Exeter College Masterplan Consultation
KOR Communications (“We / Our”) are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By visiting this site you are accepting and consenting to the practices described in this policy.
For the purpose of the General Data Protection Regulation (“GDPR”) the data controller is KOR Communications, The West Wing, Old Broadclyst Station, Exeter, Devon, EX5 3AS.
We reserve the right to make changes to this notice as necessary. When we do so we will make previous versions available on request so you can see what these changes are.
GDPR states that the personal data we hold about you must be:
Processed fairly and lawfully;
Used in a way that you would reasonably expect;
Collected and used only for valid purposes that we have clearly explained to you;
Relevant to the purposes we have told you about;
Accurate and kept up to date;
Kept only for as long as necessary for the purposes we have told you about;
Kept securely including ensuring that appropriate technical and security measures are in place to protect your personal data from loss, misuse, unauthorised access and disclosure.
What is personal data?
Personal data is defined by the Information Commissioner’s Office (ICO) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.” This may include but is not limited to name, address, email, identification number, location data or online identifier. Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual.
Information we collect from you
We may collect the following information:
Names, titles and job titles;
Contact details such as telephone numbers, addresses and email addresses;
Photography and video;
Where relevant or where you provide them to us, we may collect information such as gender and date of birth;
How we collect your data
You can give us your personal data in a number of ways. For example:
When you become a client or do any form of business with us;
When you make contact with us through our website, via email, on social media, via telephone or by post;
When you become a supplier or prospective supplier;
If you apply for a job.
When we collect data from you we will ensure it is adequate for the purpose and never excessive.
How we use your personal data
We require personal data to provide the service you have requested or for other purposes that will have been made clear to you, including:
To carry out our obligations arising from any contracts entered into between you and us;
To provide you with the information and services that you request from us;
To notify you about changes to our service;
To ensure that content from our site is presented in the most effective manner for you and for your computer;
To contact you about a submission you have made to the website, or contact you have made via email, on social media, via telephone or by post;
For internal record keeping;
For management reporting and business planning to monitor our own activities;
For other legitimate business purposes;
To keep you updated on our activities;
To contact you for market research purposes, for example to obtain feedback about the service you have received;
Disclosures required by law – the law can require the disclosure of information for various reasons and in such circumstances, we must comply with those requests.
You may opt-
Who we share your personal data with
In the course of business, we may share information with carefully selected organisations which we engage with to provide certain services or to meet our legal obligations. These include:
Software suppliers and tools including MailChimp, Sprout Social, Google Analytics and Response Source;
On occasion, we will user printing companies for Mail Merge communications, or similar;
If KOR Communications Ltd or substantially all of its assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets;
Sending data outside the EEA
Any personal data transferred to countries or territories outside the European Economic Area (“EEA”) will only be placed on systems complying with measures giving equivalent protection of personal rights, either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data may be accessed from overseas.
How long do we keep your personal data
We will endeavour to keep data only for as long as we need it and delete it when no longer required.
When submitting a request or message online, we will keep the data for as long as it takes to process your request.
When applying for a job, we will keep your information until the application closing date. In some cases, we may wish to keep your data on file for future job vacancies but will seek your consent to do so.
When sharing data to become a client or to do business with us, we will keep data for the length of the contract and review what data will be deleted or returned to you upon termination of contract.
When you become a supplier or prospective supplier we will keep data for as long as we require your services.
Your rights and personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
The right to access personal data we hold on you
The right to correct and update the personal data we hold on you
The right to have your personal data erased
The right to object to processing of your personal data or to restrict it to certain purposes
The right to data portability
The right to withdraw your consent to the data processing
The right to lodge a complaint with the Information Commissioner’s Office – details for contacting them are available here.
When we receive your request for any of the above, we will confirm what actions we have taken or the reason why we are not complying with your request.
Cookies and other forms of tracking
When visiting our website, we may use features which collect your IP address and data on which pages you are visiting on our site. We may also issue cookies to enable certain features to function properly, track traffic on our website or improve user experience in other ways. Cookies place certain information on your device to allow this to happen.
GDPR: Film, Photography and Audio recordings
Under GDPR personal data is defined as any information that could be used to identify an individual. As such, under these regulations, photographs, videos and audio recordings where the subject is easily identifiable are considered data and therefore KOR will process them in the same manner as other forms of data. This includes the capturing of the data (ie taking the photograph, filming & recording audio) and storing it.
When a subject is easily identifiable in a photograph, a film or audio recording, KOR will gain the persons consent by asking the subject to sign a photography/ film/ audio release form which will include information about how the photographs, film and audio will be used, distributed and stored. KOR will scan and store the forms in the appropriate project folder so that at any time in the future the data subject can be identified against the image or can ask to see what data you hold on them and for them to request to have it deleted or transported to another controller.
When a subject is below the age of 16 (although this may be lowered to a minimum of 13 in the UK), KOR will seek consent from the child’s parent or guardian and they will be asked to sign the release form on behalf of him / her.
To help with identification when filming or recording audio, the KOR team will encourage the data subject to say ‘on camera’ their name and that they give consent to being filmed or recorded in this way.
Where appropriate the KOR team will seek permission from the venue / location to undertake photography or filming.
When taking crowd photographs or film shots it may not be possible to get consent from each individual. KOR will make sure that the photography or filming is undertaken under the legitimate interest basis due to the fact that their data is being used in a manner which they would “reasonably expect” and with minimal impact on their privacy. To mitigate any potential risk KOR, where possible, will endeavour to announce or make visually clear its intention to photograph or film an event and to ask attendees to make it clear if they would prefer not to be filmed or photographed.
Where possible the KOR photographer or cameraman will be instructed to get a range of crowd photographs or film on the chance that someone may object to their image being used in a particular shot.
KOR will always consider existing privacy laws.
Storage and security
We constantly review our security and follow the guidelines set out by our professional body the PRCA.
KOR office – physical assets;
Our office is alarmed and our main door (the only external door) is locked at all times.
Key internal doors are locked at night
Our server is kept in a locked cabinet
Email virus scanning
Daily backups made and stored off site
All digital media created by KOR in the form of photographs, film or audio is stored on its office-
If you have any questions regarding this statement or you wish to discuss your data, you can contact KOR’s data protection representative:
Telephone: 01392 466733
Post: Guy Newman, KOR Communications, The West Wing, Old Broadclyst Station, Exeter, Devon, EX5 3AS