At Kiddy & Partners LLP, your privacy is very important to us and we take our responsibility of protecting your personal data seriously.
We offer a range of services to our clients, including Assessment and Talent Management, Leadership Development, Board Effectiveness and Organisational Development (‘Client Services’). We also produce and share information and insights in the field of business psychology, as well as hosting various events and other business development initiatives in this field (‘Marketing Activities’). As part of these Client Services and Marketing Activities, we may need to process personal data about you and the aim of this privacy statement is to be transparent about the way in which we collect, use and share your data. It applies to personal data that is provided to us by you, or by another person on your behalf (such as your employer) and provides information about individuals’ rights.
To find out more about our specific processing activities, please go to the relevant sections of this statement.
For the purposes of the GDPR, Kiddy & Partners, whose registered office is at 110 Cannon street, London EC4N 6EU, is the ‘data controller’ in respect of personal data processing. ‘Personal data’ refers to any information that can identify a living individual. A ‘data controller’ decides how and why data is used. A ‘data subject’ is the individual that can be identified by the personal data.
Collection of personal data and lawful basis for processing
In relation to all of our Client Services, we hold contracts with each client that details the nature and specifics of the projects we are to carry out. If you are an individual participating in one of these projects, the personal data that we will request and obtain about you is collected and used for the purposes of meeting the needs of the client as stipulated in the contract, or for legitimate interests where appropriate. We only request personal data that is necessary for the agreed purposes of the contract or for legitimate interests that have minimal privacy impact, and request that our clients provide the necessary information to you (as a data subject) regarding its use.
Use of personal data
We process personal data in the following ways:
- As is necessary for the performance of the contract: most of our Client Services require us to process personal data in order to meet the needs of the contract. For example, we often need to use personal data to assess individuals for development or for selection, or to provide insights on how individuals can develop the skills, influence and impact needed for the successful execution of the business strategy.
- For business purposes: we may need to process personal information for business purposes at times, for example: to perform internal communication regarding candidates and clients; to determine the effectiveness of our promotional activities; to administer our products and services; to maintain and secure our infrastructure; for procurement and financial transactions.
Kiddy & Partners will retain your personal data as necessary to meet the requirements relating to each project, which are varied to meet the differing needs of our clients. Our retention periods are carefully considered to ensure that your personal data is not held longer than is needed. Our baseline retention period for records and documentary evidence for our services is 5 years.
We may anonymise or de-identify personal information in such a manner that the end-product does not personally identify you or any other individual, in order to carry out ongoing statistical analysis and benchmarking. This enables us to conduct ongoing research, insights and studies for the further development and knowledge base for organisational psychology. Such aggregate or de-identified information is then not considered personal information.
Collection of personal data and lawful basis for processing
We use a customer relationship management system (CRM) in order to process personal data about our contacts (both existing and potential). We also use a campaign monitoring website in order to provide you with our latest information and insights, if you are subscribed to our mailing list, or to send you invites to our upcoming events. For these purposes, we will hold the following personal data – your name, job title, company name and address and your business email. The personal data we hold may also include your professional profile, including a photograph if one is available in the public domain (e.g. via LinkedIn, Twitter, Corporate Website, Google), and any relevant interactions concerning business development. No links to personal or private websites – even if they are in the public domain – will be collected, stored or processed.
This personal data is held under a legitimate business interest to manage our client relationships and business development initiatives. By opting in to receive newsletters and/or visiting our websites you are agreeing that you understand and accept this as a valid legal basis for processing the personal data that you provide. You will always be given a straightforward way to opt out from receiving newsletters or updates we send you each time you receive a communication from us. We do not sell or otherwise release personal data contained in our CRM to third parties for the purpose of allowing them to market their products and services.
Use of personal data
Personal data relating to business contacts may be used by employees across the company to learn more about an account, client or opportunity they have an interest in. Our CRM is used to make contact information available to employees at Kiddy & Partners and to describe the nature of a contact’s relationship with Kiddy & Partners. Personal data may also be used for the following purposes, when they hold relevant information for you:
- Providing you with information about us and our range of services
- Providing you with our latest insights and information in our field
- Inviting you to upcoming events that we are hosting
- Inviting you to participate in our research
We retain personal data on our CRM for as long as it is necessary for the purposes set out above, unless you request that your personal data be deleted. We frequently review the personal data on our CRM and campaign list to ensure that it is up-to-date.
At times, we may ask for your consent in order for us to carry out processes using your personal data, for example, when asking you to participate in our latest research or to use your comments as part of a review or case study. Generally we do not process personal data based on consent (as we can usually rely on another legal basis), but in the event that consent is required we will ensure that this is communicated to you, and you will always have the right to withdraw consent at any time. To withdraw consent to our processing of your personal data please email us at email@example.com, or, to stop receiving an email from our marketing list, please click on the unsubscribe link in the relevant email received from us.
Data Sharing and Transferring
We do not share information about you with any third party without your consent unless the law and our policies allow us to do so. When we share data with others, we will obtain reassurances from the third party that they will protect that information and comply with our data protection, confidentiality and security standards. As we work on a global basis, this may at times result in your personal data being transferred, or stored, in countries other than the country in which your information was originally collected. Where it is necessary to transfer personal data to a country or territory outside the European Economic Area, we have taken steps to ensure that this is done in accordance with data protection law and that all personal data is protected according to our data protection, confidentiality and security standards. Where it is legally required, or necessary (and it complies with data protection law) we may share personal information about you with:
- Third party organisations that provide IT services to us: We use an external IT services to support us in providing our services, by running and managing our IT systems, website hosting, data back-up and IT Security.
- Third party organisations that otherwise assist us in providing goods, services or information: Such as psychometric test providers.
- Auditors and other professional advisers
- Law enforcement or other government and regulatory agencies: In the event that a third party with authority sent us a request to obtain personal data, such as to check that we comply with applicable laws and regulation, we will fulfil requests where we are permitted to do so in accordance with those laws.
Individuals’ rights and how to exercise them
Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe. You have the right to:
- Access personal data held by us as a data controller.
- In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing.
- Prevent your data being used to send direct marketing.
- Data portability.
- Object to the use of your personal data if it would cause, or is causing, damage or distress.
- Object to the use of your personal data for decisions being taken by automated means (by a computer or machine, rather than by a person).
- Claim compensation for damages caused by a breach of the data protection regulations.
- Where we process personal data based on consent, you have the right to withdraw consent at any time.
To exercise any of these rights or ask us any questions, please contact us at firstname.lastname@example.org. We will aim to comply with your request promptly and may need to contact you in order to be sure that we are deleting the appropriate information. Please note that we cannot be responsible for removing your information from our database if that information is part of a current assignment for your company. There may also be some information that we cannot provide if it contains confidential client information that we are not allowed to disclose. In that case, your request may need to be directed to your company’s management. We will, however, forward your request to the appropriate person at your company.
Kiddy & Partners have the appropriate security, policies, procedures and training in place to process and hold personal data, including organisational and technical measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. We store your personal data on cloud-based servers and on our local server, which does not allow any external access without permission. We regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
Changes to this privacy statement
We keep this privacy statement under regular review in order to ensure it remains current and transparent. This privacy statement was last updated on 24th May 2018.
Benefit from our research & expertise
Sign up to Mindset, our monthly newsletter, which features our latest insight and links to interesting articles.
Download our brochure
Download our latest brochure
Get in touch
To find out how we can transform your people and your business