This Policy details how we collect, use, disclose and store Personal Data when you:
- Visit our Websites (as herein defined);
- Register to use any of Kallidus’ services (the “Services”), or
- Attend or register to attend sponsored events or other events at which Kallidus participates (“Attendees”).
For the purposes of this Policy, the following definitions will apply:
- “Kallidus” refers to Kallidus Limited and its group companies, as will “we”, “our”, and “us” (see section 3 below for more information);
- “You” are the person, firm, business, representative, or organisation reading this notice;
- “Websites”, shall refer collectively to kallidus.com, engageinlearning.com as well as the other websites that Kallidus and its affiliates operates and that link to this Policy.
2. Important Information
This policy (together with our set out the basis on which any personal information we collect from you, or that you provide to us, will be treated by us. Please read the following carefully to understand our policy and practices regarding your personal information.
3. Kallidus Company Information
The Kallidus Group is made up of different legal entities, including:
- Kallidus Limited (registered in England & Wales with Company No: 03984404, with its registered office at 5 Fleet Place, London, England EC4M 7RD, United Kingdom; and
- Hot Learning Limited t/a Engage in Learning (registered in England & Wales with Company No: 07505130, with its registered office at 5 Fleet Place, London, England EC4M 7RD, United Kingdom)
The person with responsibility for our data protection compliance is the Data Protection Officer who is contactable at the email address provided in the ‘Contact Information’ section below.
We are the data controller of the personal data that is submitted to Websites or is provided to us at an event at which Kallidus attends.
Please note that this Policy does not apply if you are a customer receiving Services and Kallidus acts as a processor of personal data received from you. Kallidus will process such personal data in accordance with data processing agreements in place between you and Kallidus.
Kallidus is responsible for making sure that our systems, processes and people comply with the relevant data protection laws in respect of that personal data.
4. Personal Data Collected by Kallidus
We may collect and process the following data about you:
- Information that you enter via our Websites. This includes information provided at the time of:
- submitting a form;
- subscribing to any service which we provide;
- searching our Websites;
- participating in discussion boards or any other messaging functions on our Websites; or
- requesting further services.
- We may also collect and process information when you enter a competition or promotion, and when you report a problem with our Websites.
- The information you give us may include without limitation:
- your name;
- business/company name;
- contact information, such as postal address, email address and telephone number;
- industry challenges;
- product interests; and
- Any specific information you elect to provide via a Website, phone or email.
- If you contact us (by phone, email, Kallidus’ support website or otherwise), we may keep a record of our correspondence with you.
- Information you provide when you enter a survey (we may ask you to complete surveys that we use for research purposes, although you do not have to respond to them).
- Technical information may be collected automatically, including without limitation the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform.
Details of your visits to our Websites may be collected automatically, including without limitation full Uniform Resource Locators (URL) clickstream to, through and from our Websites (including date and time), pages you viewed or searched for, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page (including information about how you use social media plug-ins), traffic data, location data, weblogs and other communication data.
5. Information Collected from Children
We are strongly committed to preserving online privacy for all of our Websites’ visitors, including children. The Websites are general audience sites, and we do not knowingly collect information about children or sell products to children. We will not knowingly collect any information from children under the age of 13. If you are under the age of 13, you are not permitted to use or submit information to the Websites.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
A list of all cookies utilised within this Website is available here.
7. Uses Made of Your Personal Information
We have set out in the table below details of all the ways Kallidus may use your personal data and the applicable legal bases we rely on to do so. Please see the Glossary below to find out more about the types of lawful basis that we rely on to process your personal data.
|Purpose/activity||Lawful basis for processing (including basis of legitimate interest)|
|To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and Services that you request from us;||Performance of a contract with you|
|To contact you in response to an enquiry or in relation to potential sales opportunities;||Necessary for our legitimate interests (to develop our products/services and grow our business)|
|To provide you with information about other products and services that are similar to those that you have already purchased or enquired about;||Necessary for our legitimate interests (to develop our products/services and grow our business)|
2. Necessary to comply with a legal obligation
3. Necessary for our legitimate interests (to keep our records updated)
|To update and manage our customer and marketing databases;||Necessary for our legitimate interests (to keep our records updated)|
|To ensure that content from our Websites is presented in the most effective manner for you and for your computer or device;||Necessary for our legitimate interests (to ensure our Websites perform effectively for all users)|
|To personalise emails that we send to you, including using your name to address emails to you;||Necessary for our legitimate interests (to tailor our communications and make them more relevant to you)|
|To allow you to participate in interactive features of our Service, when you choose to do so (including creating links to our Websites in your social media channels);||Necessary for our legitimate interests (to provide a positive user experience and develop our products/services)|
|To carry out market research and analysis;||Necessary for our legitimate interests (to define types of customers for our products and services, develop our business and to inform our marketing strategy)|
|To administer and improve our Websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Websites updated and relevant, to develop our business and to inform our marketing strategy)|
|To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Websites updated and relevant, to develop our business and to inform our marketing strategy)|
|To confirm your identity, and verify your email address;||Necessary to comply with a legal obligation (to identify and prevent fraud)|
|To keep our Websites safe and secure; and comply with applicable law;||1. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)
2. Necessary to comply with a legal obligation
2. Necessary for our legitimate interests (to ensure that contractual obligations are met)
|To protect the rights, property or safety of Kallidus, any of our affiliated companies, our customers or others.||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)|
8. Uses of Analytics and Targeting Advertising Tools
In order to better serve our Website visitors and customers we may use Google Analytics features such as Remarketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager integration and/or Google Analytics Demographics and Interest Reporting (Google Display Advertising Features).
