Privacy Policy

Who we are

This is the Privacy Policy of Kolleno Limited, a company registered in England and Wales under company number 12755717. References to “Kolleno”, “we”, “us” or “our” refer to Kolleno Limited.

We are committed to protecting any data that we collect concerning you and processing it only in ways which comply with the Data Protection Act 1998 (and any replacement legislation) (“the DPA”, for short) and the European Union’s General Data Protection Regulation (“the GDPR”).

This Privacy (“Policy”) explains what personal data we collect about you, how we will tell you about the data we collect and what we do with it and explains the legal basis on which we process your personal data under the GDPR.

Please contact us if you have any questions about this Policy or wish to exercise your legal rights under the GDPR at hello@kolleno.com

Information we collect

We may collect, use, store and transfer different kinds of Personal Data about you to meet our legal, statutory and contractual obligations. The Personal Data we collect will depend on the relationship you have with Kolleno Limited.

If you are:

An employee of Kolleno Limited, someone working with us under a contract for services, or someone who applies for employment or work with us, we will collect the following information on you:

– Identity Data including first name, last name, title, date of birth, job title, role or similar identifier, and gender, as well as proof of identity, proof of address and your right to work in the UK.

–  Contact Data which may include your address, email address and telephone numbers, and contact details for your next of kin.

– Financial and payroll/tax Data to provide pay, benefits and conduct other financial transactions with you.

A business contact, including persons who supply us with goods or services and any contacts at a company or other organisation which does so we may collect the following types of data on you:

– Identity Data includes first name, last name, title, job title, role or similar identifier, and gender.

– Contact Data includes your work address, email address and telephone numbers.

– Financial Data if we supply or purchase goods and services to or from you, we may record and retain details of those transactions and any Personal Data associated with them.

A client or potential client, being a company or other organisation who has approached us in order to instruct or potentially instruct our services:

– Identity Data includes first name, last name, title, job title, role or similar identifier.

– Contact Data includes your work address, email address and telephone numbers.

–  Financial Data relevant to your service requirements including banking details.

– Or any other data that we may require in order to meet our contractual obligations.

A potential client whom we wish to approach to discuss our services:

– Identity Data includes first name, last name, title, job title, role or similar identifier.

– Contact Data includes your work address, email address and telephone numbers.

– Financial Data such as company turnover.

A customer of our client, including persons who we have identified or been notified as customers for our client and any contacts at a company or other organisation which has similarly been identified we may collect the following types of data on you:

– Identity Data includes first name, last name, title, gender, date of birth.

– Contact Data includes your trading or and residential addresses, email address and telephone numbers.

– Financial Data to provide our ledger analysis and collecting services to our clients and includes management and other accounts, contracts for sale of goods and services, all information concerning debts owed to or by your organisation and any other financial data relevant to our services.

– Any other data relevant to our services such as details of your health, family or social circumstances or other information.

Under the GDPR, we’re required to ensure any personal data we hold is accurate and, where necessary, kept up to date, but also that we keep it no longer than is necessary for the purposes we use it for. We may also be required by law to retain certain types of data for a longer period.

If you fail to provide Personal Data

Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested:

– We may not be able to agree, enter in to or perform a contract we have or are trying to enter into with you or a person or organisation associated with you.

– If you are an employee, contractor or applicant for a position with us, we may not be able to consider your application, provide you with pay or benefits, or administer a contract for services or contract of employment with you.

– We may not be able to fulfil our legal obligations in respect of you, your organisation or as required under relevant law, and we may have to take steps to protect our legal position (for example, under anti money-laundering or anti-bribery laws), which may also affect our ability to do business with you or your organisation.

Our use of Data

We will only use your personal data when the law allows us to. Most commonly, we will use, analyse and assess your personal data in the following circumstances:

– To provide you with information, products or services that you ask for;

– To perform our legal obligations and to fulfil our contractual obligations;

– To let you know about other products and services that we think you might be interested in;

– To make financial risk assessment, prevent money laundering, fraud or other wrongdoing;

– To identify you as a potential client;

– To recover monies due;

– Protecting our interests (including the provision of the information to third parties retained by us for them to conduct their services for us);

– To enter into or negotiate contracts, or to fulfil our legal and regulatory obligations

– We securely archive data after your account closure in accordance with the legal basis of legitimate interest and recognise that is in our interest to identify and manage risks to our and our clients’ organization.

In obtaining or storing information about you we may:

– Store and process information about you including on our computers and in any other way;

– Search your record at a credit reference or fraud prevention agency of our choice. Details of our searches may be kept by such agency and may be seen by other organisations that makes searches with the agency;

– Monitor and/ or record telephone conversations with you for training and/ or security purposes and to demonstrate our compliance with our legal obligations (including under the GDPR);

– Approach you for market research or direct marketing purposes;

– Seek and record any further information that we may require from any source, including banks for any of the purposes set out above;

– Transfer such of the information that we may have to other organisations for the purposes of debt recovery and credit referencing.

If you do not want your data to be used by us or selected third parties for marketing purposes, please ensure that you select the appropriate option on any of our online forms. You can also notify us at any time if you do not wish your data to be used in this way.

Our Legal Basis for Data Processing

Kolleno Limited is a data controller working on its own behalf and on behalf of its clients. We collect and process information based upon our Legitimate Interests, which is to promote and support our business and to fulfil our contractual obligations in delivering our services.

