We do update this Policy from time to time so please do review this Policy regularly.
Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, Key IVR Ltd.
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a users computer or device.
- Clients means any contact and organisation with contracted services or an agreement with Key IVR Ltd.
How the Law Protects You
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, performance of a contract, to enable billing and remittance, and to contact you for customer service purposes.
How is Your Personal Data Collected?
- Direct interactions. You may give us your Identity Data, Contact Data, Transaction Data, Profile Data, Financial Data and Marketing and Communications Data by using our website, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you
- purchase a product or service (including gift cards) through our website;
- create an account on our website;
- request marketing to be sent to you;
- enter a competition; or
- give us some feedback.
We receive information about you from you when you use our website, complete forms on our website, if you contact us by phone, email, live-chat or otherwise in respect of any of our products and services or during the purchasing of any such product. Additionally, we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter.
Your personal data may be automatically collected when you use our services, including but not limited to, your IP address, device-specific information, server logs, device event information, location information and unique application numbers.
What Type of Data Do We Collect From You?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data includes first name and last name.
- Contact Data means the data we use to contact you including your billing address, delivery address, email address and telephone number.
- Financial Data means the data we use to process your payments for your orders including your payment card details. We do not store or process your card details ourselves, they are processed and stored via one of our contracted third party service providers. We encrypt your payment card details in your browser and securely transfer this data to our relevant third party payment provider to process a payment.
- Transaction Data means details about transactions you have made on our website including the payments to and from you along with other details of products and services you have purchased from us.
- Technical Data means details about the device(s) you use to access our website including your internet protocol (IP) address, browser type and version, location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes your username (email address) and password, your login data, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services. This includes your browsing patterns and information such as how long you might spend on one of our webpages and what you look at and for on our website, the click stream to and from our website, page response times and page interaction information such as scrolling, clicks and mouse overs.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, where you do not provide suitable delivery instructions to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you should this occur.
Third Party Data Sharing
We also collect from and share data with the following providers:
- Essential Service Providers: Sometimes, other businesses give us data about you which we may need for our legitimate interests of conducting business with you and on occasion, they are necessary to perform our contract with you. It usually comprises Financial Data or Transaction Data. This happens when we link through to third party payment providers. They tell us that you have paid for your products and, where relevant and/or necessary they will provide us with your Contact Data and Transaction Data. We also might engage third party contractors to provide us with technical or delivery services that are related to your account with us. We may also pass contact details to delivery service in relation to an order placed with us so you can be contacted about delivery timescales and any delivery issues that could occur.
How We Use Your Personal and Business Data
We will only use your personal and business data when the law allows us to. Most commonly, we will use your data in the following circumstances:
- To process orders or contracts that you have submitted to us;
- To provide you with products and services;
- To comply with our contractual obligations we have with you;
- To help us identify you and any accounts you hold with us;
- To enable us to review, develop and improve the website and services;
- To provide customer care, including responding to your requests if you contact us with a query;
- To administer accounts, process payments and keep track of billing and payments;
- To detect fraud and to make sure what you have told us is correct;
- To carry out marketing and statistical analysis;
- To review job applications;
- To notify you about changes to our website and services;
- To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes; and
- To inform you of service and price changes.
For clients, we do not rely on consent as a legal basis for processing your personal data, including marketing communications to you via email or post as they are related to the services you offer you under contract. You have the right to withdraw consent to marketing at any time by selecting to unsubscribe from the email which will be in every marketing communication we send. Alternatively, you can email firstname.lastname@example.org or fill out a contact us form.
We will, however, need to retain a primary Client contact within your organisation for essential invoice, finance, service and account related communication, in order to meet our contractual obligations in providing a payment service to your organisation and your customers. By default you may be assigned as the primary contact, but you can update this at any time by contacting your Account Manager or fill out a contact us form and allow us to update our client records.
We may call or e-mail non-client contacts who we believe will have a legitimate interest in the products & services that we offer. You have the right to withdraw consent to sales and marketing activity at any time by selecting unsubscribe from the email which will be in every email we send, reply to the email with “Unsubscribe” in the body of the email, or alternatively, you can email email@example.com.
For the avoidance of doubt, we do not and never shall sell your personal or organisation data to third parties for marketing or advertising purposes.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You acknowledge that the Internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information you send to us (or we send to you) via the Internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.
Data Retention Periods
We will keep your personal and organisation data for the duration of the period you are a client of Key IVR Ltd. We shall retain your data only for as long as necessary in accordance with applicable laws.
On the closure of your account, we may keep your data for up to 7 years after you have cancelled your services with us. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
In some circumstances you can ask us to delete your data, contact us to enquire.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Legal Rights
Under certain circumstances, you have rights under UK data protection laws in relation to your personal data.
In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our services or process the cancellation of your service.
You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.
You can view, edit or delete your personal data and to do so please contact us.
You have the right to ask us not to process your personal data for marketing purposes. You will be given the opportunity to opt out of Marketing Communications by selecting the option to unsubscribe which will be provided in every marketing email sent or you can contact us.
Our cookies policy is available to view here.
Please do not hesitate to contact us regarding any matter relating to this Privacy and Cookies Policy via email at firstname.lastname@example.org.