PRIVACY POLICY

At KAMAKSHE FASTENERS AND TOOLS LIMITED (“KAF LTD.”), protecting your privacy is very important to us. Our goal is to treat the personal information you provide to us with the utmost respect, and in accordance with this Privacy Policy. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read this privacy policy carefully so you can understand our views and practices regarding your personal data and how we will treat it.

By accessing, using and/or downloading materials from or sending or posting materials to, our Website or any other KAF LTD. owned Site including via email, you agree on your own behalf and on behalf of each entity on whose behalf you act, to the terms of this Privacy Policy and to the practices for the collection, use or disclosure of your personal information as described here.

Please note that our Website is also governed by the Terms and Conditions of Use. We urge you to review the Terms and Conditions of Use before proceeding further on our Website.

Identity and contact details of the Controller

KAMAKSHE FASTENERS AND TOOLS LIMITED, also trading as KAF LTD. (“KAF LTD.”/”we”, “us”, “our”) a company registered in England and Wales (Registration number 12068809) and whose registered address is International House, 142 Cromwell Road, London, SW7 4EF is registered as a data controller in the United Kingdom for the purposes of the Data Protection Act 1998 or any subsequent UK legislation resulting from EU General Data Protection Regulations (GDPR). Our nominated representative is our Compliance Officer.

Who we are and what we do?

KAF LTD. is a business engaged in import, export and supply to/from UK industrial tools, fasteners and fixings We collect the personal data from the following types of people to allow us to undertake our business;

  • Prospective and live client contacts (including referee contacts provided by suppliers);
  • Supplier contacts to support our services;
  • Employees, consultants, temporary workers and contractors;

You may have filled our contact form, emailed us directly, left your details at a networking event, conference or a trade show or agreed for your data to be publicly visible business listing either online or in print. We are able to process your data if we have a legal basis for doing so. There are six legal bases for processing data but we will rely on (1) your consent to send direct marketing messages about services other than our sales of industrial tools, fastners and fixings, (2) that the processing is necessary for the performance of a contract with you, or (3) that we have a legitimate interest in processing your personal data.

We collect information about you to carry out our core business and ancillary activities.

Purposes for which Personal data is collected, processed, used and disclosed by us

KAF LTD. may receive or collect your personal data including but not limited to:
your name and contact details (i.e. address, and mobile numbers, e-mail address), age, date of birth, financial information, and any other relevant information.

We may collect this information from you (for example, by filing in forms or by corresponding with us by phone, email or otherwise), your referees (details of whom you will have provided), relevant professional body, the Disclosure and, credit reference agencies or other third party who we work with, such as LinkedIn

Where we have obtained your personal data from a third party such as an online listing, it is our policy to advise you of the source when we first communicate with you.

You can visit our Website without telling us who you are or revealing any information about yourself, including your email address. In this case, our Web server may collect the name, address, the IP address and domain you used to access our Website, the type and version of browser and operating system you are using, and the web site you came from and visit next.

This information is held, processed, used and disclosed by us as follows:

The processing of your personal information may include:

  • To provide our services to you
  • Collecting and storing your personal data, whether in manual or electronic files
  • Notifying you of potential new products or service offerings
  • Assessing and reviewing suitability of your requirements
  • Collating market or sector specific information and providing the same to our Clients
  • Sending information to third parties with whom we have or intend to enter into arrangements which are related to our Services
  • Providing information to regulatory authorities or statutory bodies, and our legal or other professional advisers including insurers
  • To market our Products and Services
  • Retaining a record of our dealings
  • Establishing quality, training and compliance with our obligations and best practice

 Other uses we will make of your data:

  • Use of our website;
  • Notify you about changes to our service;
  • Ensure that content from our site is presented in the most effective manner for you and for your computer.

We will use this information for:

  • Site administration including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • Site Improvements including ensuring that content is presented in the most effective manner for you and for your computer;
  • Informing producers and developers to determine new features, content and services
  • Allowing you to participate in interactive features of our service, when you choose to do so;
  • Site security to ensure we keep our site safe and secure;
  • Measuring or understanding the effectiveness of advertising we undertake and to deliver relevant advertising to you;
  • Making suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process.

 Cookies

The Internet pages of KAF Ltd. use cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified using the unique cookie ID.

