What is the Purpose of this Policy?
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Who are we?
Our website at www.kerasplc.com (our “Site”) is operated by Keras Resources plc, a public limited company incorporated in England and Wales under number 07353748, and our registered office is at 27/28 Eastcastle Street, London W1W 8DH (“Keras”, “we”, “us” or “our”).
How do we collect your personal information?
The personal information we collect about you is made up of the information you give us during your use of the Site and your other communications with us. For example: (i) when you fill in forms on our Site, download information, or request newsletters or other services; (ii) if you contact us or we contact you for any reason, we may keep a record of that communication; and (iii) we collect details of your visits to our site including traffic data, location data, weblogs and other communication data, and the resources that you access.
You can access and browse the majority of our website without disclosing your personal data, with the exception of the use of electronic forms.
What we collect
The personal information we collect from visitors to our Site might include:
- Personal details (such as your name and address);
- Email addresses;
- IP addresses; and
- Information regarding what pages are accessed and when.
What we do with the information we gather
Situations in which we will use your personal information
We may use your information for the following purposes:
- to provide you with newsletters, announcements and other information and publications that you request from us;
- to ensure that content from our Site is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. If you fail to provide certain information when requested, we may not be able to provide the information or services you have requested, or we may be prevented from complying with our legal obligations.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
(a) the purposes for which we originally collected the personal data;
(b) the lawful grounds on which we based our processing;
(c) the types of personal data we have collected;
(d) the amount and categories of your personal data; and
(e) whether the purpose of the processing could reasonably be fulfilled by other means.
In some circumstances (for example when we collect statistical data about users’ browsing actions and patterns) we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to administer the relationship with you, or where we have another legitimate interest in doing so.
Which third-party service providers process my personal information?
We use Mailchimp as a third party service provider for emailing of newsletters and announcements and related services.
All our third party service providers are required to take appropriate security measures to protect your personal information. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We may also need to share your personal information with a regulator or to otherwise comply with the law.
Transferring information outside the European Economic Area (“EEA”)
We may transfer the personal information we collect about you to countries outside of the EEA where this is necessary for the purposes for which we collected it.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EEA.
- Where we use providers based in the US, we may either use the above contracts approved by the European Commission or we may transfer data to them if they are part of the EU–U.S. Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Our emailing service provider Mailchimp is based in the USA. Mailchimp participates in and has certified its compliance with the EU-US Privacy Shield Framework.
Please contact us using the contact details below (see ‘Questions regarding this Policy’ section) if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We place great importance on the security of all personally identifiable information associated with our visitors. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data Subject Rights
Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes of which we need to be made aware.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information. This enables you to receive details of the personal information we hold about you and to check that we are processing it. lawfully
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to exercise any of the above rights, please email: firstname.lastname@example.org
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose (for example, in relation to any newsletters, announcements or other information which you have indicated you would like to receive from us), you have the right to withdraw your consent to the use of your information for that purpose at any time.
You can exercise this option at any time by writing to us at Coveham House, Downside Bridge Road, Cobham, KT11 3EP or by email: email@example.com. Once we have received notice that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
Changes to this policy
Questions regarding this policy
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk/concerns/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.