Khan Thornton's Privacy Policy

Khan Thornton are committed to keeping personal data safe and protected.

This is a copy of our Privacy Policy which explains how we collect and process your personal information, as well as inform you of your privacy rights. This policy complies with the Data Protection Act (2018) and the EU's General Data Protection Regulation (GDPR). Both came into effect on 25 May 2018.

It is important that the personal data we hold about you is accurate and current. Please keep us informed of any relevant changes to your personal information during your relationship with us.

Please take a few minutes to read this privacy policy. It is important that you are fully aware of how and why we are using your data. This version was last updated 25/09/2019. We will inform you of any future changes to our privacy policy on our website: www.khan-thornton.co.uk

If you have any queries, complaints or requests to exercise your legal rights, please contact our Data Protection Officer, Dino Khan. You have the right to make a complaint about us to the Information Commissioner's Office (ICO). The ICO is the UK supervisory authority for data protection issues. www.ico.org.uk We would however, appreciate the chance to deal with your concerns before you approach the ICO.

Summary of Contents

  1. Who are we?
  2. Glossary of Terms
  3. What information do we hold?
  4. Where do we get our information from?
  5. How do we use your information?
  6. Using your information in accordance with data protection laws
  7. How long do we keep your information for?
  8. Who do we share your personal information with?
  9. Fraud Prevention
  10. Keeping your data secure
  11. Transferring your data outside the EU
  12. Your Rights
  13. Contacts and Complaints
  14. Data Protection Officer
  15. Visitors to our website
  16. Visitors to our office
  17. Changes to our Privacy Policy

Who are we?

Khan Thornton Limited (Company number 08471767) is a data controller in relation to the processing of personal information that you provide to us when you use our services.

Our registered office is Khan Thornton, 14-18 Heralds Way, South Woodham Ferrers, Chelmsford, Essex, CM3 5TQ.

[Back to Contents]

Glossary of Terms

What is personal information?
Personal information is defined as any information that can be used to identify a natural, living person.
What is sensitive personal data?
Sensitive personal information is special categories of personal data such as medical conditions, genetic data and biometric data.
What is a data controller?
A data controller determines the purposes and means of processing personal data.
What is a data processor?
A data processor is responsible for processing personal data on behalf of a controller.
Data Subject
A data subject is a natural person.
Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, analysis, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third Party
Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under direct authority of the controller or processor, are authorised to process personal data.

[Back to Contents]

What information do we hold?

Khan Thornton may hold the following types of information about you:

Type of DataDescriptionExamples of how we use it
Identity Data
  • First Name
  • Last Name
  • Providing our service to you
  • Enhancing our product and service offering
Contact DataContact Information such as:
  • Home address
  • Business address
  • Email address
  • Telephone number
  • Providing our service to you
  • Enhancing our product and service offering
Personal Details
  • Date of birth
  • Bank Details
  • Financial Details
  • Family, lifestyle and social circumstances e.g. the number of dependents
Providing our service to you
Professional DataInformation we may collect in the course of providing our service to you:
  • Salary rate/ scale/ annual salary
  • Pension Provider
  • Details of income
  • Employment details
Providing our service to you
Open data and Public Records
  • Electoral register
  • Companies House
  • Other information that is openly available on the Internet
Providing our service to you
Documentary Data and National IdentifiersDetails about you stored in documents such as:
  • Your passport
  • Driving Licence
  • Birth Certificate
  • National Insurance number
  • Prevent financial crime
  • Verification of identity/ fraud prevention- legal obligation

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

[Back to Contents]

Where do we get our information from?

We receive information directly from you when you fill in forms or contact us by phone, email, post, etc.

Information we collect about you or receive from other sources: This could be information you provide to us electronically (through an online portal, for example), information from a third party or from publicly available sources such as the electoral register and Companies House. We may also receive information from third parties nominated by yourselves (IFA's and banks).

[Back to Contents]

How do we use your information?

We use personal information we hold about you:

When you apply for a product or to receive a service from us, the application forms you fill out or the resulting contract may contain additional clauses relating to the way we use and process your personal information. These will apply in addition to the above uses.

