Privacy Policy

Carr Kamasa Design Ltd (CKD) provides design consultancy and marketing services. We also offer a range of design services, corporate communications, website design and branding, to businesses.

Carr Kamasa Design Ltd is a design consultancy. When we work with clients we may need to collect and process data and are therefore classified as a Data Controller by the General Data Protection Regulation (GDPR). We are committed to privacy for everyone with whom we deal with either face to face, in writing or by email, on the telephone or through our website. These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. Under the EU General Data Protection Regulation (GDPR), we must comply with certain requirements which are designed to ensure that any data provided to us is processed with due care and attention. This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.

This data protection policy ensures Carr Kamasa Design Ltd.

• complies with data protection law and follow good practice
• protects the rights of staff, customers and partners
• is open about how it stores and processes individuals’ data
• protects itself from the risks of a data breach

The EU General Data Protection Regulation (GDPR) describes how organisations — including Carr Kamasa Design Ltd— must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

The EU General Data Protection Regulation (GDPR) is underpinned by eight important principles.

These say that personal data must:

1. be processed fairly and lawfully
2. be obtained only for specific, lawful purposes
3. be adequate, relevant and not excessive
4. be accurate and kept up to date
5. not be held for any longer than necessary
6. processed in accordance with the rights of data subjects
7. be protected in appropriate ways
8. not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection

This policy applies to:

• Carr Kamasa Design Ltd.
• all staff and volunteers of Carr Kamasa Design Ltd
• all contractors, suppliers and other people working on behalf of Carr Kamasa Design Ltd

At CKD we take your personal data seriously. This policy:

• sets out the types of personal data that we collect about you
• explains how and why we collect and use your personal data
• explains how long we keep your personal data
• explains when, why and with whom we will share your personal data
• sets out the legal basis we have for using your personal data
• explains the effect of refusing to provide the personal data requested
• explains the different rights and choices you have when it comes to your personal data
• explains how we may contact you and how you can contact us.

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession. The processing of personal data is governed by the GDPR.

Carr Kamasa Design Ltd collects personal data from clients, suppliers and staff as a consequence of its role as a design consultancy. It is used for the purpose of design consultancy and advisory services such as direct client contact. We also hold data for recruitment and staff salary payment.

The data we hold consists of information for client direct contact such as name, address, telephone number and e-mail address. The employee information we hold is required by law e.g. citizenship, information from former employers and referees and also to allow the payment of salaries. We only collect sensitive personal data from you, and further process this data, where you have given your explicit consent.

We collect data from a range of sources including:

• directly from you. This is information you provide during the various different stages of the client consultancy or recruitment and employment process.

Carr Kamasa Design Ltd processes this personal data as necessary to aid the client/supplier process, the recruitment process and, for its employees, through the normal course of its business.

Carr Kamasa Design complies with its obligations under the GDPR by keeping personal data up to date or by storing and destroying it securely, by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

If you contact us, we may keep a record of your contact information and correspondence, and we may use any information you provide in your message to respond to your enquiry. We may use personal information for our business purposes, such as internal communication regarding clients, the administering of our products and services, the maintaining and securing of our infrastructure, and for procurement and financial transactions.

We may from time to time send informational e-mails, articles, white papers, proposals, engagement letters, and other information regarding our services.

We also use personal information in relation to the recruitment process to confirm references and conduct education and background checks, as appropriate.

Client and supplier information is maintained on our database, which is secure and accessible only to our employees. Employee’s personal information is retained for the purpose of salary payment or as otherwise required by law, and we assume that you are happy for us to retain your personal information for consideration if you are an existing client, a supplier or a member of staff unless we hear otherwise from you.

As a consequence, we will hold existing client data until we no longer work with you and after that for no longer than 3 years. Employee data will be held as required by law.

Our holding and processing of current, up to date and relevant data on our clients and staff is in the legitimate interest of Carr Kamasa Design Ltd. as a design consultancy, in that we need the information in order to be able to work with our clients on their projects.

For clients, we need to hold your data in order to perform our work with you.

If you do not provide the personal data necessary, or withdraw your consent for the processing of your personal data, we may not be able to work with you as a design consultant.

We do not as a matter of course collect and process sensitive personal data. Where it is necessary we will secure your explicit consent.

Responsibilities

• Everyone who works for or with Carr Kamasa Design Ltd has some responsibility for ensuring data is collected, stored and handled appropriately. Carr Kamasa Design Ltd will arrange data protection training and advice for the people covered by this policy. Each employee that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles:
• reviewing all data protection procedures and related policies
• handling data protection questions from staff and anyone else covered by this policy
• dealing with requests from individuals to see the data Carr Kamasa Design Ltd holds about them (also called ‘subject access requests’)
• checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data
• ensuring all systems, services and equipment used for storing data meet acceptable security standards
• performing regular checks and scans to ensure security hardware and software is functioning properly
• evaluating any third-party services the company is considering using to store or process data for instance, cloud computing services
• approving any data protection statements attached to communications such as e-mails and letters.
• where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.

Your personal data will be treated as strictly confidential, employee’s data will only be used for the purpose of human resources and salary payment. We may also share information securely within our business for recruitment purposes. In some situations, we may conduct checks on you to verify the information you have provided. In such cases we will provide you with the name of the background checking company we use.

The security of your data is extremely important to us. Access to your personal data is only provided to our staff, in order to help with the day to day running of your project and to allow us to manage our staff. We take all practicable steps to keep your data secure. However, no process that involves communication over e-mail or the Internet can be guaranteed 100% secure.

By law, you have the following rights with respect to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.

We usually act on requests and provide information free of charge, but may charge a reasonable fee

to cover our administrative costs of providing the information for:

• baseless or excessive/repeated requests
• further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

This Policy is effective as of 25 May 2018. We reserve the right to change, modify, add or remove portions of this Policy at any time at our sole discretion, and will inform you if we make material changes by indicating on the Policy the date it was last updated or otherwise. When you visit the website or are engaged with us in connection with our board and executive search and assessment services, you are accepting the current version of this Policy as posted on the site at that time.

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out of the relevant purposes and processing conditions.

We may contact you by phone, e-mail or social media. If you prefer a particular contact means over another please just let us know.

To exercise all relevant rights, queries or complaints in relation to data privacy please in the first instance contact our organisation to have the matter investigated either on 020 7566 0190 or via email at privacy@carrkamasa.co.uk. You can also contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Carr Kamasa Design Ltd
East Office A
Gainsborough Studios
1 Poole Street
London N1 5ED
United Kingdom

Tel: 020 7566 0190

Email:privacy@carrkamasa.co.uk

Company Number 02511448. Registered in England and Wales.