Data transparency disclosures and GDPR compliance
Purpose for Processing Data
Kaltz Ltd was founded in 2000 and our core business is to produce concise and accurate communications directories for Government Buyers. Our publications are provided free of charge to public sector staff and are funded through the inclusion of advertisers. Our titles are designed primarily to assist all those involved in Government procurement to better communicate with counterparts in other similar organisations and to share best practice in the pursuit of best value for the tax payer.
As a company that compiles information on public sector data subjects, we have always been committed to ensuring compliance to all relevant data laws. At the start of 2017 we reviewed our legal obligations pertaining to the new General Data Protection Regulations and since that review and various consultations on the matter, we have been diligently preparing for GDPR compliance.
How we collect, store and update our data
Research & Updates
All of our subject data is either collected online, where information has already been published and put into the public domain or collected directly from public sector agencies or individual post holders. In the main our publications are produced annually; we commence research for each title as close to publication date as is possible to ensure the accuracy of the data we publish. All of our data is subject to update every 6-12 months. Every post holder whose information we publish has access to our data in both hard copy and online and can therefore easily review or amend their details. All the data we research has a data source and a recorded date.
Storage
The maximum period we store our subject data without update or re-verification is one year. All personal data we hold is stored on a dedicated server with multi-layered levels of security in place. These include limited access for Kaltz staff to include only the data controller and research team, a firewall and comprehensive antivirus software, and high grade encryption offsite back-up services.
Data provision
As well as providing our data in the form of hard copy published directories to public sector employees, we also provide voucher copies to our contributing private sector service providers. By doing so we provide a necessary function not only for cross-organisation and cross- sector inter-Government communications and research but also to assist suppliers to market their wares successfully. We do not provide, sell or licence our data to any commercial entity that is not directly involved in a particular title produced. The provision of our data, post May 2018 is done so on the following basis:
- Any and all communications made must contain a clear opportunity to opt-out from any future correspondence
- All requests made to opt-out must be honoured
- Any marketing communications presented must be relevant and proportionate
- All Kaltz Terms and Condition attached to any booking and subsequent data provision must be strictly adhered to
The means of marketing using data provided by Kaltz Ltd post May 2018 are permissible on the following basis:
- Post – This remains an opt-out channel
- Telephone communications – All telephone numbers must be screened against the Commercial Telephone Preference Scheme prior to being used for marketing purposes but on completing this screening, this will remain an opt-out channel
- Emails – the regulations for emailing a public servant are soon to be replaced by the forthcoming e-Privacy Regulations but this will remain an opt-out channel.
We do not sell or licence our data, it is provided to our contributing stakeholders on request and without charge.
In Summary
All companies have a day-to-day responsibility for data protection and understanding the new legal framework set out in the GDPR is obviously key to the compliance thereof. We have always tried to ensure that the interests of both the data subjects and data users we hold records of are considered to the upmost and therefore in practice, we haven’t had to change a huge amount in the way we operate in the face of the new legal framework. In light of the uncertainty surround Brexit and as a company whose activities are limited to the UK however, we will be continually reviewing our data control methods.