KM2 Ethical Finance Ltd (“KM2”) remains committed to protecting and respecting the privacy of all of its friends, clients, website visitors and personnel.
For the purpose of applicable Data Protection legislation, the data controller is KM2 Ethical Finance Limited, a company incorporated and registered in England and Wales with company number 11898213 and whose registered office is at Unit 11, Foundry Business Park, Station Approach, Hockley SS5 4HS.
A privacy notice is a document that organizations give to individuals that describes the way their personal data is being collected and used. The note helps to promote transparency and also give you greater control over how your data is used.
Transparency is a key principle of the GDPR, as it ensures that personal data is not being used against an individual’s knowledge or will. Organizations must, therefore, explain in simple terms what data they are collecting, why they need it, what it’s being used for and whether any third parties will have access to the data.
Information we may collect from you
We may collect and process the following data about you:
Information you give us.
You may give us information by filling in forms on our website, or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our website, subscribe to any of our services, and when you report a problem with our website. The information you give us may include your name, e-mail address, and mobile or landline telephone number, and your social media account details.
Information we collect about you.
With each of your visits to our website, we may automatically collect the following statistical information about your browsing actions and patterns. This information does not identify you or any other individual:
technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type, and version, time zone setting, browser plug-in types and versions, operating system and platform; andinformation about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. If you contact us, we may keep a record of that correspondence.
Information we receive from other sources.
From time to time we may work with third parties (including, for example, business partners, sub-contractors in advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
If you register to attend an event organised by us.
When you register to attend any events we may organise, we will collect the following information from you: name, title, address, email address, company and phone number. We need to use your personal information in this way to confirm your attendance at the event.
We may provide a delegate list to the organizations and other individuals who attend our events. We do this because our events provide a useful network opportunity and we have a legitimate interest in wanting to help build and develop the scientific community. You can object to us using your information in this way by contacting us at email@example.com.
When you phone us or contact us.
When you phone us or otherwise contact us, we may also handle your personal information (your name, contact details and the other details you provide to us) in order to provide the customer services you have requested. We rely on your consent to handle your personal information in this way. If you do not provide us with the personal information we request from you for customer service purposes, we may not be able to fully answer your queries.
To make our website better.
We may also use your personal information to provide you with a more effective user experience.
Our use of your information in this way means that your experience of our site will be more tailored to you, and that the products you see on our site may differ from someone accessing the same site with a different purchase history or browsing habits.
We may also share your aggregated, anonymous data with third party analytics and search engine providers that assist us in the improvement and optimization of our site.
We will also use your personal information for the purposes of:
Ensuring that content from our website is presented in the most effective manner for you and for your computer.
Making our site more secure.
Administering our site.
Internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
We process your data for this reason because we have a legitimate interest to provide you with the best experience we can, and to ensure that our site is kept secure.
You can prevent us from using your personal information in this way by using the ‘do not track’ functionality in your internet browser. If you enable do not track functionality, our site may be less tailored to your needs and preferences and some parts of the site may not function correctly if cookies are turned off.
Disclosure of your information
We may share your personal information with any member of our group as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
Analytics and search engine providers that assist us in the improvement and optimization of our Site; and
Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
If KM2 or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
Where we store your personal data
If we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
The retention periods for the personal data
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Where you have agreed to use our services, we will retain your data for a period of 6 years of inactivity for legal purposes to ensure that we are able to assist you should you have any questions, feedback or issues in connection with a product you have purchased from us or if any legal issues arise.
Where we have used your personal information to contact you for marketing communications:
We will contact you at least every 3 years to ensure you are happy to continue receiving electronic communications; or every 5 years to ensure you are happy to continue receiving postal and telephone communications from us.
If you tell us that you no longer wish to receive marketing communications from us, we will stop sending them to you.
Where we have processed your data for any other reason (such as where you have contacted us with a question in connection with potentially purchasing a product) we will only retain your data for 3 years if you have been inactive during this period.
The purposes of the processing
We use information held about you in the following ways:
To perform our contract with you.
If you enter into a contract with KM2, we use your personal information to carry out our obligations, to notify you about changes to our service and to provide you with the information, products and services that you request from us. The details we collect from you will include your name, address, payment and other contact details.
To perform the contract, we may share your personal information with our subcontractors who are involved in the purchase process, such as payment providers, as well as credit reference agencies who we use to assess fraud, credit and/or security risks.
We need to process your personal information in this way to enter into and perform the contract for the services you are obtaining from us.
To provide you with marketing material.
If you have opted in via our website, we will handle your personal information (such as your name, email address, postal address and telephone number) to provide you with marketing communications in line with any preferences you have told us about. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. When we send you marketing emails, if you opted in via our website, we rely on your consent to contact you for marketing purposes. If you are a business and did not opt in, we rely on our legitimate interest to promote our business to send you marketing emails. Every email we send to you for marketing purposes will also contain instructions on how to unsubscribe from receiving them.
You are not under any obligation to provide us with your personal data for marketing purposes.
If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please contact us at firstname.lastname@example.org stating your wish to unsubscribe.
Your rights under data protection legislation
Right to object.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting webmaster@KM2ethical.com.
You also have the right to object to us handling your personal information when we are doing so based on our legitimate interests (as described in the “Uses made of the information” section above). If you ask us to stop handling your personal information in this way, we will stop unless we can show you that we have compelling grounds why our use of your personal information should continue.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Right to access information.
The act gives you the right to access information held about you. Your right of access can be exercised in accordance with data protection legislation.
Right to rectification.
You have the right to require us to rectify any inaccurate personal information we hold about you. You also have the right to have incomplete personal information we hold about you completed, by providing a supplementary statement to us.
Right to restriction.
You can restrict our processing of your personal information where:
You think we hold inaccurate personal information about you;
our handling of your personal information breaks the law, but you do not want us to delete it;
we no longer need to process your personal information, but you want us to keep it for legal reasons; or
where we are handling your personal information because we have a legitimate interest (as described in the “Uses made of the information” section above and are in the process of objecting to this use of your personal information.
Where you exercise your right to restrict us from using your personal information, we will then only process your personal information when you agree, except for storage purposes and to handle legal claims.
Right to data portability
You have the right to receive the personal information we hold about you in a structured, standard machine-readable format and to send this to another organisation controlling your personal information.
Right to erasure
You have the right to require us to erase your personal information which we are handling in the following circumstances:
Where we no longer need to use your personal information for the reasons, we told you we collected it for;
where we needed your consent to use your personal information and you have withdrawn your consent;
when you object to our use of your personal information and we have no compelling reason to carry on handling your personal information;
if our handling of your personal information has broken the law; and
when we must erase your personal information to comply with a law, we are subject to.
As a Data controller we shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 and article 18 to each recipient to whom the personal data have been disclosed unless this proves impossible or involves disproportionate effort.
Right to lodge a complaint with a supervisory authority.
You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.
Right to withdraw consent.
In giving consent, participants have the right to withdraw this consent as well as the right not to answer questions. To do this an email will need to be sent to the KM2 Ethical Finance Data protection officer via the email below, who will deal with the request.
Our contact details