Using cookies, KAF Ltd. can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimised with the user in mind. Cookies allow us, as previously mentioned, to recognise our website users. The purpose of this recognition is to make it easier for users to utilise our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

Purposes of the processing and the legal basis for the processing

Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.

We will rely on contract if we are negotiating or have entered into an agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.

We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations.

We will in some circumstances rely on consent for uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce you to a client (if you are a supplier).

Where we provide you with products or service, the provision of personal data is a statutory requirement and a requirement necessary to enter into a contract with us. You will be obliged under these circumstances to provide us with such personal data.

We may not be able to enter into a contract with you if the information is not provided to us. Where you have entered into a contract with us and you refuse to provide any information required under the contract or by law, we reserve the right to terminate our business relationship with you. Where applicable, we may refer your refusal to the relevant statutory authority requesting such information.

Collection of general data and information

The website of KAF Ltd. and associated websites collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, KAF Ltd. does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimise the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, KAF Ltd. analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Registration on our website                       

The data subject has the possibility to register on the website of the controller with the indication of personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration? The personal data entered by the data subject are collected and stored exclusively for internal use by the controller, and for his own purposes. The controller may request transfer to one or more processors (e.g. a parcel service) that also uses personal data for an internal purpose which is attributable to the controller.

By registering on the website of the controller, the IP address—assigned by the Internet service provider (ISP) and used by the data subject—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.

The data controller shall, at any time, provide information upon request to each data subject as to what personal data are stored about the data subject. In addition, the data controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations. A Data Protection Officer particularly designated in this data protection declaration, as well as the entirety of the controller’s employees are available to the data subject in this respect as contact persons.

Consent

Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this processing at any time.

What if we obtain your personal data from a third party?

Part of our business activity involves researching information relating to individuals for the purposes of sales. This may include obtaining personal data from online sources, for example we may obtain information from social media sites such as LinkedIn and trade sites, some information being publicly available but others being from sites or providers to which we subscribe. From time to time we may also receive personal information about you from lead generating organisations, colleagues and former employers, or from persons for whom you have provided services or been otherwise engaged.

Where information from third party sources is of no use to us, or where you have notified us that you do not want us to provide you with services, we shall discard it. However, we may maintain a limited record in order to avoid the duplication of process. Where we consider that information may be of use to us in pursuance of the provision of our Services, any processing will be in accordance with this Privacy Notice. You do have the right to object to processing, please see Section ‘Your rights’.

How long we keep your data

We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention notice [and run data routines to remove data that we no longer have a legitimate business interest in maintaining.]

We will only hold your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of complying with applicable legal or reporting requirements, our contractual obligations or our legitimate interests as a controller.

Some categories of personal data we hold will need to be retained for longer than others. To determine the appropriate retention period for personal data, we consider:

  • the amount, nature and sensitivity of the personal data,
  • the potential risk of harm from unauthorised use or disclosure of personal data,
  • the purpose for which they are processed
  • the applicable legal requirements and our contractual obligations.

Other personal data will be held for no longer than is necessary to protect our legitimate interest as a controller.

In some circumstances we may annonymise personal data so that it can no longer be associated to you, in which case we may use such information without further notice to you.

How do you access and update your personal information?

Personal information that you input into our Website is located on a server(s) operated by Zoho. KAF LTD. provides you with the means to access, update, edit or delete the Registration Information and other personal information you have provided to us at any time on your own by going to your user account and changing or deleting your Registration Information and other personal information as desired. If you decide at any time that you do not want to receive any updates you have subscribed for, just send an email message to kaf.sales@kaf.ltd indicating your preference not to receive updates.

Personal information that you input into our Website or we obtain from elsewhere is also stored in our Customer Relationship Management system, Zoho, and is located on a server(s) hosted by Amazon Web Services. If you are unsure whether we have a record containing your personal information and would like to confirm whether or not we do, please send an email to kaf.sales@kaf.ltd indicating all email addresses which you may have given us.

How is your personal information secured and protected?

Where KAF LTD. considers it appropriate, KAF LTD. uses encryption and/or authentication tools among other methods to protect certain web-based personal information or information stored on other Sites. E-mails you send us are not necessarily secure when they are transmitted to us. If your communication is sensitive or includes confidential information such as a credit card number, you may want to provide it by post or via the telephone instead.

