Who we are
Data Controller and contact information
KRE (North) Limited is registered in England and Wales (number 15641592) whose registered office is Unit 8, The Aquarium, 1-7 King Street, Reading, Berkshire RG1 2AN.
KRE (North) Limited is registered as a Data Controller at the Information Commissioner’s Office under registration number ZB715919.
Our Processing Activities
To find the relevant sections of this policy please use the link below:
- Clients (including individuals associated with businesses)
- Data retention
- Vendors and Suppliers (including individuals associated with those businesses)
- Business Contacts (marketing)
- Recruitment applications and employees
- Visitors to our website (including terms and conditions)
- Cookie policy
- Security
- Individual Rights
- Contact Us
Changes to this Privacy Policy
We may change this privacy policy from time to time by updating this webpage.
This policy is regularly reviewed and was last reviewed and / or updated on 24 July 2024.
Use of personal data
We use personal data for the following purposes:
- Providing professional services. Our services often require us to process personal data in order to provide advice and deliverables;
- Administering, managing and developing our businesses and services;
- In order to operate our business, including:
- managing our relationship with clients;
- developing our businesses and services;
- maintaining and using IT systems;
- hosting or facilitating the hosting of events; and
- Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threat;
- We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file;
- We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client;
- Unless we are asked not to, we use client business contact details to provide information that we think will be of interest about us and our services. Examples include industry updates and insights, information on other services that may be relevant, and invitations to events; and
- As a professional services firm, we and our personnel are subject to legal, regulatory and professional obligations. We maintain certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
We are committed to protecting and respecting your privacy.
This policy explains what personal information we may collect from you and how we will use it. Information that we may collect, how we will use it and why
We may also collect and process personal information about you as follows:
- If you contact us with a prospective business opportunity enquiry, we will use the information provided to deal with that enquiry, on the basis that we have a legitimate interest to do so (e.g. to follow up prospective business opportunities as well as for ancillary record keeping and internal management purposes).
- If you contact us by any other means (e.g. email or telephone), we may keep a record of that contact and the information you provide at that time. Information which we collect under these circumstances will be used to follow up prospective business opportunities or to perform our contractual obligations in accordance with our contract with you.
- If you contact us to make a complaint, we will use the information provided to respond to the complaint, on the basis that we have a legitimate interest to do so (e.g. to enable us to ensure that you are satisfied with our services and to ensure that our business remains competitive in the market).
- If you ask to be added to our contacts database or sale of business flyers database, we will collect your name, the name of your company/organisation (if any), email address and your preferences as to the types of marketing information you would like to receive from us. We will use your details on the basis of your consent to send marketing information to you in accordance with your stated preferences (as you may update them from time to time).
Clients (including individuals associated with businesses)
Collection of personal data
Given the diversity of the services we provide to clients, we process a range of personal data, including:
- Contact details;
- Business activities;
- Information about management and employees;
- Payroll and other financial-related details.
Where we need to process personal data to provide professional services, our clients are responsible for providing the necessary information to the data subjects regarding its use. This includes, where a client engagement involves the transfer of personal data outside the European Union, that the relevant clients are responsible (where required) for providing appropriate notice to or obtaining appropriate consent from, the individuals whose data may be transferred.
Our clients may use relevant sections of this privacy policy or refer data subjects to this privacy policy if they consider it appropriate to do so. For example:
- If you are a shareholder or director of a company for which we are providing pre-appointment insolvency advice or a shareholder or director of an insolvent company for which we are administering the affairs. We will collect your name, address and a copy of your passport and/or your photocard driving licence. We will use your contact details to perform our contractual obligations.
- If you are a creditor of a company for which we are providing pre-appointment insolvency advice or a creditor of an insolvent company for which we are administering the affairs, we will collect your name, address and details of any dividends distributed to you. We will use your contact details to process data in compliance with our legal obligations or legitimate interest.
- If you are an employee of a company for which we are providing pre-appointment insolvency advice or a creditor of an insolvent company for which we are administering the affairs, we will collect your name, address, payroll details and national insurance number.
We will use your contact details to process data in compliance with our legal obligations or legitimate interest. If you engage us to provide you with services, we will collect your billing address, email address and telephone numbers.
We will also collect information about your assets and intellectual property rights, transaction details about payments to and from you and other details of services you have purchased from us including any testimony you are willing to write about us and our performance.
We will use this information to perform our contractual obligations and for ancillary internal management purposes which are compatible with the original purpose.
Who do we share your personal information with?
From time to time, KRE (North) Limited will require third parties to process to personal data on its behalf, either pursuant to a contractual obligation or because it has a legal obligation or legitimate interest to do so.
Roles performed by third parties may include performing debt collection and tracing services, managing shareholder registers, processing credit reference checks and processing anti-money laundering searches, processing pension claims and IT matters, and any other roles performed by an agency in connection with a formal insolvency engagement.
