Our Commitment to Privacy
This notice explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure. This notice informs you of our commitment to the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). This notice informs clients and other affected parties in understanding how we hold and process personal data, along with the rights of individuals to be informed who may wish to query what data is held about them.
Additionally, this notice explains our online information practices and choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our website and at the point of accepting instructions.
Who are We?
Data is collected, processed and stored by KPEA (UK) Limited (“KPEA“). We are what is known as the “data controller” of the personal information you provide to us, and the “data processor” of any personal information provided to us in the course of our business by another data controller.
KPEA is a limited company registered with Company number 5720243, and with the Information Commissioner’s Office under registration reference ZA372096. Our certificate is available here. Our data protection contact is Lorna Bevins, to whom all queries regarding data protection matters should be directed by email to firstname.lastname@example.org.
Reasons/purposes for processing information
Our business can be broken down into the following activities::
- Process serving;
- Road Traffic Act investigations;
- Providing status reports
- Providing transcription services
In order to carry out our business, we need to process a range of personal data about individuals, as part of our daily operations, as well as to maintain our own accounts and records.
Type/classes/categories of information processed
We process information relating to the above reasons/purposes. The exact information we request from you will depend on what you have asked us to do or what we are contracted to do for you. This information could include, for example:
- personal details
- investigation brief, results and related information
- family details
- financial details
- education and employment details
- goods and services
- lifestyle and social circumstances
- images of individuals captured by camera or video
This notice also applies to personal information collected or submitted should you fill out a “contact us” form or otherwise contact us via this website. The types of personally identifiable information collected in this way are: name, email address, phone number and any other information you provide about yourself. We use any information you provide about yourself via this website solely to respond to your query.
Who the information is processed about
We process personal information about:
- Government, commercial and private debtors
- the subjects of investigations
- business contacts
- advisers and other professional experts
Lawful Basis for processing
We process all personal data lawfully, fairly and in a transparent manner when providing our services.
Where you supply us with information about yourself, we will ask you to provide us with your personal data to allow us to carry out your requests – which will ordinarily be to represent you and fulfil our contractual obligations to you.
Where we process data shared with us by third parties, we do so only where we have satisfied ourselves that they have a legitimate reason to require our services which does not infringe your fundamental rights, including the right to privacy, in accordance with DPA and GDPR.
Additionally, some of the work we do may require us to hold and process sensitive data/special categories data, for example, relating to racial or ethnic origin, health or criminal convictions. We will always process such data lawfully, fairly and in a transparent manner and in accordance with DPA and the GDPR, and from time to time by explicit consent where required.
Sources of personal data
The data we process originates from legally compliant publicly available and open source information, and personal data manifestly made public by the data subject. In addition it is supplied by our clients or suppliers of business to enable us to fulfil our obligations to them.
Automated decision making and profiling
We do not utilise automated decision making and profiling as stated in DPA and GDPR.
Who the information may be shared with
We sometimes need to share the personal data we process with other organisations. Disclosure is made on a strictly limited “need to know” basis where there is clear justification for transferring the information – either because the individual has consented to the transfer or because disclosure is required to perform a contract to which the individual is party, or for a legitimate purpose that does not infringe the individual’s fundamental rights, including the right to privacy. In each case assurances are sought from the recipient that they will only use the personal data for legitimate/authorised purposes and keep it secure.
What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons:
- police forces
- government client departments
- legal clients
- current, past or prospective employers
- professional investigators
- business associates and other professional bodies and advisers
- education and examining bodies
- family, associates or representatives of the person whose personal data we are processing
- regulatory and statutory bodies
- certification bodies for audit purposes
- professional advisers
- government authorities eg the police
In line with common practice within our profession, a significant amount of our processing activity is carried out by third parties engaged by us. This is always subject to us satisfying ourselves that personal data will be kept securely in accordance with DPA, GDPR and our specific directions.
Prior to any business relationship we will request from Clients personal information such as name, address, telephone number and email. We also obtain consent to process said information to confirm the accuracy of such details. In the event we do not proceed with an assignment the information will immediately be destroyed.
Handling of personal data – Security, Protection and Retention
We adhere to the requirements of DPA and GDPR to process all personal data in accordance with six “Data protection principles”, namely it must be:
- Fairly and lawfully processed;
- Processed for specified, explicit and legitimate purposes;
- Adequate, relevant and limited o what is necessary for the purposes for which it is processed;
- Accurate and up to date to the best of our knowledge;
- Not kept for longer than is necessary for the purposes for which it is processed
- Processed securely
We are committed to protecting the data we hold about you and ensuring it is secure, private and confidential. We have put in place robust technical, physical and managerial controls to protect the confidentiality, integrity and availability of information we hold about you.
We use computer safeguards such as firewalls malware/anti-virus and recommended cyber security measures and we enforce, where possible, physical access controls to our offices and files to keep data safe.
We do not ordinarily encrypt emails sent in the course of carrying out your work. We will at all times consider what information is being sent by email, and any information which we, as part of our risk-based approach, consider to require additional protection will be attached in a password-protected document.
We will not transfer any of your information outside the European Economic Area without ensuring the information is given an adequate level of protection under the DPA and GDPR.
We cannot guarantee the privacy of personal information you transmit over the web or that may be collectable in transit by others, including contractors who provide services to us.
How Long will we Keep Your Data for?
Your personal information will be retained only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:
- As long as necessary to carry out your work;
- For a minimum of 10 years from the conclusion or closure of your legal work; in the event that you, or we, need to re-open your case for the purpose of defending complaints against us;
- As long as necessary to fulfil our legal, regulatory and/or business record retention requirements.
We treat this information as private and confidential and will protect it in accordance with this privacy notice for as long as we retain it.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). Please note that w may be entitled to retain your data despite your request (see above).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, please submit your request in writing to: The Data Controller, Keith Parsons Enquiry Agency, 27 Prospect Lane, Solihull, West Midlands B91 1HN. Please note Under the DPA & GDPR we are required to verify the identity of the person submitting an objection, therefore all such requests must include the individual’s full name, address and telephone number. The sender may also be requested to supply paper evidence of their identity.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Right to complain
If you wish to make a complaint about how we have handled your personal data, you can contact Lorna Bevins in the manner set out in the paragraph at the beginning of this notice, headed “Who are We”, who will investigate further.
If you are not satisfied with our response, or believe that we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
What is a cookie?
A cookie is a small piece of text that is stored on your computer, phone or other mobile device when using a browser to connect to the internet. Cookies have many uses but specifically, they are used to store information about you on your computer. Unless you have specifically set your computer to reject cookies, websites will already have been using cookies to enhance your online experience.
The cookies we use on keithparsons.co.uk collect basic information about our visitors including what pages have been visited and how they found our website. The information we gather does not identify anyone and we make no attempt to find out who has been to our site.
If you do not want to receive cookies from this website, select cookie settings under the privacy settings in your browser options, then add our domain to the list of websites you do not want to accept cookies from.
The cookies we use on our website
Google Analytics: The Google Analytics cookie contains a randomly generated ID used to recognise your browser when you read a page. The cookie contains no personal information and is used only to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the site. This information is only processed in a way which does not identify anyone.
People who use our online services
We will not give your contact information to any other organisation unless legally obliged to do so.
Managing your cookies
To manage your Google Analytics cookies, you can visit the Google Analytics help page, however please bear in mind that information obtained from Google Analytics goes towards improving the user experience on our site.
Changes to this Privacy Notice
We may update this Privacy Notice from time to time, and we will notify you about significant changes in the way we treat personal information by placing a prominent notice on our website.
This Privacy Notice was updated on 20th May 2019.