Privacy policy

Privacy Policy and Data Protection (UK GDPR 2025)

This policy sets out how we use and protect any information that you give us when you use this website.

This complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It explains how we collect, use, store, and protect personal data relating to employees, customers, contractors, and third parties.

This policy applies to all personnel, systems, and business locations operated by The Kay Group and its associated companies.

Data Protection Principles

The company adheres to the seven key principles of UK GDPR 2025:

1. Lawfulness, fairness, and transparency – Personal data is processed lawfully and transparently.
2. Purpose limitation – Data is collected for specific, legitimate business purposes only.
3. Data minimisation – Only the minimum data required for each purpose is collected.
4. Accuracy – Data is kept accurate and up to date.
5. Storage limitation – Data is retained only as long as necessary.
6. Integrity and confidentiality – Data is secured against unauthorised or unlawful access.
7. Accountability – The Group maintains records and evidence to demonstrate compliance.

Lawful Bases for Processing

Personal data is processed under one or more lawful bases as defined in Article 6 of UK GDPR.

The Group does not sell or share personal data for marketing purposes with any third party.

Data Security Physical, Technical Security Retention and Disposal

The company complies with accepted practices of securing the offices, with CCTV coverage, alarmed premises, Keycard access controls are installed for sensitive areas and in locked cabinets to all personal information.

Servers are housed in a locked, access-controlled server room, all computers, laptops, and mobile devices are password and/or fingerprint-protected, anti-malware and threat detection are provided through Microsoft protection.

Emails are filtered for phishing and malware.

Cloud storage uses Microsoft OneDrive; third party processors comply with UK GDPR and use encrypted connections.

Retention of data is kept to a minimum and to meet legislative requirements.

Obsolete paper records are stored in archive sacks in a locked room and collected by certified shredding contractors.

Complaints and Contact

• Subject Access Requests, Questions or concerns about data protection should be directed to:
  Email: dataprotection@intack.co.uk

If an issue cannot be resolved internally, individuals have the right to contact the Information Commissioner’s Office (ICO): Website: www.ico.org.uk  and Telephone: 0303 123 1113