KFP's Commitment to GDPR
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals citizens of the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
KFP has demonstrated below the key activities it carries out to ensure data is kept safe and secure.
Data protection principles underpin the new General Data Protection Regulation (GDPR). These principles set out obligations for businesses and organisations that collect, process and store individuals' personal data.
Below is KFP's commitment to adhering to the six principles of processing data:
- Lawfulness, fairness and transparency - you must process personal data lawfully, fairly and in a transparent manner in relation to the data subject.
KFP Total IT Solutions (KFP) will only process data that relates to its core business function. As a business that provides IT support to the retail sector, it’s fair to say that the data we store is typically but not limited to IT managers, IT Directors etc. and consists of both existing customers and potential prospects. We only hold data of prospects that we regard as having a genuine interest in our services.
- Purpose limitation - you must only collect personal data for a specific, explicit and legitimate purpose. You must clearly state what this purpose is and only collect data for as long as necessary to complete that purpose.
KFP clearly state on their website, via the contact form option that it offers consent to each and every individual for the storing of submitted data via the website. KFP does this to remain transparent with each and every visitor on our website.
- Data minimisation - you must ensure that personal data you process is adequate, relevant and limited to what is necessary for relation to your processing purpose.
KFP keep data acquisition to the minimum required to enable the business to function, offer a great service to our customers, partners, vendors and prospects. KFP will not gather data that is unnecessary but will ensure that any data captured is up to date, relevant to our core business and processed securely.
- Accuracy - you must take every reasonable step to update or remove data that is inaccurate or incomplete. Individuals have the right to request that you erase or rectify erroneous data that relates to them and you must do so within a month.
We make every effort to ensure data is kept up to date and to remove any redundant data of customers, partners, vendors and prospects. This is often achieved by cleaning data via telemarketing and confirming via email if said individuals are no longer at the organisation.
- Storage limitation - You must delete personal data when you no longer need it. The timescales in most cases aren't set. They will depend on your business’ circumstances and the reasons why you collect this data.
We believe that is it genuinely good practice to remove stored data captured from the website and any other marketing channels within 12 months. Customer data in our CRM is kept secured indefinitely for historical data and financial reporting purposes.
- Integrity and confidentiality - You must keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Integrity and confidentiality form part of KFP’s internal code of conduct (these are the expectations set out and required from each internal KFP employee) and we take every step in ensuring data is safe, secure and preventable of unlawful processing from any person(s) outside of KFP.