1.4 How do we handle your data?
We will not sell, resell, lease, or license your personal data to any third parties. However, we may, if required for the purpose(s) for which your personal data was collected and processed, share it with our service providers, for the specific scope of their provision of services on our behalf to help with our business activities. These companies are authorized to use your personal data only as instructed by us in a manner that is necessary to provide these services to us.
1.5 Data retention and data security
We only retain data for as long as necessary in light of the following circumstances:
- If we are legally or contractually obligated to do so
- If it is required to provide you with a service that you have requested
- If there is business value and the interests of the business do not outweigh the interests of the individual
- If there is historical value of public interest
The security of your personal data is important to us. We follow generally accepted standards to protect the data submitted to us, both during transmission and once it is received. Kobre & Kim has policies and technical measures in place designed to protect your personal data against unauthorized access, accidental loss, and improper use and disclosure. If you have any questions about the security of your personal data, you may contact us at firstname.lastname@example.org.
Our data security standards are compliant to the standard necessary for each of our operating client regions.
1.6 Your rights
Legal rights differ based on residency. Although this section applies to EU residents only, we will endeavor to act on all requests that we receive in relation to our data processing activities.
EU residents have rights afforded to them as data subjects under the General Data Protection Regulation (GDPR). Kobre & Kim’s compliance with the GDPR is overseen by the UK Information Commissioner’s Office. Data subject rights include:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- The right to make a complaint to the Supervisory Authority (Information Commissioner’s Office)
If you would like more information on these rights, refer to the guidance found on the Information Commissioner’s website, which can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
- Your full name, address and any other details you wish to give to help identify you and the information you want
- The nature of your request (i.e. access, rectification, etc.), and depending on the nature of it, which time period the request pertains to (date from, date to)
We will respond to all data subject requests within 30 days. If the request requires more than 30 days to investigate, we will notify you why we need more time. It may take us up to 3 months to respond to complex requests. You will not be charged a fee for exercising your rights.
We may deny a request under the following circumstances:
- If the request is not legal
- If the identity of the requester cannot be verified
- If we have an overriding legitimate interest
If you would like to make a complaint to the Information Commissioner’s Office, you may do so via:
Phone: +44 303 123 1113