We do not use any form of automated decision making in our business.

[Back to Contents]

Using your information in accordance with data protection laws

Data Protection Laws require us to meet certain conditions before we're allowed to use your personal information in the way we describe in this privacy policy. Khan Thornton take these responsibilities very seriously.

When processing personal data, the reason for processing must fall into one of these legal bases:

  1. The person gave explicit consent
  2. To fulfil or prepare a contract
  3. A legal obligation (excluding a contract)
  4. To save someone's life or in a medical situation
  5. To carry out a public function
  6. Some other legitimate reason

[Back to Contents]

How long do we keep your information for?

We will keep your personal information in accordance with our internal data retention policies. We'll determine the length of time we keep it based on the minimum retention periods required by law or regulation. We'll only keep your personal data after this period if there is a legitimate and provable business reason to do so. Please contact our Data Protection Office, Dino Khan, if you would like further information on our Data Retention Policy.

[Back to Contents]

Who do we share your personal information with?

Khan Thornton only shares your personal information with:

We will not share your information with third parties for marketing purposes.

[Back to Contents]

Fraud Prevention

Khan Thornton may check your details with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details will be passed along to fraud prevention agencies. Law enforcement agencies may access and use this information. We may also share information about you with other organisations and public bodies, including the police, and we may check and/or file your details with fraud prevention agencies and databases.

Khan Thornton and other organisations may access and use this information to prevent fraud and money laundering and terrorist financing. Khan Thornton may also check the details of other parties relating to your contract, including verification of identity.

[Back to Contents]

Keeping your data secure

All reasonable and necessary steps are taken to ensure your data is treated in accordance with this privacy policy. Khan Thornton have in place appropriate security measures to prevent your personal data from being accidently lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, contractors and other third parties who need to know. They will only process your information on our instructions and they are subject to a duty of confidentiality.

Unfortunately sending information electronically is not completely secure. Anything you send is done so at your own risk.

There is also an inherent risk involved when sending personal information through the post. Anything you send is done so at your own risk.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. If you do not think that any part of our process is not secure, please contact our Data Protection Officer, Dino Khan.

[Back to Contents]

Transferring your data outside the EU

The data that we collect from you will largely not be transferred to or stored at a destination outside the European Economic Area. Some of our third-party suppliers may be located or store information outside the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.

The data that we collect from you will largely not be transferred to or stored at a destination outside the European Economic Area. Some of our third-party suppliers may be located or store information outside the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.

If you use our services while you are outside of the EU, your information may be transferred outside the EU to give you those services.

[Back to Contents]

Your rights

The new data protection regulations provide the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

Individuals can make a request regarding their rights verbally or in writing. We have one month to respond to such a request.

This means that you have the right to be informed about the collection and use of your personal data and you have the right to access it. This is commonly referred to as subject access.

You have the right to make us correct any inaccurate information we hold about you or complete it if it is incomplete. This right has close links to the accuracy principle of the GDPR. You also have the right to make us erase any personal data we hold about you. This right will only apply where, for example:

You have the right to restrict our processing of your personal information. This right will only apply where for example:

You have the right to obtain and obtain and reuse your personal data for your own purposes across different services. This right only applies to information you provided to us. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.

You have the right to withdraw consent, where we're relying on it to use your personal data, for example, to provide you with marketing information about our services or products.

Solely automated individual decision-making, including profiling with legal or similarly significant effects is restricted under GDPR. Automated individual decision-making is a decision made by automated means without any human involvement. We do not use any form of automated decision making in our business.

If you wish to exercise any of these rights, please contact our Data Protection Officer. Contact details can be found in the Data Protection Officer section of this privacy policy.

More information on these rights can be found on the Information Commissioner's Office (ICO) website: www.ico.org.uk

[Back to Contents]

Contacts and Complaints

If you have any questions regarding to this Privacy Policy, a complaint, or wish to exercise your Data Protection rights, please contact our Data Protection Officer, Dino Khan, at dino.khan@khanthornton.co.uk.

