This policy was last updated: 25/05/18
Date to be reviewed: 25/05/19
This policy explains how Karen Todner Ltd will handle the privacy of your information. We are committed to maintaining robust privacy protections for all our users. We will take the necessary steps to ensure that users information is safeguarded and kept in accordance with all applicable laws and regulations.
What information do we collect?
The information that you provide us with may be collected and processed by us in accordance with the Data Protection Act 1998 and subsequent legislation.
Information you provide to us
We have a ‘Contact Us’ page which enables you to email us. We require you to complete the fields for your name, phone number, email and business name, so that we can contact you and provide details of our services to you, as well as deal with general company enquiries. Data collected is held on the grounds of being for legitimate business interests or to fulfil a contractual obligation.
If you do not proceed with any order your details will be deleted in accordance with our data retention policy.
We may use social media to engage with users and the Karen Todner Ltd website links to our social media pages. We do not keep any specific data that identifies an individual user but hold details of our followers on these platforms.
When you visit our website, the server collects IP addresses to provide security and prevent brute force or malicious attacks. These IP addresses are not linked to any other personal data. The address for our UK data centre is: Reynolds House, 4 Archway, Manchester M15 5RN
Information we get from other sources
From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services to users and as permitted by law.
How we use your personal information
Your information will be used by us to enable us to provide our services to you. We act as a Data Controller of your information and undertake to protect your personal and sensitive data in a manner that is consistent with the requirements of the Data Protection Act/General Data Protection Regulation (GDPR). We will take reasonable measures to ensure the secure storage of your data.
Users of this website do so at their own discretion and provide any such personal details at their own risk.
We do not share, sell, or distribute your data to third parties, except as provided in this Privacy Notice. Your data may be shared with contractors working on our behalf, who act on our instruction in relation to the management of your data and must adhere to all data protection laws and regulations. Data processors will be required to have a signed agreement with us to ensure accountability.
We will only send you emails about our products and services (i.e. direct marketing) with your express consent. You have the option not to give consent and to withdraw consent at any time. You may withdraw your consent for us to contact you by contacting us at email@example.com
We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.
Retaining your data
We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and information/data will be disposed of when no longer required.
Storage of data
Your information may be stored on a cloud-based system whose servers are located within the UK or European Union (EU). All data will be stored so to comply with the Data Protection Act 1998 and as enacted, the General Data Protection Regulation (GDPR).
Karen Todner Ltd cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. Karen Todner Ltd and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social media platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
Karen Todner Ltd may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.
Data Subject Rights
Subject Access Requests
The General Data Protection Regulation (GDPR) gives individuals, known as ‘data subjects’, the right to access personal data that is held by organisations by a subject access request (SAR). We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. We have a formal request form to deal with SAR requests that can be accessed on our website, www.karentodner.com or by emailing us at firstname.lastname@example.org. You will need to tell us how we acquired the information.
Right to Rectification
Data subjects have the right to request that we amend or change personal information that we hold about you, that is inaccurate or incorrect.
Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any request without delay.
Right to restrict processing
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
Right to data portability
Data subjects have the right to obtain and transfer their data to different service providers.
Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data where we can demonstrate lawful grounds for doing so.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Using your rights
If you wish to invoke any of these rights, you can contact our Data Controller by email to email@example.com
Questions and queries
If you have any concerns about how we handle your data, you can contact the Data Controller by email to firstname.lastname@example.org
Changes to this policy
If you have a complaint about the use of your data, you can contact us by email to email@example.com
Alternatively, you can formally report an issue of concern to the Information Commissioner’s Office, the UK body that governs Data Protection. See https://ico.org.uk
Third Party Rights
Jurisdiction and Governing Law