Privacy Policy

Privacy Policy Purpose

Kanj Technologies Ltd has developed this policy in line with the General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 as we are firmly committed to protecting personal data that are provided to us, or we collect from you for our legitimate business interest.

This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or our clients. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

“Kanj Technologies” (and “we”, “us”, or “our”) refers to Kanj Technologies Limited (a privately held limited companyregistered in England under registration no. 07528449and with its registration address at Unit 5 Waverley Industrial Estate, Hailsham Drive, Harrow, Middlesex, HA1 4TR, England).


What is personal data (GDPR definition)

“personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

We collect information about you in a range of forms, including personal data. As used in this Policy, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number.

Relevant GDPR Articles to personal data are 2,4,9 and 10. For further information please visit the ICO Personal data page


Security

We take the security of all data we process very seriously. We use industry standard physical and procedural security measures to protect information from the point of collection / receiving to the point of destruction. This includes encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access.

We are applying for our ISO 27001 accreditation from the British Standards Institute (please see BS EN ISO/IEC 27001:2017) and regularly review the appropriateness of the data we manage.


What personal information do we collect about you

We collect and process personal data about you when services are procured from us. The personal data we process includes parts of the below:

  • your name, work address, work telephone number and email address
  • With certain clients, personal home address and telephone number.
  • your bank account details where invoices are submitted;
  • information related to the browser or device (through IP address and cookies) you use to access our website; or engage with us for remote support and web and application hosting activities
  • and/or any other information you provide.

How do we use this information and what is the legal basis for use?

We process the personal data for the following purposes:

  • To fulfil our business contract with you.For example, if you enter into an agreement to provide or receive services. This may include communicating with you on an ‘economic activity’ purpose provisioning a range of services. We require this information to enter into a contract with you and are unable to do so without it;
  • To comply with applicable law and regulation;
  • In accordance with our legitimate interests in protecting Kanj Technologies business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);
  • With your express consent to respond to any business activity that you engage with us or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our services to you;
  • To monitor and enhance the use of our hosted web and application services that may contain personal information linked to the business services we offer to youthrough remote support, our websiteand hosted services. Through the course of checking, improving and protecting our content, services, application usage and hosted solutions, both online and offline, in accordance with our legitimate interests, we may access certain personal information on you.

With whom will we share your personal data?

We may share your personal data with our subsidiaries and sub-contractors to process it for the purposes of administration and management of technical support and services.

We may provide information, in response to properly made requests, for the purposes of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide information for safeguarding national security. In either case we do so in accordance with the Data Protection Act. We also provide information when required to do so by law, for example under a court order, or in response to properly made demands, under powers contained in legislation.

We use third parties to support us in providing services and to help provide, run and manage our IT service to you and within our own internal IT systems.  For example, providers of cloud-based Software as a Service (SaaS), Infrastructure as a Service (IaaS) providers, website hosting and management, data analytics, cloud data back-up, security and storage services.
The servers powering and facilitating that cloud infrastructure are in secure data centres around the world and personal data may be stored in any one of them.


Data Retention

We retain your personal information for as long as necessary to provide the services and solutions to fulfil the contracted business transaction between us and for other essential purposes such as:

  • complying with our legal and compliance obligations
  • maintaining business and financial records
  • maintaining security
  • resolving disputes
  • enforcing our agreements.

Individuals rights

You have the right in accordance with the new GDPR legislation, to obtain from us the following:

Right of confirmation
Confirmation as to whether or not personal data concerning you are being processed.

Right of access
Information about the personal data we store about you at any time and to receive a copy of it.
We may charge for a request for access in accordance with applicable law. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (currently 30 days).

Right to rectification
Rectification without undue delay of inaccurate personal data about you.

Right to erasure (Right to be forgotten)
The erasure of personal data concerning you without undue delay, subject to our legal rights and obligations to retain the same.

Right of restriction of processing
Restriction of processing personal data where:
- you contest the accuracy of the personal data, for a period while we verify its accuracy;

- the processing is unlawful, and you oppose the erasure of your personal data and request that it be restricted instead;

- we no longer need your personal data for the purposes of the processing, but do require them for the business, exercise or defence of legal claims; and

- you do not agree with our assessment that the processing is permitted for our “legitimate interests”, for a period while verification is carried out as to whether those interests override your own interests.

Right to data portability
You shall have the right to have the personal data concerning you, which was provided to us, in a structuredand machine-readable format and to have it transmitted to another entity (due to such data was processed by us based on consent or because it was necessary for contractual obligations).

Right to object
to object on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on our legitimate interests. This also applies to profiling based on these provisions;
to object to our processing of personal data for direct marketing purposes. This applies to profiling to the extent that it is related to such direct marketing.


Children's Privacy

Our service does not retain data anyone under the age of 18 ("Children").

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children have provided us with personal data,please contact us.
If we become aware that we have collected personal data from children without verification of parental consent, we take immediate steps to remove that information from our systems and environment.


Changes to this privacy statement, contacting us

We recognise that transparency is an ongoing responsibility, so we will keep this privacy statement under regular review.
Should you have any queries regarding this Privacy Notice, the processing of your personal data or wish to exercise your rights you can contact Kanj Technologies’ Privacy Team using this email address: privacy@kanj.co.uk

If you are not satisfied with our response, you can contact the Information Commissioner's Office (“ICO”)
The ICO is the UK data protection regulator/supervisory authority. For further information on your rights and how to complain to the ICO, please refer to the ICO website.
https://ico.org.uk/
Email: casework@ico.org.uk