If you have any concerns with how we process your personal data or are not happy with the way we have handled a request made by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office (ICO).

www.ico.org.uk

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
England
SK9 5AF

0303 123 1113

[Back to Contents]

Data Protection Officer

Khan Thornton Limited has appointed a Data Protection Officer to answer your queries regarding Data Protection and to monitor our compliance with data protection laws:

Dino Khan

dino.khan@khanthornton.co.uk

Khan Thornton Limited
14-18 Heralds Way
South Woodham Ferrers
Chelmsford
Essex
CM3 5TQ

[Back to Contents]

Visitors to our website

When you visit our website (khan-thornton.co.uk) we may collect standard information and details of visitor behaviour patterns. This information is only processed in a way that does not identify anyone.

Messages & Contact Forms

When visitors send messages through the site we collect the data shown in the comments form, and also the visitor's IP address and browser user agent string to help spam detection.

Cookies

By using or accessing Khan Thornton's website, you agree to Khan Thornton's use of Cookies as outlined below.

"Cookies" are text-only pieces of information that a website transfers to an individual's hard drive or other website-browsing equipment for record-keeping purposes. Cookies allow the site to remember important information that will make your use of the site more convenient. A cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie, and a randomly generated unique number or other value.

Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave the site.

Persistent Cookies remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie). When we use session cookies to track the total number of visitors to our site, this is done on an anonymous aggregate basis (as cookies do not in themselves carry any personal data). We may also employ cookies so that we remember your computer when it is used to return to the site to help customize your Khan Thornton web experience. We may associate personal information with a cookie file in those instances.

How We Use Cookies

We use cookies, web beacons, and other storage technologies from our third-party partners, Google, for measurement services, better targeting ads, and for marketing purposes.

Managing cookies in your browser

Use the options in your web browser if you do not wish to receive a cookie or if you wish to set your browser to notify you when you receive a cookie. You can easily delete and manage any cookies that have been installed in the cookie folder of your browser by following the instructions provided by your particular browser manufacturer.

If your browser is not listed here, consult the documentation that your particular browser manufacturer provides. You may also consult your mobile device documentation for information on how to disable cookies on your mobile device. If you disable all cookies, you may not be able to take advantage of all the features of this site. Please note that if you have not cleared your cookies or cache, the contents of which may affect autofill functions on the Khan Thornton site and you are responsible for any such actions.

To opt out of the collection and use of information for ad targeting please feel free to exercise your rights by contacting our Data Protection Officer.

Khan Thornton uses the AdWords and Remarketing Lists features of Google Analytics for Display Advertisers. Khan Thornton and Google use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on your past visits to our Site. This means that vendors including Google may display Khan Thornton promotional material on other sites you visit across the Internet.

You may opt-out of Google Analytics for Display Advertisers including AdWords and opt-out of customized Google Display Network ads by visiting the Google Ads Preferences Manager. To provide website visitors more choice on how their data is collected by Google Analytics, Google has developed an Opt-out Browser add-on, which is available by visiting Google Analytics Opt-out Browser Add-on, to enable you to opt-out of Google’s programs. To opt out of the collection and use of information for ad targeting please feel free to exercise your rights by contacting contacting our Data Protection Officer.

The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. We are processing information for our legitimate interests.

[Back to Contents]

Visitors to our office

When you visit our office we ask all visitors to sign in and out, and show a form of ID if necessary. The ID is for verification purposes only; we do not record this information.

Any closed-circuit television (CCTV) which operates outside the building for security purposes is not operated by us, so we are not the controller. It will be under the control of the The Eatery.

The purpose for processing this information is for security and safety reasons. The legal basis we rely on is for the purpose of our legitimate interests.

[Back to Contents]

Changes to our Privacy Policy

We keep our Privacy Policy under regular review. This version of the Privacy Policy was last updated on 25/09/2019 in line with new GDPR guidelines. You will be made of any changes we make to our Privacy Policy in the future.

[Back to Contents]