You can opt-out of the Google Display Advertising Features and customise Google Display Network ads using the Ad Settings.
As an added privacy measure, you can use the Google Analytics opt-out browser add on.
Regarding Google Analytics Demographics and Interest Reporting, we may use data from Google’s Interest-based advertising and/or third-party audience data (such as age, gender and interests) with Google Analytics to target and improve our marketing campaigns, marketing strategies and our Website content.
9. Disclosure of Your Information
We may disclose your personal information:
- To members of the Kallidus group of companies:
- To affiliated companies, business partners, suppliers, sub-contractors and other third parties as necessary, such as for the performance of any contract we enter with you or any service you have requested (for example, we engage third parties to deliver consultancy packages, and partner with complimentary HRIS software providers)
- To members of Kallidus’ reseller and partner network to provide potential customers with information on both Kallidus’ and their own complementary services, and to provide services as a Kallidus delivery/fulfilment partner;
- To trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or consultancy services. All such third parties are prohibited from using your personal information except to provide these services to Kallidus, and they are required to maintain the confidentiality of your information.
- To analytics and search engine providers that assist us in the improvement and optimisation of our Websites;
- If Kallidus or substantially all of its assets are acquired by a third party in which case personal information held by it about its customers will be one of the transferred assets;
- To protect our customers and Websites from fraud and theft. We may pass on personal information that is required to make identity checks and personal information that we obtain from making identity checks (including information relating to your age, name and location), together with account information to organisations including law enforcement agencies, involved in fraud prevention and detection and credit risk reduction. Please note that these third parties may retain a record of the information that we provide to them for this purpose;
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation or,
- In good faith, Kallidus believes that such action is necessary to:
- Conform to the edicts of the law or comply with legal process served on Kallidus or the Websites;
- Protect and defend the rights or property of Kallidus, our group companies, our customers or others; and
- Act under exigent circumstances to protect the personal safety of users of Kallidus, or the public;
Kallidus does not sell, rent or lease its customer lists to third parties.
Kallidus does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent.
10. Your Right to Opt-Out
You have the right to ask us not to process your personal information for marketing purposes. If you do not wish to receive marketing information from us you have the option of ‘opting out’ at any time. Clear instructions on how to opt-out of each area will be detailed specifically (for instance, at the bottom of our e-newsletter you will have the option to unsubscribe by clicking a link). Alternatively, you can let us know in writing at email@example.com.
Our Websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates, or to social media platforms. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
11. Security of Your Personal Information
Kallidus is accredited to the Information Security Management Systems standard ISO27001:2015 and has a robust framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
Kallidus secures your personal information from unauthorised access, use or disclosure. Kallidus secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via our Websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We use secure socket layer software (SSL) to encrypt personal information that you provide via our Websites. This technology prevents you from inadvertently revealing personal information using an unsecure connection. Our Websites are certified with an SSL certificate, which verifies that our Websites are secure.
We keep your information confidential and store user personal data on a secure server which is password protected and hidden behind a firewall.
12. Retention Period
We will keep personal data only for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements.
Kallidus will determine an appropriate retention period for the personal data by taking account of the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data can be requested from us by contacting Kallidus’ Data Protection Officer.
13. International Data Transfers
The data that we collect from you may be transferred to and/or processed in countries outside the United Kingdom (“UK”) by Kallidus, its affiliated companies or processors acting on our behalf.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring either:
- The destination country has been deemed to provide an adequate level of protection for personal data; or
- An alternative safeguard for the transfer of data approved for use in the UK is used (e.g. the standard contractual clauses).
14. Your rights
Under certain circumstances, you have the right by law to request:
- Access to your personal data (commonly known as a “Data Subject Access Request”). This enables you to ask to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
- Correction of the personal data that we hold about you. You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Erasure of your personal data. You have the right to ask us to erase your personal information.
- Object to processing of your personal data where we are relying on our legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Restriction of processing of your personal data.
- Transfer of your personal data to another party, or to you.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
a. LAWFUL BASIS
i. Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
ii. Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
iii. Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
16. Contact Information
We have appointed IT Governance Europe Limited to act as our EU representative (“Representative”). If you are based in the EU and wish to exercise your rights under the EU General Data Protection Regulation or have any queries in relation to your rights or privacy matters generally, please email our Representative at firstname.lastname@example.org or post your request or query to:
IT Governance Europe
Third Floor, The Boyne Tower
Bull Ring, Lagavooren
Drogheda, Co. Louth
When contacting our Representative please ensure you include our company name in any correspondence you.
We will use commercially reasonable efforts to promptly determine and remedy the problem.
You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk