Kinneir Dufort Privacy Policy

V2 Page last updated on January 16 2024.

Kinneir Dufort processes all personal data collected in accordance with the UK General Data Protection Regulation (UK GDPR), tailored by the Data Protection Act 2018.

Kinneir Dufort is the Data Controller for the personal information we collect, such as our employee information and business contact information.  We are also the Data Controller where we decide which research participants to select and the methodology to be employed. Where you take part in our research and KD is not the Data Controller, we will clearly inform you who the Data Controller for the Research is.

We are registered with the ICO our registration number is ZA197452, and we are responsible for protecting this information in accordance with this policy.

HOW WE USE YOUR INFORMATION

This privacy notice tells you what to expect when Kinneir Dufort collects personal information. It applies to the information we collect when:

  1. You visit our website
  2. You contact us via social media
  3. You email us
  4. You come to our office
  5. You apply for a job with us
  6. You use our services
  7. You subscribe to our marketing information
  8. You are one of our suppliers
  9. You take part in our product research

Please click on the links individual links for more information on the data processing and retention.

Your rights

As a data subject, you have a number of rights. You can:

  • Access and obtain a copy of your data on request;
  • Require KD to change incorrect or incomplete data;
  • Require KD to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
  • object to the processing of your data where KD is relying on its legitimate interests as the legal ground for processing.

If you would like to exercise any of these rights, please contact us in writing via post, to The Chief Operating Officer, Kinneir Dufort Design Limited, 5 Host Street, Bristol, BS1 5BU or by email to dataprotection@kinneirdufort.com

Access to personal information and how to get it corrected or deleted

Individuals can find out if we hold any of their personal information by making a ‘subject access request’, in writing to the address at ‘How to Contact us’ below. If we do hold information about you we will:

  • Give you a description of it
  • Tell you why we are holding it
  • Tell you who it has been/could be disclosed to
  • Let you have a copy of the information

You may also request that your information is corrected or deleted which we will do and confirm to you that this has been done unless a regulatory or legal reason prevents this. We will explain to you why we cannot delete your data if a regulatory or legal reason prevents this.

We will ask you for proof of identification before we correct or delete your information.

If you believe that KD has not complied with your data protection rights, you can complain to the Information Commissioner’s Office.

HOW TO CONTACT US

If you would like further information on our privacy policy, please email dataprotection@kinneirdufort.com or contact us at the following address:

Data Privacy

Kinneir Dufort Design Limited
5 Host Street
Bristol

BS1 5BU

1) WHEN YOU VISIT OUR WEBSITE

When someone visits www.kinneirdufort.com we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website.

1a) Cookies

We may use cookies and pixel tags to collect information about your use of our website to help us make improvements to our website. Cookies are small data files that are sent to your browser and pixel tags are needed in order to read cookies. Some cookies sent to your browser will help to save you time. You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled. Cookies are usually automatically enabled, but you can choose not to accept them, you can choose to delete existing cookies from your browser or, by editing your browser options, choose not to allow cookies in future.

1b) Measuring website usage (Google Analytics)

We use Google Analytics on an ongoing basis to collect information about how people use the website. We do this to make sure we are meeting our users’ needs and to understand how we can improve the site.

Google Analytics stores information about what pages you visit, how you got here and what you click on. We do not collect or store any personal information (e.g. your name or address) so this information cannot be used to identify you. We do not allow Google to share our analytics data.

We use Google Analytics Demographics and Interest Reporting to more accurately determine visitors by age, gender and interests. This helps us better establish the types of content we make available and what we produce online is relevant to our audiences.

You can opt out of Google Analytics by implementing the Google Analytics Opt-out Browser Add-on .

2) WHEN YOU CONTACT US VIA SOCIAL MEDIA

If you send us a private or direct message via social media the message will not be shared with any other organisations.

3) WHEN YOU EMAIL US

We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software.

4) WHEN YOU COME TO OUR OFFICE

CCTV is used at our office for personal safety and security reasons. The data will be stored for 30 days before being deleted from our servers. Signage is in place to inform visitors that we have CCTV and access to the data is controlled by Sam Reeves.

5) WHEN YOU APPLY FOR A JOB WITH US

As part of any recruitment process, Kinneir Dufort (KD) collects and processes personal data relating to job applicants. KD is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

5a) What information does KD collect?

KD collects a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • details of your qualifications, skills, experience and employment history;
  • your current level of remuneration, including benefit entitlements;
  • whether or not you have a disability for which KD needs to make reasonable adjustments during the recruitment process; and
  • information about your entitlement to work in the UK.

KD may collect this information in a variety of ways. For example, data might be contained in CVs, application forms, obtained from your passport or other identity documents, or collected through interviews.

