Privacy Notice

Last updated: 26th February 2019

This Privacy Notice has been created to make you, a website user, customer, prospective customer or supplier, aware of how Kabo Creative processes your personal data. We will continue to keep this Privacy Notice updated.

We are committed to providing accurate information to help you to make an educated decision about how, and where, your personal information is stored, processed and used.

We will always make sure that any personal data is protected and treated securely. Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and other UK or EU data protection legislation.

Contacting Kabo Creative

You may contact the data controller at Kabo Creative using the following details.

Email: [email protected]
Postal address: Kabo Creative Limited, Church Close, Church End, Hilton, PE28 9NJ
Company registration number: 10941283
ICO registration number: ZA451305

When does Kabo Creative process your data?

We will collect and process your data when you:

  • Email or telephone us directly
  • Meet us in person and provide your information to us directly
  • Use a contact form or the live chat functionality on the kabocreative.com website
  • Become a customer of Kabo Creative
  • Technical data will be collected, such as your IP address, when you use the kabocreative.com website

We will never sell your personal information to any third parties. Your information will be shared with our data processors as defined in the section below, ‘How does Kabo Creative process your data’.

How does Kabo Creative process your data?

We collect and process your personal data when you use the kabocreative.com website, or when you contact us by telephone or email. We also process your data when you enter into a contract as a customer or supplier of Kabo Creative.

If you have any questions about how we are processing your data, please contact us using the details provided above.

Our legal basis for processing

By law, we need a legal basis for processing the personal data of a client. We will process your data using the legal basis of consent, contract and legitimate interests.

Consent
Consent is given where we ask you for permission to use your information in a specific way and you agree to this. Where we use your information for a purpose based on consent, you have the right to withdraw consent for this purpose at any time. For example, you consent to receive our newsletter.
Contract
We will process your personal data because we have a contract with you and we cannot fulfil our part of the contract without using your data. For example, we need your name to contact you about your website or services.
Legitimate interests
We have a basis to use your personal information if it is reasonably necessary for us to do so and in our “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).

For example, we have a legitimate interest to keep your personal data on our systems in order to keep it secure, process it and to provide you with a service. We also have a legitimate interest to send you marketing material when you are a customer.

We only rely on legitimate interests where we have considered any potential impact on you, whether or not our processing is excessive and that our processing does not override your rights.

You have the right to object to our processing your personal data because of our legitimate interests. Please contact us if you have any concerns.
Responding to and processing email communications or telephone numbers from prospective customers

Legal Basis: Contract
Recipient(s) of your data: Microsoft
Retention period: 5 years after last communication

Responding to and processing email communications or telephone numbers of customers
Legal Basis: Contract
Recipient(s) of your data: Microsoft
Retention period: 5 years after the end of the final contract or invoice
Customer details that are required for invoices (names, name of business, email, phone)
Legal Basis: Contract
Recipient(s) of your data: HMRC
Retention period: 7 years after you cease to be a customer
Storing access to online services for contract purposes, such as password details to customer websites
Legal Basis: Contract
Recipient(s) of your data: LogMeIn Inc. USA – Privacy Shield
Retention period: 1 year after the end of the final contract or invoice
Providing a functional website via cookies
Legal Basis: Legitimate interest – website usage and access
Recipient(s) of your data: For full list please see our cookie policy
Retention period: Dependent on individual cookie, full details in cookie policy
Providing a secure website using IP addresses
Legal Basis: Legitimate interest – website usage and access
Recipient(s) of your data: Defiant Inc. USA Awaiting copy of Privacy Shield
Retention period: 1 year after the last website visit
Note: we are awaiting the data retention tool from the relevant plugin author. As soon as available, the retention period will be set. The Kabo Creative website has been operating since October 2017, and as such no IP address data has been held for more than one year at this point.
Offering a contact form on our website

Legal Basis: Contract
Recipient(s) of your data: UKDedicated Ltd.
Retention period: 1 year from date of using the contact form
Note: we are awaiting the data retention tool from the relevant plugin author. As soon as available, the retention period will be set. The Kabo Creative website has been operating since October 2017, and as such no data provided through a contact form has been held for more than one year at this point.