KRE (North) Limited uses the services of TransUnion to obtain anti money laundering searches. Their privacy notice and further details of the information they hold can be found at; https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
KRE (North) Limited takes reasonable steps, in accordance with the GDPR’s requirements for controller/processor contracts, to control any third party processing and to ensure that the third party processors have appropriate procedures in place to safeguard the security and integrity of the personal data they are processing.
From time to time third parties processing personal data on behalf of KRE (North) Limited may contact you directly. We may disclose your personal information to third parties if we are under a duty to disclose or share it in order to comply with any legal obligation. Except as set out above, we will not share your personal information with any other party.
Data retention
How long will we keep your personal information?
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, together with the applicable legal requirements.
The PURPOSE for which personal information was given controls the retention duration as follows:
- Contact (by e-mail or telephone) is destroyed 6 years after the end of the business relationship.
- Information submitted via survey is destroyed 6 years after the end of the business relationship.
- Information relating to directors and shareholders are destroyed 6 years after the end of the business relationship.
- Information relating to creditors are retained for 6 years after the closure of the case and then destroyed.
- Insolvent company records (e.g. employee, creditor and debtor details) are destroyed 12 months after dissolution of the company or earlier with consent in the case of compulsory liquidations.
- marketing information is held until the customer asks to be removed from the contacts database and/or sale of business flyers database
- All other personal information 6 years after the end of the business relationship
We may also collect sensitive personal information.
This may include offences and alleged offences, criminal proceedings and sentences, for example, records under the Company Directors Disqualification Act 1986 but will not be limited to that information.
We may use information which is provided to us to fulfil our legal obligations, e.g. making HMRC payments.
Vendors and Suppliers (including individuals associated with those businesses)
- If we engage you to provide us with services or goods, we will collect your billing address, email address and telephone numbers.
We will also collect details of your charges, your quotations, transaction details about payments to you and other details of services or goods we have purchased from you.
We will use your contact details to perform our contractual obligations including but not limited to the processing of payments to you in accordance with our contract with you.
Where do we store your personal information and how is it kept secure?
All information you provide to us is stored on our secure servers located in the United Kingdom.
No information you provide to us is transferred to, or stored at, a destination outside the European Economic Area.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
However, please be aware that despite the security measures have in place, no computer system is completely secure and there is always some degree of risk whenever personal information is transferred by electronic means.
Links to other websites
Our website may, from time to time, contain links to other websites which may be of interest to you. If you follow a link, please note that the other websites will have its own privacy policy and you should check this before you submit any personal data to that website.
Recruitment applications and employees
We will process job applications and CVs submitted to us on the basis that we have a legitimate interest to do so (to fill vacancies and to grow our business).
If your personal data is on publicly available sources (such as LinkedIn and Companies House) then we may collect your personal data that is available on these sources.
Information which we collect from publicly available sources (such as LinkedIn and Companies House) will be used in connection with matters on which we are formally engaged. If you submit job applications to us, we will collect your contact details and any other information you provide in the application.
Visitors to our website (including terms and conditions)
If you visit our website we may also collect personal data about your visit through the use of website cookies in order to improve your user experience (for more information see the section entitled Cookies).
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We will not use your personal information for any purpose not explained in this privacy policy.
Other information collected via our website and cookies.
If you visit our website, we may collect information about your visit, namely IP address, traffic data, location data and the resources that you access.
Security
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security. We regularly review the appropriateness of the measures we have in place to keep the data we hold secure. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Individual Rights
Your rights
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”).
This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. To do this, please contact us by any of the means referred to below (under the section entitled Contacting Us). Your personal data will be provided free of charge (unless the request is unreasonable or excessive in which case a small fee may be charged or we may limit the level of information provided) and within 30 days in accordance with the GDPR requirements.
Request correction of the personal data that we hold about you.
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data.
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data
where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data.
This enables you to ask us to suspend the processing of your Personal data in the following scenarios:
(a) if you want us to establish the data’s accuracy;
(b) where our use of the data is unlawful but you do not want us to erase it;
(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party.
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time
Where we are relying on consent to process your personal data, you can withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Contact Us
Contacting Us
If you have any queries about this privacy statement or any complaints about the way in which we handle your personal data, please contact us using one of the following options:
Website: krecr.co.uk E-mail: [email protected]
Post: Company Secretary, KRE (North) Limited, Flexico Workspace, 7-8 Delta Bank Road, Gateshead, NE11 9DJ. Telephone: 0 191 406 7364
We will investigate any complaint promptly with a view to resolving the matter as swiftly as possible.
Complaints
You have the right to complain to the Information Commissioner about the way in which we collect and use your personal data: www.ico.org.uk/concerns or telephone 0303 123 1113.