how and why we are using such data at the time we use it.
We will comply with data protection law. This says that the personal information we hold about you must be:
Collected only for valid purposes that we have clearly explained to you and not used
in any way that is incompatible with those purposes;
If you have any questions about our policies on data protection or your rights and how you can exercise them please contact email@example.com. This policy was last updated May 2018.
We may collate, store and utilise the following categories of personal information about you:
We do not process any special categories of personal data or information about criminal convictions and offences from our website or from our customers or suppliers.
When our site includes links to other websites or applications, we would advise you to read the privacy and cookies policies of that website to assess how they use your personal data.
We collect personal data about you in a variety of ways:
Direct from you – This could be when you make an enquiry about our products
and services, enter into a contract with us to deliver our products and services,
request marketing information or make a customer complaint or provide us with
feedback. You may provide personal data by contacting us direct or by completing
forms and forwarding them to us via post, email or using our online contact form.
You may provide personal data over the phone or in person or by using social
Third parties or publicly-available sources. We may also receive personal data
about you from various third parties such as:
a) Publicly-accessible resources such as Companies House, the Bankruptcy and Insolvency register;
b) Credit reference agencies
c) Due diligence providers
e) Your bank or another financial institution;
f) Local Authorities;
g) Analytics providers such as Google Analytics;
h) Advertising networks;
i) Financial and Transaction Data from providers of technical, payment and delivery services such as Paypal, Sagepay,Worldpay, Groupon, Paypal, Direct, Payaway IP, Bankline;
We may not be able to enter into or fulfil a contract with you (for example, the delivery of
products or services) if you do not provide data we may need either by law or to perform that
contract. As a result, we may have to cancel a contract or delay goods or services. We would
inform you if this occurs.
We will only use your personal data for a lawful reason. This will usually be in the following situations:
In order for us to perform the contract we have with you;
Where it is necessary for our legitimate interests (or those of a third party) and your
interests and fundamental rights do not override those interests;
We may also use your personal information in the following situations, which are likely to be
In the limited circumstances where you may have provided your consent to the processing of your personal data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We generally do not rely on consent as a basis for processing personal data though may do so in gaining your consent to direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us on email@example.com or by opting-out or unsubscribing to any communications.
We need all the categories of information in the list above (see ‘The nature of the information we hold about you’) primarily to allow us to perform our contract with you or for our legitimate interests.
The situations in which we will process your personal information are listed below. We have
indicated the purpose or purposes for which we are processing or will process your personal
information, as well as indicating which categories of data are involved:
|Processing activity||Categories of data||Lawful Basis|
|Customer administration and accounts
To register you as a new customer
Identity, contact and financial details.
Customer administration and
To process and deliver your order
Identity, contact, financial and transaction details.
Business Development, Sales and Marketing
We may use your personal data to market our services to:
We may also undertake customer surveys or monitor how you use our website.
Identity and contact details, data obtained from usage of and cookies on our website.
Managing premises, equipment
Identity details, stills and video of visitors to site and vehicle registration details.
To monitor, maintain and test the
website and other ICT.
|Identity, contact and technical details.||
We will only use your personal data for the purposes we outlined to you at the outset. We will continue to process your personal data for another reason if we consider that the revised reason is compatible with the original purpose. If the revised reason is for an unrelated purpose, we will notify you and outline the basis upon which we believe we have a lawful reason for continuing to process your data. We will not notify you of the change of purpose if the processing is required by law.
Your duty to update us
It is important that the personal data we hold about you is accurate. Please update us if this changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
If you want to exercise any of the above rights, please contact firstname.lastname@example.org.
You will not normally have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request for access is unfounded, excessive or involves a repeat or duplicate request. Alternatively, we may refuse to comply with the request in such circumstances.
What we may require to process your request
We may need to confirm your identity and assess your rights to access the data. This is purely to ensure we comply with the requirements of the GDPR especially where there may be data that relates to another individual.
We may have to share your personal data with third parties including third-party service providers in order to administer our working relationship with you or where we have another legitimate interest in doing so.
We require third parties to respect the security of your data, treat it lawfully and as only as per our instructions.
Which third-party service providers process my personal information?
"Third parties" includes third-party service providers and other entities within our group. The following activities are carried out by third-party service providers
We may also share your personal information for example in the context of the possible sale or restructuring of the business or with a regulator or to otherwise comply with the law.
Transferring information outside the EU
Kammac hosts some of its applications in industry-leading Amazon Web Services, whose data centres are located within the EEA, which have been thoroughly tested for security, availability and business continuity.
All data is stored within the EEA and the data will not be processed outside of the EU by Kammac. However, Kammac uses multiple third-party providers as part of our business operations and architecture for the purposes of logging, billing and system monitoring. In connection with this, data might be transferred outside our EU data centre.
To ensure that your personal information does receive an adequate level of protection we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. This is available on request from email@example.com.
We have put in place measures to protect the security of your information which include physical and application security. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure
We have put in place appropriate security measures to prevent your personal information from being lost or used in an unauthorised way. In addition, we have access controls in place to ensure information is kept secure and only relevant and limited individuals have access to it. Our staff are subject to a duty of confidentiality. Details of these measures may be obtained from firstname.lastname@example.org.
Protocols are in place to deal with suspected data security breaches. We will notify you and the ICO of a potential breach where we are legally required to.
We will only keep information as long as is necessary for the purposes we have informed you about. Details of retention periods are available by contacting email@example.com. To determine relevant retention periods, we consider a number of factors including business need, regulatory and legislative requirements, the nature and sensitivity of the data and the potential risks of unauthorised disclosure.
If you have any questions about this privacy notice or how we handle your personal information, please contact firstname.lastname@example.org. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), https://ico.org.uk the UK supervisory authority for data protection issues.
We reserve the right to update this privacy notice at any time. We will provide you with a new privacy notice when we make material updates or may notify you periodically about the processing of your personal data
If you have any questions about this privacy notice, please contact email@example.com.