What is Changing?
Updated 13th June 2019
1.1.We are committed to protecting your privacy rights as a consumer of our services. Our policy is to respect and protect your rights to privacy.
1.2.Kuflink means Kuflink Group Plc and its subsidiaries.
1.3.All information you provide to us will be held by Kuflink on UK based servers. Unless otherwise specified in point 9. Kuflink will not hold, transfer or use your data outside the European Economic Area (EEA), nor will we share it with other, within or outside of the EEA (except when we believe in good faith that the law requires it).
1.4.We collect data on all our users in order to continually improve the services and products we offer. We also collect data to enter commercial arrangements which can include the sale of advertising space. Kuflink adheres to UK Data Protection Legislation which, from 25th May 2018, includes EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).
1.5.This privacy notice only relates to Kuflink’s website and platform and doesnot extend to your use of the internet outside of the Kuflink site.
2.1.Kuflink Group Plc is registered at 21 West Street Gravesend, Kent DA11 0BF under company number 09084634.
2.2.Kuflink Ltd is registered at 21 West Street Gravesend, Kent DA11 0BF under company number 08460508.
2.3.Kuflink Bridging Ltd is registered at 21 West Street Gravesend, Kent DA110BF under company number 07889226.
3.1.Before using our services and purchasing of our products, we require that each user undertakes checks for the purposes verifying your identity and preventing fraud and money laundering. These checks require Kuflink to collect and store personal data about you.
3.2.Details of personal data we may need to collect to process these checks include, but are not limited to: name, address, date of birth, contact details, bank account numbers, national insurance number and device identifiers including IP addresses.
3.3.Kuflink may need to enable law enforcement agencies access to your personal date to detect, investigate and/or prevent crime.
3.4.We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
3.5.Fraud prevention agencies can hold your personal data for different time periods, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
3.6.As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details below.
3.7.If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financingyou have requested, or to employ you, or we may stop providing existing services to you.
3.8.A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below.
3.9.Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
4.Data collected by Kuflink
4.1.We will collect personal data as provided to us during the registration or purchase process, which you agree to supply us as accurate.
4.2.We do not monitor your use of the Internet, but we do use cookie technology to monitor your use of Kuflink. This information is not stored alongside your personal data and will only be used on an anonymous, aggregated basis. We may process your personal data in conjunction withthe documents and forms downloaded in order to maintain and improve the facilities we offer and to send you alerts about important updates to such content.
3.9.Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area,4.3.Information on the type of cookie technology we use can be found at point 6.1. they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
5.How we use your data
5.1.We use your data for the following purposes:
5.1.1. Creating and managing your account.
5.1.2.Supplying you with information, documents, forms, and other content either through the Kuflink site or by email. You can control your email preferences from ‘My Preferences’ and can opt-in of our emails and phone calls/texts when you register (or at any time thereafter). Please notethat some emails are an integral part of the Kuflink’s service you sign up for when registering with Kuflink and cannot be opted out of, and that by registering, you are consenting to us using your personal data to send suchemails. We will never send you any spam.
5.1.3. Communicating with you. This may include responding to emails or calls from you.
5.1.4. Building up a profile of your interests and preferences based on your investment history.
5.2.Processing your personal data is in both our legitimate interests and is necessary to provide our services to you at the highest standard and to continually evolve and improve our products and services.
6.1.We use the following cookies:
6.1.1. Strictly necessary cookies: These are cookies that are required for the operation of our website. Theyinclude, for example, cookies that enable you to log into secure areas of our website. They do not gatherinformation about you that could be used for marketing purposes or remembering where you’ve been onthe Internet.
6.1.2. Analytical/Performance cookies: They allow us to collect information about how you use our website,such as, how you move around our website and if you experience any errors. These cookies do notcollectany information that could identify you; all of the information collected is anonymous and is only used tohelp us improve the way our website works, understand what interests our users and measure howeffective our advertising is.
6.1.3.Functionality cookies: These are used to recognise you when you return to our website. This enablesus to personalise our content for you, greet you by name and remember your preferences and improveyour visit.
If you select "Reject", NextRoll will not serve you personalized advertising. You may still receive advertising that is not targeted or is served by other third parties that are not affiliated with NextRoll.
