Who we are
Data Controller and contact information
KRE Corporate Recovery Limited is registered in England and Wales (number 12645353) whose registered office is Unit 8, The Aquarium, 1-7 King Street, Reading, Berkshire RG1 2AN.
KRE Corporate Recovery Limited is registered as a Data Controller at the Information Commissioner’s Office under registration number ZA074505.
Our Processing Activities
To find the relevant sections of this policy please use the link below:
- Clients (including individuals associated with those businesses)
- Data retention
- Vendors and Suppliers (including individuals associated with those businesses)
- Business Contacts (marketing)
- Recruitment applications and employees
- Visitors to our website (including terms and conditions)
- Individual Rights
- Contact Us
This policy is regularly reviewed and was last reviewed and / or updated on 16 December 2021.
Use of personal data
We use personal data for the following purposes:
- Providing professional services. Our services often require us to process personal data in order to provide advice and deliverables;
- Administering, managing and developing our businesses and services;
- In order to operate our business, including:
- managing our relationship with clients;
- developing our businesses and services;
- maintaining and using IT systems;
- hosting or facilitating the hosting of events; and
- Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threat;
- We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file;
- We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client;
- Unless we are asked not to, we use client business contact details to provide information that we think will be of interest about us and our services. Examples include industry updates and insights, information on other services that may be relevant, and invitations to events; and
- As a professional services firm, we and our personnel are subject to legal, regulatory and professional obligations. We maintain certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
We are committed to protecting and respecting your privacy.
This policy explains what personal information we may collect from you and how we will use it. Information that we may collect, how we will use it and why
We may also collect and process personal information about you as follows:
- If you contact us with a prospective business opportunity enquiry, we will use the information provided to deal with that enquiry, on the basis that we have a legitimate interest to do so (e.g. to follow up prospective business opportunities as well as for ancillary record keeping and internal management purposes).
- If you contact us by any other means (e.g. email or telephone), we may keep a record of that contact and the information you provide at that time.Information which we collect under these circumstances will be used to follow up prospective business opportunities or to perform our contractual obligations in accordance with our contract with you.
- If you contact us to make a complaint, we will use the information provided to respond to the complaint, on the basis that we have a legitimate interest to do so (e.g. to enable us to ensure that you are satisfied with our services and to ensure that our business remains competitive in the market).
- If you ask to be added to our contacts database or sale of business flyers database, we will collect your name, the name of your company/organisation (if any), email address and your preferences as to the types of marketing information you would like to receive from us. We will use your details on the basis of your consent to send marketing information to you in accordance with your stated preferences (as you may update them from time to time).
Clients (including individuals associated with those businesses)
Collection of personal data
Given the diversity of the services we provide to clients, we process a range of personal data, including:
- Contact details;
- Business activities;
- Information about management and employees;
- Payroll and other financial-related details.
Where we need to process personal data to provide professional services, our clients are responsible for providing the necessary information to the data subjects regarding its use. This includes, where a client engagement involves the transfer of personal data outside the European Union, that the relevant clients are responsible (where required) for providing appropriate notice to or obtaining appropriate consent from, the individuals whose data may be transferred.
- If you are a shareholder or director of a company for which we are providing pre-appointment insolvency advice or a shareholder or director of an insolvent company for which we are administering the affairs. We will collect your name, address and a copy of your passport and/or your photocard driving licence. We will use your contact details to perform our contractual obligations.
- If you are a creditor of a company for which we are providing pre-appointment insolvency advice or a creditor of an insolvent company for which we are administering the affairs, we will collect your name, address and details of any dividends distributed to you. We will use your contact details to process data in compliance with our legal obligations or legitimate interest.
- If you are an employee of a company for which we are providing pre-appointment insolvency advice or a creditor of an insolvent company for which we are administering the affairs, we will collect your name, address, payroll details and national insurance number.
We will use your contact details to process data in compliance with our legal obligations or legitimate interest. If you engage us to provide you with services, we will collect your billing address, email address and telephone numbers.
We will also collect information about your assets and intellectual property rights, transaction details about payments to and from you and other details of services you have purchased from us including any testimony you are willing to write about us and our performance.
We will use this information to perform our contractual obligations and for ancillary internal management purposes which are compatible with the original purpose.
Who do we share your personal information with?
From time to time, KRE Corporate Recovery Limited will require third parties to process to personal data on its behalf, either pursuant to a contractual obligation or because it has a legal obligation or legitimate interest to do so.
Roles performed by third parties may include performing debt collection and tracing services, managing shareholder registers, processing credit reference checks and processing anti-money laundering searches, processing pension claims and IT matters, and any other roles performed by an agency in connection with a formal insolvency engagement.
KRE Corporate Recovery Limited uses the services of TransUnion to obtain anti money laundering searches. Their privacy notice and further details of the information they hold can be found at; https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
KRE Corporate Recovery Limited takes reasonable steps, in accordance with the GDPR’s requirements for controller/processor contracts, to control any third party processing and to ensure that the third party processors have appropriate procedures in place to safeguard the security and integrity of the personal data they are processing.
From time to time third parties processing personal data on behalf of KRE Corporate Recovery Limited may contact you directly. We may disclose your personal information to third parties if we are under a duty to disclose or share it in order to comply with any legal obligation. Except as set out above, we will not share your personal information with any other party.
How long will we keep your personal information?
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, together with the applicable legal requirements.
The PURPOSE for which personal information was given controls the retention duration as follows:
- Contact by e-mail or telephone) is destroyed 6 years after the end of the business relationship.
- Information submitted via survey is destroyed 6 years after the end of the business relationship.