KD may also collect personal data about you from third parties, such as recruitment agencies, references supplied by former employers and information from criminal records checks (e.g. from the Disclosure and Barring Service (DBS)), where this is relevant to role.

Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

5b) Why does KD process personal data?

KD needs to process data to take steps at your request prior to entering into a contract with you. It may also need to process your data to enter into a contract with you.

In some cases, KD needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.

KD has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows KD to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. KD may also need to process data from job applicants to respond to and defend against legal claims.

KD may process special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. It may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. KD processes such information to carry out its obligations and exercise specific rights in relation to employment.

For some roles, KD is obliged to seek information about criminal convictions and offences. Where KD seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.

KD will not use your data for any purpose other than the recruitment exercise for which you have applied.

5c) Who has access to data?

Your information may be shared internally for the purposes of the recruitment exercise. This involves HR (including any contracted HR Consultants), interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.

KD will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. KD will then share your data with former employers to obtain references for you, and the Disclosure and Barring Service (DBS) to obtain necessary criminal records checks (where this is appropriate for the role).

KD will not transfer your data outside the European Economic Area, unless your application for employment is successful and it makes you an offer of employment. Where a member of staff’s employment with KD requires study, employment, or a placement at another organisation it may be necessary for KD to transfer personal data to the external educational institution or employer, whether this is within the UK or abroad. This may require some data being sent outside the EEA to countries which may have lower standards for the protection of personal data.

KD will not transfer your data outside the UK, EEA or countries who have an GDPA adequacy status without ensuring appropriate legal and technical controls.

5d) How does KD protect data?

KD takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees, or consultants contracted on its behalf in the proper performance of their duties.

5e) For how long does KD keep data?

If your application for employment is unsuccessful, KD will hold your data on file for 12 months after the end of the relevant recruitment process. At the end of this period your data will be deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your HR file and retained during your employment. The periods for which your data will be held will be provided to you in the HR Records Retention Policy.  Further information on how data is used in the course of employment is detailed in KD’s HR Privacy Notice.

5f) Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require KD to change incorrect or incomplete data;
  • require KD to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
  • object to the processing of your data where KD is relying on its legitimate interests as the legal ground for processing.

If you would like to exercise any of these rights, please contact us in writing via post, to The Chief Operating Officer, Kinneir Dufort Design Limited, 5 Host Street, Bristol, BS1 5BU or by email to dataprotection@kinneirdufort.com

5g) What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to KD during the recruitment process. However, if you do not provide the information, KD may not be able to process your application properly or at all.

5h) Automated decision-making

Recruitment processes are not based solely on automated decision-making.

6) WHEN YOU USE OUR SERVICES

When you use KD for your project, we need to store sufficient personal information to allow us to complete our contract with you.

6a) What information does KD collect?

KD collects a range of information about you. This includes:

  • your name, company address and contact details, including your company email address, company postal address and telephone number (fixed line and/or mobile line as you choose to provide us);

Data will be stored in our management information system.

6b) Why does KD process personal data?

KD needs to process data this information so that we can contact you regarding your project.

If you are an existing client of Kinneir Dufort we will send you information we believe will interest you. You will always be given the option to opt out of receiving further information.

As a new or potential client, we will always ask you whether you want to opt-in to receiving information from us before we send you anything. You will always be given the option to opt out of receiving further information.

Further details on what happens when you subscribe to our marketing information is given below.

6c) Who has access to data?

Your information may be shared internally for the purposes of completing our contract with you and IT staff if access to the data is necessary for the performance of their roles.

We may need to share your data with a bank or finance provider (for example to process your invoice) but KD will not share your data with any other third parties.

KD will not transfer your data outside the European Economic Area.

6d) How does KD protect data?

KD takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees, or consultants contracted on its behalf in the proper performance of their duties.

6e) For how long does KD keep data?

We will keep your data whilst you are a client and for 3 years after you last interacted with us as a client.

6f) Access to personal information and how to get it corrected or deleted

Individuals can find out if we hold any of their personal information by making a ‘subject access request’, in writing to the address at ‘How to Contact us’ below. If we do hold information about you we will:

  • Give you a description of it
  • Tell you why we are holding it
  • Tell you who it has been/could be disclosed to
  • Let you have a copy of the information

You may also request that your information is corrected or deleted which we will do and confirm to you that this has been done unless a regulatory or legal reason prevents this. We will explain to you why we cannot delete your data if a regulatory or legal reason prevents this.

We will ask you for proof of identification before we correct or delete your information.

7) WHEN YOU SUBSCRIBE TO OUR MARKETING INFORMATION

We want you as a client or potential client to understand how we can help you solve your design, innovation and technology challenges. We would love to send you relevant information about our business and the work we do, via email and post and telephone.

