Handling Your Data, Retention & Security, and Your Rights



1.4 How do we handle your data?

Kobre & Kim will take all reasonable steps necessary to ensure that your personal data is accurate and kept up to date and that any personal data that is transferred to others will be processed securely and in accordance with this privacy policy. In order to provide you with requested services or data, we may need to transfer your personal data to firm locations and/or service providers based in various countries. This does not diminish your rights. Kobre & Kim only transfers personal data to third parties when appropriate legal considerations and agreements have been put into place before the personal data is transferred.

We will not sell, resell, lease, or license your personal data to any third parties. However, we may, if required for the purpose(s) for which your personal data was collected and processed, share it with our service providers, for the specific scope of their provision of services on our behalf to help with our business activities. These companies are authorized to use your personal data only as instructed by us in a manner that is necessary to provide these services to us.

We reserve the right to transfer any data we have about you in the event that we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to ensure that the transferee use the personal data you have provided through the website in a manner that is consistent with this privacy policy.

1.5 Data retention and data security

We only retain data for as long as necessary in light of the following circumstances:

  1. If we are legally or contractually obligated to do so
  2. If it is required to provide you with a service that you have requested
  3. If there is business value and the interests of the business do not outweigh the interests of the individual
  4. If there is historical value of public interest

The security of your personal data is important to us. We follow generally accepted standards to protect the data submitted to us, both during transmission and once it is received. Kobre & Kim has policies and technical measures in place designed to protect your personal data against unauthorized access, accidental loss, and improper use and disclosure. If you have any questions about the security of your personal data, you may contact us at privacypolicy@kobrekim.com.

Our data security standards are compliant to the standard necessary for each of our operating client regions.

1.6 Your rights

Legal rights differ based on residency. Although this section applies to EU residents only, we will endeavor to act on all requests that we receive in relation to our data processing activities.

EU residents have rights afforded to them as data subjects under the General Data Protection Regulation (GDPR). Kobre & Kim’s compliance with the GDPR is overseen by the UK Information Commissioner’s Office. Data subject rights include:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. The right to make a complaint to the Supervisory Authority (Information Commissioner’s Office)

If you would like more information on these rights, refer to the guidance found on the Information Commissioner’s website, which can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

EU residents may submit a request to exercise these rights by sending the request to our Data Protection Officer via one of the contact methods identified at the beginning of this privacy policy. Such request should, at a minimum, contain:

  1. Your full name, address and any other details you wish to give to help identify you and the information you want
  2. The nature of your request (i.e. access, rectification, etc.), and depending on the nature of it, which time period the request pertains to (date from, date to)

We will respond to all data subject requests within 30 days. If the request requires more than 30 days to investigate, we will notify you why we need more time. It may take us up to 3 months to respond to complex requests. You will not be charged a fee for exercising your rights.

We may deny a request under the following circumstances:

  1. If the request is not legal
  2. If the identity of the requester cannot be verified
  3. If we have an overriding legitimate interest

If you would like to make a complaint to the Information Commissioner’s Office, you may do so via:

Website: https://ico.org.uk/concerns/

Phone: +44 303 123 1113