- Information relating to directors and shareholders are destroyed 6 years after the end of the business relationship.
- Information relating to creditors are retained for 6 years after the closure of the case and then destroyed.
- Insolvent company records (e.g. employee, creditor and debtor details) are destroyed 12 months after dissolution of the company or earlier with consent in the case of compulsory liquidations.
- marketing information is held until the customer asks to be removed from the contacts database and/or sale of business flyers database
- All other personal information 6 years after the end of the business relationship
We may also collect sensitive personal information.
This may include offences and alleged offences, criminal proceedings and sentences, for example, records under the Company Directors Disqualification Act 1986 but will not be limited to that information.
We may use information which is provided to us to fulfil our legal obligations, e.g. making HMRC payments.
Vendors and Suppliers (including individuals associated with those businesses)
- If we engage you to provide us with services or goods, we will collect your billing address, email address and telephone numbers.
We will also collect details of your charges, your quotations, transaction details about payments to you and other details of services or goods we have purchased from you.
We will use your contact details to perform our contractual obligations including but not limited to the processing of payments to you in accordance with our contract with you.
Where do we store your personal information and how is it kept secure?
All information you provide to us is stored on our secure servers located in the United Kingdom.
No information you provide to us is transferred to, or stored at, a destination outside the European Economic Area.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality]
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
However, please be aware that despite the security measures have in place, no computer system is completely secure and there is always some degree of risk whenever personal information is transferred by electronic means.
Links to other websites
Recruitment applications and employees
We will process job applications and CVs submitted to us on the basis that we have a legitimate interest to do so (to fill vacancies and to grow our business).
If your personal data is on publicly available sources (such as LinkedIn and Companies House) then we may collect your personal data that is available on these sources.
Information which we collect from publicly available sources (such as LinkedIn and Companies House) will be used in connection with matters on which we are formally engaged. If you submit job applications to us, we will collect your contact details and any other information you provide in the application.
Visitors to our website (including terms and conditions)
If you visit our website we may also collect personal data about your visit through the use of website cookies in order to improve your user experience (for more information see the section entitled Cookies).
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Other information collected via our website and cookies.
If you visit our website, we may collect information about your visit, namely IP address, traffic data, location data and the resources that you access.
- What are cookies?
- A cookie is a small file of letters and numbers that is saved onto your computer, smartphone, tablet or other devices when you visit our site.
- Cookies store small pieces of information. For example, one type of cookie will remember that you have visited our site before.
- Cookies help us to improve your visit and experience when browsing our site by, for example, storing certain information so you don’t have to re-enter it on subsequent visits.
- Cookies also assist us in tracking which pages of the website you have visited. We will not store credit card details in cookies we create.
- We use both persistent cookies (which stay with your computer and will work until their expiry date, unless detected by you beforehand) and session cookies (which expire when you close your browser).
- We use the following cookies:
- Strictly Necessary cookies. These cookies are essential for the operation of our site.
- Analytical/ performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise use when you return to our site. This enables us to personalise our content for you and remember your preferences.
- Targeting cookies. These cookies record your visit to our site, the pages you have visited and the links you have followed. We will use this information to make our site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
- You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Strictly Necessary cookies – Check if cookies are enabled to provide appropriate user experience, and to manage your login session.
These are only set if you navigate to the login area.
|Session cookies, deleted when you close your web browser.
|Functionality cookies –
To remember your login settings.
|Persistent cookies, expire after a year.
|Strictly Necessary cookies –
To authenticate logins, as part of our security features.
|Persistent cookies, expire after a year.
|These analytical cookies assist us in monitoring your use of our site, tracking the duration of your visit to our site and where you found our site (e.g. through a search engine or AdWords advert).
|_ga expires on 2 years, and _gid at 24 hours.
|Expires after a minute.
|GDPR Cookie Compliance
|Necessary Cookie to store cookie consent preferences.
|Persistent cookies, expire after a year.
- Your interaction with cookies
- It is possible to disable and remove cookies from your computer or device by activating the setting on your browser that allows you to do so. You will need to know what browser you are using and what version you have.
- You can refer to your browser’s help section or visit the aboutcookies.org/ website for further information and assistance with cookies.
- Please be aware that if you use your browser settings to block or amend certain cookies, your browsing experience may change for the worse
- Changes to this policy
- We may update, change, modify, add or remove portions of this policy at any time, and any changes will become effective immediately. Please visit this page periodically if you want to keep up to date.
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security. We regularly review the appropriateness of the measures we have in place to keep the data we hold secure. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”).
This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. To do this, please contact us by any of the means referred to below (under the section entitled Contacting Us). Your personal data will be provided free of charge (unless the request is unreasonable or excessive in which case a small fee may be charged or we may limit the level of information provided) and within 30 days in accordance with the GDPR requirements.
Request correction of the personal data that we hold about you.
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data.
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data
where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data.
This enables you to ask us to suspend the processing of your Personal data in the following scenarios:
(a) if you want us to establish the data’s accuracy;
(b) where our use of the data is unlawful but you do not want us to erase it;
(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party.
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time
Where we are relying on consent to process your personal data, you can withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you have any queries about this privacy statement or any complaints about the way in which we handle your personal data, please contact us using one of the following options:
Website: krecr.co.uk E-mail: [email protected]
Post: Company Secretary, KRE Corporate Recovery Limited, Unit 8, The Aquarium, 1-7 King Street, Reading, RG1 2AN.
We will investigate any complaint promptly with a view to resolving the matter as swiftly as possible.
You have the right to complain to the Information Commissioner about the way in which we collect and use your personal data: www.ico.org.uk/concerns or telephone 0303 123 1113.