GDPR and The Karten Network – The Karten Network will be GDPR compliant across all aspects of operation. This includes the use of personal data in respective business activities and in any networking/sharing/practitioner exchange/project activity.
This Privacy Notice informs stakeholders about our data protection procedures. This notice:
- Sets out the purposes for which we hold and process personal data
- Informs stakeholders that they have a right of access to the personal data that we hold about them
For the purpose of the General Data Protection Regulation 2016 (GDPR), the data controller is Karten Network Ltd. Dawn Green, (email@example.com) the Karten Network Development Co-ordinator can be contacted regarding enquires related to this statement or any other data protection issues.
1. About us
We are the Karten Network Ltd. a company registered in England and Wales (Company No. 04584819). Our registered correspondence address is Karten Network C/O The Ian Karten Charitable Trust, International House, 64 Nile Street, London, N1 7SR.
The Karten Network is a network of IT centres for disabled people. The centres are funded through the Ian Karten Charitable Trust, with the purpose of improving the quality of life and independence of people with congenital or acquired physical, cognitive, sensory, learning disabilities or mental health problems. The Karten Centres provide a supportive learning environment together with access to the latest in adaptive computer technology and are located in a wide range of host organisations.
2. Personal data
The Karten Network holds and processes information, including personal data about a range of stakeholders for a variety of business purposes, summarised in Appendix 1 Data Register.
2.1 Data Recorded
Data recorded in our internal systems are varied and include contact information, names, key information about additional needs, testimonials, case studies and photographs/videos.
2.2 Data shared
The Karten Network does not process or share any information without the express permission of the individual concerned. No personal data from our internal systems is shared to other organisations or third parties without specific consent.
2.3 Data retention
All decisions regarding data retention are at the discretion of the Data Protection Officer (DPO). We will not retain personal data for any longer than is necessary. What is deemed necessary will depend on the circumstances of each case, considering the reasons that the personal data was obtained, but should be determined in a manner consistent with current data retention guidelines.
2.4 Data access
Should a data subject access request be required, the Karten Network will provide details on request as to how to extract the relevant information to respond to a data subject access request.
2.5 Data Security
We will take necessary steps to keep personal data secure against loss or misuse. On the rare occasions that other organisations control or process personal data as a service on our behalf, the DPO will establish what, if any, additional specific data security arrangements need to be implemented in contracts or agreements with those third-party organisations. Maintaining appropriate standards of data protection is a collective task. All personal data must be secured against loss or misuse. Usernames and passwords may not be shared except for the disaster recover policy or when a shared account is used.
3. Collecting information from visitors to our Website
When someone visits our website we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the website. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. You can find more information on how cookies are used on this website in our Cookies Policy.
If we do want to collect personally identifiable information through our website, we will tell you. We will make it clear when we collect personal information and will explain what we intend to do with it. You will need to give your consent prior to providing this information.
3.1 Information we process about individuals
We may collect and process the following personal data: Information that you provide by filling in forms on our website. This includes information provided at the time your user account was created, subscribing to our services (e.g. our newsletter). We may also ask you for information when you report any problems with our website;
If you contact us, we may keep a record of that correspondence;
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
- Details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access; and any information incidental to that listed above.
3.2 How we use your information
We use information held about you in the following ways: To ensure that content from our website is presented in the most effective manner for you and for your computer;
- To allow you to participate in interactive features of our website, when you choose to do so;
- On the rare occasion to notify you about changes or important information about our website;
- We do not disclose personal information about individuals to advertisers or sell your information to any other organisation for marketing or any other purposes;
- Web logs (error logs, access logs, security audit logs, including IP addresses) for detecting and preventing fraud and unauthorised access and maintaining the security of our systems.
3.3 Retention & Deletion
The Karten Network Ltd retains your information while your account remains active, unless you ask us to delete your information. Once your account is removed all your personal data will be deleted from our systems.
If you have signed up to receive our newsletter, we will retain your information until you request to be removed / deleted.
Subject to the exceptions described below, Karten Network Ltd deletes or anonymises your information upon request.
Subject to applicable law, Karten Network Ltd may retain information after account deletion: Certain information if necessary for its legitimate business interests, such as fraud prevention;
- If we are required to by applicable law; and/or in aggregated and/or anonymised form;
- IP addresses, cookies and similar technologies;
- We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and security purposes. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
3.4 Security and Control of Data
All information you provide to us is stored on our secure servers and is accessible only by you, our website administrator/s and web developer. All passwords are encrypted and not visible by anybody.
Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to reduce the risk of unauthorised access.
3.5 Links to Other Websites
This privacy notice does not cover the links within this website linking to other websites. Those websites are not governed by this privacy notice, and if you have questions about how a website using your information, you will need to check that website’s privacy statement.
4. Access to Your Personal Information
The Act gives you the right to access information held about you. You can find out if we hold any personal information about you by making a “data subject access request” under GDPR 2016. If we do hold information about you, we will:
- Give you a description of it
- Tell you why we are holding it.
- Tell you who it could be disclosed to
- Let you have a copy.
Any formal subject access request should be e-mailed to Dawn Green: firstname.lastname@example.org
This information will be provided free of charge. However, we may charge a reasonable fee for repetitive, unfounded, or excessive requests.
5. How can you Update or Change your Information?
If at any time you wish to change your information, you can either update it by logging into your account if you have one, or by contacting either Dawn Green (email@example.com) or Martin Pistorius (firstname.lastname@example.org) and providing details of the information you wish to have updated.
If you wish to opt-out of email notifications and communications you can contact Dawn Green (email@example.com) and we will ensure you do not receive any more communications.
6. Your Rights as a Data Subject
- Right to Rectification – the right to request the controller rectify inaccurate personal data.
- Right to Object – the right to object to processing based on either public interests or legitimate interests. Processing must stop, unless the controller demonstrates compelling grounds for continuing the processing or that the processing is necessary in connection with the controller’s legal rights.
- Right to Object to Direct Marketing.
- Right to be Forgotten – the right to have the controller erase personal data without undue delay. Contingent on the occurrence of one of the following:
- The data is no longer necessary;
- The data subject withdraws consent (and consent is the legal basis for processing);
- Controller has no overriding grounds for continuing processing against the objectification;
- Processing was unlawful;
- Erasure is necessary with EU or national law.
- Right to Restrict Processing – the right to have the controller restrict processing if:
- The accuracy of the data is contested;
- Processing is unlawful;
- The controller no longer needs the data for its original purpose, but needs it for legal purposes;
- Erasure is pending.
- Right of Data Portability – the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller.
7. Changes to this Privacy Notice
We keep our privacy notice under regular review. This privacy notice was last updated on 24th July 2020.