Privacy Policy

Two roles are recognised under the GDPR: • Data Controller: Determines the purpose and method of data processing. • Data Processor: Processes data on behalf of the Controller. Responsible Person(s): • Data Controller: Peter Killick – peter@pknetworks.co.uk() • Data Processor: Peter Killick – peter@pknetworks.co.uk() Effective from: 25 May 2018

We will only process your data where at least one of the six lawful bases applies: 1. Consent – Clear, affirmative permission given by the individual. 2. Contract – Processing necessary to fulfil a contract. 3. Legal Obligation – Compliance with legal requirements. 4. Vital Interests – To protect life. 5. Public Task – In the public interest or by official authority. 6. Legitimate Interests – Where our legitimate business interests do not override the individual’s rights. For Legitimate Interest, we apply a three-part test: • A legitimate interest must exist. • Processing must be necessary to achieve it. • A balance must be struck with the individual’s rights and freedoms.

You are entitled to the following rights: 1. Right to be informed: We must provide clear and transparent information about data use. 2. Right of access: You may request access to your data. This is free of charge and will be processed within one month unless the request is unfounded, excessive, or repetitive, or if previously provided information is requested again. Where applicable, you will be informed of any charges or if your request is refused, with guidance on how to appeal. 3. Right to rectification: You can ask us to correct any incorrect or incomplete data. 4. Right to erasure: You may request deletion of your data where there is no legitimate reason to retain it. 5. Right to restrict processing: You may request processing to be blocked. We may still store the data but not use it further. 6. Right to data portability: You may obtain and reuse your personal data across different services. 7. Right to object: You can object to processing for legitimate interests, public interest tasks, direct marketing, or research/statistics purposes. We will always inform you of this right at the point of first communication. Complaints can be made to the ICO: Website: ico.org.uk/concerns Phone: 0303 123 1113 Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

• Data Subject’s name, address, telephone numbers, and email address(es) • Purpose: Managing the Data Subject’s relationship with the firm • Legal Basis: Contractual necessity • Username and passwords (where services are set up) • Purpose: Managing services for the Data Subject and their employees • Legal Basis: Contractual necessity • Emergency contact details • Purpose: Contacting the Data Subject in the event of an emergency • Legal Basis: Vital interests • CCTV recordings at PK Networks Ltd premises • Purpose: Security at the premises • Legal Basis: Security of the business • • Gender • Purpose: Provision of suitable facilities (e.g. toilets, changing rooms) • Legal Basis: Legitimate interests • Photos and videos of the Data Subject • Purpose: Promoting the firm via website and marketing activities • Legal Basis: Consent (explicit, with the option to withdraw at any time) • Call recordings (landline and mobile) • Purpose: Training and security; ensuring information is accurately retained • Legal Basis: Security and training of the business • Bank account or payment details • Purpose: Making and receiving payments or issuing refunds • Legal Basis: Contractual necessity • Remote access to PCs and servers • Purpose: Providing support under existing contracts • Legal Basis: Contractual necessity • Cloud backup of PCs and servers • Purpose: Delivering backup services under support contracts • Legal Basis: Contractual necessity

• Data is not transferred outside the EEA without explicit consent. • We use recognised technology and security standards (e.g. encryption, SSL). • Financial data is destroyed securely when no longer needed. • Any serious breach will be reported promptly to affected individuals.

• We do not sell or pass on personal data without consent, unless required by law or necessary for fulfilling a service. • Where third-party services are used, data is shared only as necessary and only under strict confidentiality agreements. • We retain data only as long as necessary under the legal basis outlined or as required by law. • Annual reviews will assess whether continued processing is justified.

For questions or comments regarding this Privacy Policy, please contact: Peter Killick, Director Email: peter@pknetworks.co.uk()