PRIVACY POLICY

This website collects some Personal Data from its Users.

Data Owner:    Kenfin Holdings Ltd, 29 Farm St, Mayfair, London, W1J 5RL, United Kingdom.

Types of Data collected

Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Company name, First Name, Last Name, Email address, Cookie and Usage data.

Other Personal Data collected may be described in other sections of this privacy policy or by dedicated explanation text contextually with the Data collection.

The Personal Data may be freely provided by the User, or collected automatically when using this Application.

Any use of Cookies – or of other tracking tools – by this Application or by the owners of third party services used by this Application, unless stated otherwise, serves to identify Users and remember their preferences, for the sole purpose of providing the service required by the User.

Failure to provide certain Personal Data may make it impossible for this Application to provide its services.

Users are responsible for any Personal Data of third parties obtained, published or shared through this Application and confirm that they have the third party’s consent to provide the Data to the Owner.

If you have any questions, please contact our Data Protection Officer (“DPO”). Our DPO can be reached via email at info@kenfin.co.uk

Mode and place of processing the Data

Methods of processing

The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.

Place

The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.

Retention time

The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data.

The use of the collected Data

The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Contacting the User and Interaction with external social networks and platforms and for purposes of backing up onto a third party server.

The Personal Data used for each purpose is outlined in the specific sections of this document.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

  • Contact form (This Application)

By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.

Personal Data collected: Company name, Email address, First Name and Last Name.

  • These services allow interaction with social networks or other external platforms directly from the pages of this Application.

The interaction and information obtained by this Application are always subject to the

User’s privacy settings for each social network.

If a service enabling interaction with social networks is installed it may still collect traffic data for the pages where the service is installed, even when Users do not use it.

Facebook Like button and social widgets (Facebook, Inc.)

  • The Facebook Like button and social widgets are services allowing interaction with the

Facebook social network provided by Facebook, Inc. Personal Data collected: Cookie and Usage data. Place of processing: USA – Privacy Policy

LinkedIn button and social widgets (LinkedIn Corporation)

The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.

Personal Data collected: Cookie and Usage data. Place of processing: USA – Privacy Policy

Additional information about Data collection and processing

Legal action

The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.

The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

Additional information about User’s Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular services or the collection and processing of Personal Data upon request.

System Logs and Maintenance

For operation and maintenance purposes, this Application and any third party services may collect files that record interaction with this Application (System Logs) or use for this purpose other Personal Data (such as IP Address).

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the

Data Controller at any time. Please see the contact information at the beginning of this document.

The rights of Users

Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.

This Application does not support “Do Not Track” requests.

To determine whether any of the third party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Data Controller removes the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.

Information about this privacy policy

The Data Controller is responsible for this privacy policy, prepared starting from the modules provided by Iubenda and hosted on Iubenda’s servers.

Definitions and legal references

Personal Data (or Data)

Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.

Usage Data

Information collected automatically from this Application (or third party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the

Application) and the details about the path followed within the Application with special reference to

the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

User

The individual using this Application, which must coincide with or be authorized by the Data

Subject, to whom the Personal Data refers.

Data Subject

The legal or natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor)

The natural person, legal person, public administration or any other body, association or organization authorized by the Data Controller to process the Personal Data in compliance with this privacy policy.

Data Controller (or Owner)

The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.

This Application

The hardware or software tool by which the Personal Data of the User is collected.

Cookie

Small piece of data stored in the User’s device.

Legal information

Notice to European Users: this privacy statement has been prepared in fulfilment of the obligations under the regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive), on the subject of Cookies.

This privacy policy relates solely to this Application.

How to request your personal information

You have the right to get a copy of the information that is held about you. This is known as a subject access request. This right of subject access means that you can make a request under the Data Protection Act to any organisation processing your personal data.

However, it is important to remember that not all personal information is covered and there are

‘exemptions’ within the Act which may allow an organisation to refuse to comply with your subject access request in certain circumstances.

The Data Protection Act does not stop you making a request on someone else’s behalf. This is often necessary for a solicitor acting on behalf of a client, or it could simply be that an individual wants someone else to act for them.

In these cases, the organisation will need to satisfy itself that the third party making the request has the individual’s permission to act on their behalf. It is the third party’s responsibility to provide this evidence, which could be a written authority to make the request, or a power of attorney.

If a person does not have the mental capacity to manage their own affairs and you are their attorney, for example you have a Lasting Power of Attorney with authority to manage their property and affairs, you will have the right to access information about the person you represent to help you carry out your role.

When requesting your personal information from us, you should include the following information:

  • your full name, address and contact telephone number;
  • details of the specific information you require and any relevant dates.

A 30-day deadline applies when dealing with requests to provide personal information subject to us receiving the fee and sufficient details of your request.

Your rights under applicable data protection law:

Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018):

  • The right to be informed about our processing of your personal data;
  • The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your personal data;
  • The right to restrict processing of your personal data;
  • The right to have your personal data erased (the “right to be forgotten”);
  • The right to request access to your personal data and information about how we process it;
  • The right to move, copy or transfer your personal data (data portability”); and
  • Rights in relation to automated decision making including profiling.

You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk

Data anonymisation and aggregation

Your personal data may be converted into statistical or aggregated data which can’t be used to identify you, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.