Privacy Policy
Karma Technologies International Limited
Protecting personal data is a priority for everyone. This policy tells you the types of information we collect when you visit our website (www.getkarma.co.uk) (“Website”) and/or use our services and applications, how we use that information, and when we may share that information. This policy may change from time to time so please check it every so often.
This Privacy Policy relates to the data we collect from you which includes “personal data” (being any information which identifies a person or which allows that person to be identified when combined with other information) and data which is otherwise recognised as sensitive data.
We are Karma Technologies International Limited of 18 Finsbury Square, London, United Kingdom, EC2A 1AH (“we”, “us”, “our” or “Karma”).
We are the controller of personal data for the purposes of this Privacy Policy.
If you have any questions about this Privacy Policy, including requests to exercise your legal rights, please contact us using the details set out below:
Attn: Chief Risk Officer]
Karma Technologies International Limited 18 Finsbury Square,
London,
United Kingdom, EC2A 1AH
Email: chiefriskofficer@getkarma.co.uk
We collect and use data relevant to your use of our services and applications, and your contact with us via the Website or through other means. In respect of this personal data, we are the Controller.
If you are signing up to use our services, if you are enquiring about using our services or if you are an employer enquiring about our services, it may be necessary for you to provide certain data to us.
The data you provide or may provide is listed below.
If you are passing data to us that belongs to someone else (such as an employer passing employee data) you must ensure you are lawfully permitted to transfer such data to us.
We may collect, use, store and transfer different kinds of personal data as follows:
• Identity Data includes your name, email address, username, title, date of birth, gender, photographic identification or similar identifier.
Photographic identification data is biometric data and is a Special Category of personal data and where we collect this data:
We also collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
Apart from the photographic identification data, we do not collect any Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and
biometric data). Nor do we collect any information about criminal convictions and offences.
We use different methods to collect data from you including as follows:
Enquiring about our services or subscribing to our services
If you contact us to ask about our service or about us generally, either through the Website or otherwise, we will collect and process Identity, Contact and Financial Data.
Signing up for our service
If you sign up for our service and/or download our application, we will collect and process Identity, Contact, Financial, Transaction, Technical, and Profile Data.
Correspondence
If you correspond with us using our contact form or through our ‘contact us’ or help features, we will collect and process Identity and Contact Data.
Browsing
We collect some Technical and Usage Data.
Candidates applying for a role at Karma Technologies International Limited
We will collect your Identity, Contact Data and Profile Data and information relating to your employment history.
We will also collect data about you during telephone calls, in emails, during face to face interviews and from recruitment companies, head-hunters and social sites.
We would always like to keep in touch with excellent candidates regarding any future vacancies and as a result, your consent also includes the ability for Karma Technologies International Limited to retain your personal details.
We will only use your data when the law allows us to. Most commonly, we use it in the following circumstances:
Generally, we only rely on consent as a legal basis for processing your data where we need to obtain the consent to provide you with our services or to send you third party direct marketing communications to via email or text message. You have the right to withdraw your consent at any time.
We have set out below the ways we use data and the legal basis for doing so. We have also identified what our legitimate interest is, where appropriate.
Purpose/Activity Type of Data
Lawful basis for processing including basis of legitimate interest
To register you as a new (a) Identity
(a) Performance of a contract with you
customer
To perform the contract and provide you with services:
(b) Contact
(b) Necessary for our legitimate interest (for running our business and provide you with services)
To process a job application and keep you informed of employment opportunities
To manage our relationship with you which will include:
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of
maintenance, support, reporting and hosting of data)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
To use data analytics to improve the Website, services, applications, marketing, customer relationships and experiences
a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions
Necessary for our legitimate
and recommendations to (c) Technical you about services that
may be of interest to you (d) Usage
(e) Profile
interests (to develop our products/services and grow our business)
We may process data for more than one lawful ground depending on the specific purpose for which we are using data. Please contact us if you want further details about the specific legal ground we are relying on to process your data.
Where we need to collect data by law, or under the terms of a contract and you do not provide that data when requested, we may not be able to perform the contract. In this case, we may have to cancel a service you have with us.
We may share your data within Karma (i.e. our officers, staff and contractors) and with our service providers; for example, to service your requests or provide you with information. We may also share your data if a change happens in our business such as a merger or acquisition. If that happens, the new owners may use your data in the same way as set out in this Privacy Policy.
We may also share your data with service providers who we engage to help us run our business or deliver our services to you.
We may also share your data with our appointed Electronic Money Institution (which is a company registered with the Financial Conduct Authority to process payments) so that you can open a payment account with the Electronic Money Institution which is necessary in order to use our service.
We may also share your data with other organisations or individuals when it is reasonably necessary to:
We will process and store your data on the Website servers, email and other servers and equipment that are needed to provide the services as applicable.
We do not ordinarily transfer your data outside of the European Economic Area except as follows:
Analytics providers
Our service providers, such as Google Analytics (Google Inc. and its affiliates), may process your data in the course of providing analytical information to us about the use of the Website. These service providers may collect and/or transfer your data outside of the European Economic Area.
For more information on how Google Analytics processes your data you can visit here: https://support.google.com/analytics/answer/6004245?hl=en-GB
Technical support
Sometimes we need to engage the assistance of our affiliated companies to provide technical support for your use of our service. The individuals providing the support may be based outside of the European Economic Area and will only have access to your data when they need to in order to provide support.
Whenever we transfer data out of the EEA or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
We will not keep your data longer than reasonably necessary to fulfil the purposes described in this Privacy Policy or as we reasonably need to in order to meet our legal and governance obligations.
If you provide your contact details, we might contact you individually in the future if we think that our services may be of interest to you.
If we think it appropriate, we might also add you to our regular email marketing list.
You can ask us to remove your personal details from our marketing lists using the contact details listed at the top of this Privacy Policy.
We have put in place appropriate security measures to prevent data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to data to those of our staff and other third parties who have a business need to know. They will only process data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of any breach where we are legally required to do so.
We will retain data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of data, the purposes for which we process data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For example, if you are a customer, we will generally keep your data for the longer of six years from the date of the last interaction with you or until the applicable statutory limitations period has expired.
We regularly review the data we hold taking into account the lawful purpose for which we hold it and any data that is deemed no-longer relevant or required is deleted where it is practicable to do so.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
applies to personal data processed by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.