Kynetix Technology Ltd (Kynetix), the owner and publisher of HelloZero, is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct.
This policy details expected behaviours of Kynetix’s Employees and Third Parties in relation to the collection, use, retention, transfer, disclosure and destruction of any Personal Data belonging to a Kynetix’s Customers and Staff (i.e. the Data Subject) and irrespective of the media used to store the information.
Personal Data is any information (including opinions and intentions) which relates to an identified or Identifiable Natural Person. Personal Data is subject to certain legal safeguards and other regulations, which impose restrictions on how organisations may process Personal Data.
An organisation that handles personal data and makes decisions about its use is known as a Data Controller. Kynetix, as a Data Controller, is responsible for ensuring compliance with the Data Protection requirements outlined in this policy.
Non-compliance may expose Kynetix to complaints, regulatory action, fines and/or reputational damage.
Kynetix’s leadership is fully committed to ensuring continued and effective implementation of this policy and expects all Kynetix Employees and Third Parties to share in this commitment.
Any breach of this policy will be taken seriously and may result in disciplinary action or business sanction.
This policy applies to all Kynetix Entities where a Data Subject’s personal data is processed:
Monitoring the behaviour of individuals includes using data processing techniques such as persistent web browser cookies or dynamic IP address tracking to profile an individual with a view to:
This policy applies to all processing of personal data in electronic form (including electronic mail and documents created with word processing software) or where it is held in manual files that are structured in a way that allows ready access to information about individuals.
This policy has been designed to establish a baseline standard for the processing and protection of personal data by all Kynetix Employees. Where national law imposes a requirement that is stricter than that imposed by this policy, the requirements in national law must be followed. Furthermore, where national law imposes a requirement that is not addressed in this policy, the relevant national law must be adhered to.
The protection of personal data belonging to Kynetix Employees is not within the scope of this policy.
The DPO is responsible for overseeing this Privacy Standard and, as applicable, developing Related Policies and Privacy Guidelines. The DPO is within our company is M G Dolton, CEO, +44 (0) 20 8774 0100, dpo@kynetix.com.
Please contact the DPO with any questions about the operation of this Privacy Standard or the GDPR, or if you have any concerns that this Privacy Standard is not being or has not been followed. In particular, you must always contact the DPO in the following circumstances:
TERM | DEFINITION | |
Anonymisation | Data amended in such a way that no individuals can be identified from the data (whether directly or indirectly) by any means or by any person. | |
Binding Corporate Rules | The Personal Data protection policies used for the transfer of Personal Data to one or more Third Countries within a group of undertakings, or group of enterprises engaged in a joint economic activity. | |
Consent | Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her. | |
Customer | Any past, current or prospective Kynetix customer. | |
Data Controller | A natural or legal person, Public Authority, Agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. | |
Data Processor | A natural or legal person, Public Authority, Agency or other body which Processes Personal Data on behalf of a Data Controller. | |
Data Protection | The process of safeguarding Personal Data from unauthorised or unlawful disclosure, access, alteration, Processing, transfer or destruction. | |
Data Protection Officer (DPO) | The person required to be appointed in specific circumstances under the GDPR. Where a mandatory DPO has not been appointed, this term means a data protection manager or other voluntary appointment of a DPO or refers to the Company data privacy team with responsibility for data protection compliance. | |
Data Subject | Anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. | |
EEA | The 28 countries in the EU, and Iceland, Liechtenstein and Norway. | |
Employee | An individual who works part-time or full-time for Kynetix under a contract of employment, whether oral or written, express or implied, and has recognised rights and duties – includes temporary employees and independent contractors. | |
Encryption | The process of encoding a message or information in such a way that only authorised parties can access it. | |
Information Commissioner’s Office (ICO) | An independent Public Authority in the UK responsible for monitoring the application of the relevant Data Protection regulation set forth in national law. | |
Personal Data Breach | A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed. | |
Process, Processed, Processing | Any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means. Operations performed may include collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. | |
Profiling | Any form of automated processing of Personal Data, where Personal Data is used to evaluate specific or general characteristics relating to a data subject. In particular to analyse or predict certain aspects concerning that natural person’s performance at work, economic situations, health, personal preferences, interests, reliability, behaviour, location or movement. | |
Pseudonymisation | Data amended in such a way that no individuals can be identified from the data (whether directly or indirectly) without a ‘key’ that allows the data to be re-identified. | |
Special Categories of Data | Personal Data pertaining to or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sex life and sexual orientation, genetic data or biometric data. |
PRINCIPLE | DEFINITION |
Principle 1: Lawfulness, Fairness and Transparency | Personal Data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject. This means, Kynetix must tell the Data Subject what Processing will occur (transparency), the Processing must match the description given to the Data Subject (fairness), and it must be for one of the purposes specified in the applicable Data Protection regulation (lawfulness). |
Principle 2: Purpose Limitation | Personal Data shall be collected for specified, explicit and legitimate purposes and not further Processed in a manner that is incompatible with those purposes. This means Kynetix must specify exactly what the Personal Data collected will be used for and limit the Processing of that Personal Data to only what is necessary to meet the specified purpose. |
Principle 3: Data Minimisation | Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed. This means Kynetix must not store any Personal Data beyond what is strictly required. |
Principle 4: Accuracy | Personal Data shall be accurate and kept up to date. This means Kynetix must have in place processes for identifying and addressing out-of-date, incorrect and redundant Personal Data. |
Principle 5: Storage Limitation | Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is Processed. This means Kynetix must, wherever possible, store Personal Data in a way that limits or prevents identification of the Data Subject. |
Principle 6: Integrity & Confidentiality | Personal Data shall be Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful Processing, and against accidental loss, destruction or damage. Kynetix must use appropriate technical and organisational measures to ensure the integrity and confidentiality of Personal Data are maintained at all times. |
Kynetix Technology Ltd is incorporated in England and Wales with registered number 03166153. Registered office: Springfield House, Springfield Road, Horsham, West Sussex, England, RH12 2RG.