We instruct our employees with access to your personal information that it is to be used only in adherence with the principles set forth in this Privacy Policy and the laws applicable to each specific business. The only employees who have access to your personal information are administrative personnel. Employees who misuse customer personal information may be subject to disciplinary action.

Your rights

You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to accept or prevent such processing by checking certain boxes on our website, responding to Unsubscribe links on our communications or on the forms we use to collect your data. You can also exercise the right at any time by contacting us at kaf.sales@kaf.ltd.

Rights of the data subject

  1. a) Right of confirmation

Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.

  1. b) Right of access

Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
  • Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may at any time contact our Data Protection Officer or another employee of the controller.

  1. c) Right to rectification

Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Considering the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.

  1. d) Right to erasure (Right to be forgotten)

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

  • The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  • The personal data have been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by KAF Ltd, he or she may at any time contact our Data Protection Officer or another employee of the controller at kaf.sales@kaf.ltd. The Data Protection Officer of KAF Ltd. or another employee shall promptly ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. The Data Protection Officer of KAF Ltd. or another employee will arrange the necessary measures in individual cases.

  1. e) Right of restriction of processing

Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by KAF Ltd., he or she may at any time contact our Data Protection Officer or another employee of the controller. The Data Protection Officer of KAF Ltd. or another employee will arrange the restriction of the processing.

  1. f) Right to data portability

Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact the Data Protection Officer designated by KAF Ltd. or another employee.

  1. g) Right to object

Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

KAF Ltd. shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If KAF Ltd. processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to KAF Ltd. to the processing for direct marketing purposes, KAF Ltd. will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by KAF Ltd. for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may directly contact the Data Protection Officer of KAF Ltd. or another employee. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

  1. h) Automated individual decision-making, including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, KAF Ltd. shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may at any time directly contact our Data Protection Officer of KAF Ltd. or another employee of the controller.

  1. i) Right to withdraw data protection consent

Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may at any time directly contact our Data Protection Officer of KAF Ltd. or another employee of the controller.

 Unsubscribing

In endeavouring to keep you informed about the employment market and opportunities, KAF LTD. carefully selects what we send to you based on the information we hold about you. We would be most grateful if you could update us with changes in your circumstances so that we can avoid sending to your unsuitable information.

If you do not wish to receive any such information you can unsubscribe by clicking the link at the bottom of the communication or by emailing kaf.sales@kaf.ltd

GDPR provides you with the following rights to:

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party in certain formats, if practicable.

Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link.

Account Removal

If you wish to remove your personal information from any of our other Sites including our Customer Relationship Management system, then please send an email to kaf.sales@kaf.ltd

Access to Information

The Data Protection Act 1998 and the GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete.

Your right of access can be exercised in accordance with the Act (and the GDPR once it is in force).

A subject access request should be submitted to: –

The Compliance Officer,

KAMAKSHE FASTENERS AND TOOLS LIMITED

International House,

142 Cromwell Road,

London, SW7 4EF

What if we change our Privacy Policy?

KAF LTD. reserves the right to modify or supplement this Privacy Policy statement at any time. If we make any material change to this Privacy Policy, we will update our Website to include such changes and post a notice on our home page, for a period of 30 days, with a link to the updated Privacy Policy. Please read any such notice and the new policy statement. If you return to our Website after a period of more than 30 days, please check this Privacy Policy to confirm that you are aware of the details of the most recent update. Please look at the bottom of this Privacy Policy to check the date that it was updated and to confirm that you are familiar with the terms of the most recent update. Your continued use of our Website or engagement with us after we post such notice will constitute your acceptance of the new terms and their application to your engagement with us and the personal information disclosed for such use, including personal information previously furnished us, as if they were the initial terms, and your consent to the use of your personal information as described in this privacy policy.

We will also attach a link to our updated Privacy Policy on all communications with you. If you object to the revised Privacy Policy, please contact us at kaf.sales@kaf.ltd and you can withdraw your consent for us to process your personal information. We will seek your consent if we want to use your personal information for purposes other than those you have agreed to previously.

What if I do not agree with this Privacy Policy?

If you do not agree to our processing of your data in the manner outlined in the Policy, please do not submit any personal data to us and advise us of your wishes.

 Contact

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to: –

The Compliance Officer,

KAMAKSHE FASTENERS AND TOOLS LIMITED

International House,

142 Cromwell Road

London, SW7 4EF