If you "Allow" now, you have the right to withdraw your consent at anytime. To manage NextRoll's partners and learn more, visit
6.2.Generally, cookies which are strictly necessary for the operation of the website will expire when you leave the website. Other cookies may be more permanent or not expire unless you actively delete them.
7.Personal data retention
7.1.We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete it. The retention period will vary depending on the purposes for which the information was collected. We are sometimes legally obliged to retain the information, for example, for tax and accounting purposes. In the absence of a specific legal or regulatory requirement to retain your data we typically retain it for the applicable legal limitation period for bringing legal claims. This is six years where the claim arises from a simple contract.
8.Storing personal data
8.1.We only store your personal data in the UK. This means that it will be fully protected under the GDPR.
8.2.As explained below, certain personal data will be made accessible to our third-party IT contractor, based outside of the European Economic Area. Additional steps have therefore been taken to ensure that your personal data will be treated just as securely and safely as it would be in the UK and under the GDPR, as embodied in a data processing agreement between us and our contractor based on model contractual clauses provided by the European Commission, which impose suitable data protection standards on a contractual basis.
9.Sharing your personal data
9.1.We may share your information with any member of the Kuflink Group and with some of our business partners, service providers and subcontractors in connection with the performance of any contract we enter into with you or them.
9.2.We may also disclose your information to third parties where you have consented for us to do so, where weare under a legal, regulatory or professional obligation to do so, where we need to enforce or apply our various terms, policies and other agreements, or if it becomes necessary to protect the rights, property or safety of Kuflink, our customers or any other person.
9.3.If we merge, reorganise ortransfer all or part of our business, we may disclose information we hold about you to successors (and potential successors) of the business.
9.4.If we refer any dispute between us to theODR Platform http://ec.europa.eu/consumers/odr , and/or we agree to engage in any alternative dispute resolution (“ADR”) procedure with you through the ODR Platform, then to the extent that your personal data is relevant to the dispute we may disclose it to the European Commission, as operator of the ODR Platform, and to any ADR provider appointed to deal with the dispute.
10.Your rights as a data subject
10.1.Individual data subjects have the following rights under the GDPR which we will always work to uphold:
10.1.2.The right to access your personal data by means of a subject access request (see point 11.2)
10.1.3.The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. You can do this by contacting us at firstname.lastname@example.org
10.1.4.The right to erasure (also known as the right to be forgotten). You can exercise this right by contacting us at email@example.com
10.1.5.The right to restrict or object to our processing of your personal data for particular purposes. Email preferences can be changed using the‘Email Preferences’ link in ‘My Preferences’. Using this link, you can opt-inof our alerts. For further information, please contact us.
10.1.6.The right to data portability. This means that you can ask us for a copy of your personal data to re-use with another service or business. Please note, however, that this right applies only if you have provided personal data to us directly, we are using it with your consent or for performance with a contract, and your data is processed using automated means.
10.1.7.Rights relating to automated decision-making and profiling. We do not, however, use your personal data in this way.
10.2.For more information about our use of your personal data or exercising your rights as outlined above, please contact us on 01474 334488.
10.3.Further information about your rights can be obtained from the Information Commissioner’s Office. You also have the right to lodge a complaint with the Information Commissioner’s Office if you feel that your rights have been breached.
11.Accessing your data
11.1.All personal data provided by you during registration, along with details of your download history, can be accessed via ‘My Account’.
11.2.If you wish to make a data subject access request, please do so in writing, sent to the email or postal address shown below, clearly marking your correspondence as a subject access request.
11.3.We do not normally charge for subject access requests unless theyare ‘manifestly unfounded or excessive’ (e.g. repetitive). We will respond to your subject access request within one month of receiving it. In the unlikely event that your request is particularly complex, a further two months may be required but we will keep you informed if this is the case.
12.1.To contact Kuflink about anything to do with your personal data and data protection, including to make a subject access request, please use the following details and we will respond as soon as possible:
- it will be easier to access the information that companies hold on you;
- companies will be subject to more stringent data management standards;
- there will be a new schedule of fines applicable to companies in breach of GDPR.