If you are an existing client of Kinneir Dufort we will send you information we believe will interest you. You will always be given the option to opt out of receiving further information.

As a new or potential client, we will always ask you whether you want to opt-in to receiving information from us before we send you anything. You will always be given the option to opt out of receiving further information.

7a) What information does KD collect?

KD collects a range of information about you. This includes:

  • your name, company address and contact details, including your company email address, company postal address and telephone number (fixed line and/or mobile line as you choose to provide us);
  • the market sector you work in.

Data will be stored in our management information system.

7b) Why does KD process personal data?

KD needs to process data this information so that we can send you relevant information about our business and the work we do, via email and post and telephone.

We do not use your data in ways we think you would find intrusive.

We will use your personal data to do the following:

  • Select material which we believe will be of interest to you based on the market sector you work in
  • Send you our e-newsletter ‘Perspective’ which will include news that would be of interest in your market sector, examples of KD work/ projects and thought leadership articles. We expect to send you around 4 e-newsletters a year
  • Send you additional ad-hoc bespoke E-Newsletters sharing specific news that is of interest and relevant KD project work and thought leadership.
  • Send you our e- Christmas Card in December, to wish everyone a Merry Christmas from KD.

7c) Who has access to data?

Your information may be shared internally for the purposes of the selecting and sending you relevant information and IT staff if access to the data is necessary for the performance of their roles.

KD will not share your data with third parties with the exception of loading your data into MailChimp which is the third party software we use to distribute our marketing material by email.

KD will not transfer your data outside the European Economic Area.

7d) How does KD protect data?

KD takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees, or consultants contracted on its behalf in the proper performance of their duties.

7e) For how long does KD keep data?

We will keep your data whilst you are a client and for 3 years after you last interacted with us as a client or potential client.

8) WHEN YOU SUPPLY TO US

We hold supplier details to allow us to place orders with suppliers and to process payments. The data we hold on suppliers is:

  • contact names
  • contact telephone numbers
  • organisation addresses
  • organisation email addresses
  • organisation bank details
  • data to allow us to qualify you as an approved supplier (ISO standards held, levels of insurance held, statements from you on your policies for health and safety, business continuity, governance and corporate responsibility

Supplier details are stored in our secure Management Information System and our secure IT systems.

We may need to share your data with a bank or finance provider (for example to process your invoice).

We do not contact any of our suppliers with marketing information.

9) WHEN YOU TAKE PART IN OUR PRODUCT RESEARCH

Recruitment for our product research may be undertaken by us or by our carefully selected research partners.

Whether the research is carried out by us or by our partners, we will inform you before collecting data and will make it very clear to you what data we are collecting, for what purpose and for how long the data will be kept. We We will also provide you with clear instructions for how to get your personal information deleted where possible or corrected.

KD takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees, or consultants contracted on its behalf in the proper performance of their duties.

9a) What information does KD collect?

KD collects a range of information about you. This includes:

  • Your name, address, and contact details, including email address and telephone number, recorded at the point of recruitment.
  • Details relevant to the research topic, including but not limited to purchasing habits, family and dependent information, home type and lifestyle information, recorded at the point of recruitment.
  • Audio, photographs and video, recorded during research sessions.

KD may collect this information in a variety of ways. For example, data might be collected in emails, telephone conversations or obtained from third party specialist research recruitment companies.

Data will be stored in a range of different places including KD’s secure server and email. It may also be transferred using file sharing services such as Dropbox and WeTransfer.

9b) Why does KD process personal data?

KD needs to process data to ensure that you meet the criteria for a specific research session. Each research topic is different, and requires a profile of participant.

KD will also use your data in the analysis of any research findings. For example, personal information can be used to understand differences in responses from participants based on criteria such as gender, or interests.

KD may process special categories of personal data, such as information about ethnic origin, disability information or political attitudes, to ensure that the research participants are representative of a given population, and suitable for the topic area being researched.

KD will not use your data for any purpose other than the research exercise for which you have agreed to take part and the analysis and reporting that follows.

9c) Who has access to data?

Your information may be shared internally and with the client organization for the purposes of the research project. KD will not share your data with any other third parties.

If the client is based outside of the UK and European Economic Area (EEA) it may be necessary for KD to transfer personal data to countries outside of the EEA, which may have lower standards for the protection of personal data. For example, audio, photographs or video of a research session included in reports sent to the client organisation.

9d) How does KD protect data?

KD takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees, or consultants contracted on its behalf in the proper performance of their duties.

9e) For how long does KD keep data?

Personal information obtained during recruitment (e.g. name, email address, phone number) will be kept until the final project deliverables have been delivered to the client organisation.

Personal information obtained during fieldwork (e.g. audio, photographs or video) will be kept for the life of the project, or for 7 years, whichever is first.