Website backups

Legal Basis: Legitimate interest – website usage and access
Recipient(s) of your data: UKDedicated Ltd.
Retention period: 30 days

Enabling blog comment subscriptions – currently not operating
Legal Basis: N/A
Recipient(s) of your data: N/A
Retention period: N/A
Note: prior to GDPR we allowed blog commenters to subscribe, allowing you to be notified by email when your comment was replied to, or another comment was posted on the same blog post. We have been unable to find a service provider who are clear enough about how, where and for how long they store your data in order to provide this service. We hope to bring this service back to our website in the future.
Live chat

Legal Basis: Contract
Recipient(s) of your data: Drift.com, Inc. USA – Privacy Shield
Retention period: 1 year
Note: we are awaiting the data retention tool from the relevant plugin author. As soon as available, the retention period will be set. The Kabo Creative website has been operating since October 2017, and as such no data provided through a contact form has been held for more than one year at this point.

Additional information on digital marketing tools
The Kabo Creative website uses Google Analytics and Facebook Advertising. Both place cookies on your browser as detailed in our cookie policy.

We use the Universal Analytics version of Google Analytics, which anonymises your IP address. No personal information will be stored by Google Analytics for any longer than 26 months.

For full information on how Google and Facebook process your information, and how you can edit these settings, please visit their respective policies:

We do not collect or process any special categories of personal data (such as your race, sexual orientation, information about your health, etc.) and neither do we intend to collect or process any personal information belonging to a child.

Our services, products and offering are exclusively aimed at adults for business purposes. Please do not provide your details to us in any format if you are aged under 18.

Data transfers out of the EU or EEA

Our servers and your data are located in the UK; however, we work abroad on occasion and will be access our servers in the UK. The countries that we are visit are, on occassion, non-adequate countries for data transfer as determined by the European Commission.

Your data is protected by EU Model Contracts between you and us. The EU Commission has determined that EU Model Contracts are sufficient safeguards on data protection for the data to be transferred internationally. You can learn more about Standard Contractual Clauses here.

Two of our software providers, Drift.com Inc., LogMeIn Inc. USA, are located in the USA. Your data is protected by Drift and LogMeln because they are part of the EU-US and Swiss-US Privacy Shield.

Drift and LogMeln comply with the EU-US and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. They have certified that they adhere to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.

If there is any conflict between their Privacy Policies and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view their certification pages, please click here.

In addition to self-assessment, as participants in the EU-US and Swiss-US Privacy Shield program, Drift and LogMeln are subject to the investigatory and enforcement powers and authority of the U.S. Federal Trade Commission with respect to maintenance of, and adherence to, their Privacy Policies.

Your rights

You have the following rights under the General Data Protection Regulation and the Data Protection Act 2018:

The right to request access to your personal data
You have the right to know what data of yours we are processing and why we are processing it.

You have the right to request a copy of your personal data but we will need to remove information about other people.

We will provide a copy of this data in a widely used machine-readable format within 30 days without charge unless your request is exceptionally large, repetitive or vexatious. We will inform you if this is the case.

The right to rectification of your personal data
Please contact us via email or in writing to update your personal data.
The right to erasure (to be forgotten)

You have the right to request that we delete personal data that we process on you if:

  • We don’t need the data anymore
  • If you withdraw your consent for us to process your personal data
  • If you object to our processing and we don’t have a legitimate ground to process it
  • If we are processing your personal data unlawfully
  • If we must delete the data due to a legal obligation
The right to restrict processing

You have the right to request that we restrict our processing of your personal data under certain circumstances.

The right to object to our processing
You have the right to object to our processing if it is by legitimate interests.
The right to data portability
In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice.
If you would like to exercise any of these rights, please contact us.

If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance. You may also contact the Information Commissioner’s Office here.

Revisions to the Privacy Notice

Updated 26th February 2019
General review and update.

Updated 12th May 2018
Full revision of privacy notice in line with the General Data Protection Regulation (GDPR).

Created 31st October 2017
First privacy notice.