In line with ICO recommendations, Kolleno has conducted a Legitimate Interests Assessment. When processing your personal information, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your Personal Data for activities where our interests are overridden by the impact on you.

Legitimate Interests

We occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a Legitimate Interests’ Assessment (LIA) to ensure that your interests and any risk posed to you against our interests are proportionate and appropriate.

Based upon our segmentation by organisation, turnover and specific job function, coupled with our processing of personal data within the context of a business environment, we believe that any individual that receives correspondence from Us in direct marketing or a sales capacity could be legitimately interested in our services.  We deem that direct marketing and sales are necessary in the context of promoting our business to professionals to increase awareness of our solution in the marketplace.

Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice, or where there is a legal requirement.

Consequences of Not Providing Your Data

You are not obligated to provide your personal information to us. however, we need this information to provide you with details of our services and will not be able to offer some/all our services without it.

How Long We Keep Your Data

We retain personal information for a maximum period of 6 years and we have strict review and retention policies in place to meet these obligations.

Data Sourcing

We collect two types of information from site users and other people we contact in the course of our business: statistical data (e.g. how many users use the site, and which pages they view); and Personal Data.

–  Statistical data

The statistical data we capture includes your IP address as you browse the site. This is purely for website statistics, recording the number of users to the site and which pages they visit. This information does not tell us who you are, and we only use this to monitor the effectiveness of the site.

– Personal data

Personal data is obtained from a variety of sources, depending upon the agreement with our client.

In some instances, data will have been provided by our client. Additionally, we source or purchase data from GDPR compliant data providers and online resources in the public domain.

We may receive Personal Data about you from various third parties and public sources including public registers, credit reference agencies and public bodies or authorities.

We also obtain personal data through offline methods, either directly (for instance, over the telephone or when you consent to your data being passed to our client to access their goods or services) or indirectly (for instance, from your colleagues when they advise you’re the most appropriate contact).

Personal data is only captured online when you provide it, such as but not limited to when you fill in a contact form, subscribe to our email service, download a resource or enter a competition, for example.

Data Sharing

We may share your Personal Data with the parties set out below for the purposes set out above.

– The client we are working on behalf of;

– Professional advisers acting as processors or joint controllers including lawyers, insurers and accountants based in the EEA and outside of it who provide consultancy, legal, insurance and accounting services to Us;

– Legal Firms and Debt Collection Agencies and credit reference agencies which may be used to continue or inform the recovery procedure of our clients’ debts.

– HM Revenue & Customs, regulators and other authorities based in the United Kingdom;

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

Your email address will never be made available to another organisation for marketing purposes without your explicit consent. We also have the right to share your details in the event the sharing of such information is necessary for the performance of a contract with you.

We will always maintain control over the confidentiality of your information. However, we can

disclose your information to authorised parties if we are required to by law.

All personal data is stored and processed within the EU, with the exception of the following data processors we work with. Where this is the case, this data transfer is GDPR compliant.

Data Accuracy

Core to our service is ensuring the data we are working with is up to date and accurate. We may do this ourselves or may engage a third-party service provider to do so. Third party service providers may compare your data to publicly available information or to information they lawfully hold or obtain about you and may analyse or provide this data to us to help us in the conduct of our business. We will ensure that any service provider only processes your information in a way that complies with the law.

However, if you believe that the data we hold for you is incorrect, please contact us.

Your Legal Rights

Data Protection Law gives you certain rights in relation to your Personal Data held by us. These rights are  summarised below.

  1. Right to be informed

You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with. We do this in our privacy policy and any additional notices.

Right to access information

Under the DPA and GDPR, you have a right of access to information we hold on our records about you. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR). Please contact us via email to request access.

Right to object

You have the right to object to any processing we undertake where we are relying on our legitimate interests (or those of a third party) as the legal basis for our use of your data, on grounds related to your own personal situation.

Likewise, you have a right to tell us not to process your personal data for direct marketing purposes. We will give you the option to refuse marketing when we collect your details. You can also exercise this right at any time by unsubscribing from any marketing email which we send to you.

  1. Right to withdraw consent

If you have given us your consent, you can withdraw that consent at any time. Please contact us if you want to do so. If you withdraw your consent, we may not be able to provide certain services to you. If this is the case, we will tell you.

  1. Right to rectification

If your personal information is inaccurate or incomplete, you can request that it is corrected.

Right to erasure

This is also known as “the right to be forgotten” and this means that you can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent (where applicable), or where we have no lawful basis for keeping it or otherwise using it. There are limited exceptions, for example where we need to use the information to bring or defend a legal claim.

Right to request restriction

You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.

Right to data portability

You can ask us to provide you or a third party with some of the personal data that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred. This is limited to personal data you have provided.

Should you wish to make a complaint over our use of your personal data at any time, you can do so by contacting us via email.

Data Security

We take appropriate technical and organisational security measures to ensure any information you provide to us is stored securely and confidentially and is not processed except in accordance with the GDPR and the DPA. However, we cannot guarantee the security of any information disclosed online, including the possibility that another person or organisation may monitor, intercept or obtain your information other than from us. By using our website, you accept the security implications of providing information over the internet and agree not to hold us responsible for any harm arising from those risks, unless we have been proved to be negligent.

Updates to this Policy

We reserve the right to update our Privacy Policy at any time. We will take reasonable steps to draw your attention to any changes in our Policy. We suggest that you read this document from time to time to ensure that it still meets with your approval. Should you disagree with any changes made, you may withdraw your consent at any time using the methods outlined above.