Kelp Social Privacy Policy

  1. Kelp Social: Who we are

 

Kelp Social Limited (the “company”, “we”, “our”, “us”) provide social media platform website and mobile application.  The Company is registered in the UK as Kelp Social Limited, registered in England & Wales at 71-75, Shelton Street, Covent Garden, London, WC2H 9JQ.  Company No. 13181054.  We are the controller of personal data obtained via our website and mobile application, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider operations in the European Economic Area (EEA).

Given the nature of our website, we do not expect to collect the personal data of anyone under 18 years old. If you are aware that any personal data of anyone under 18 years old has been shared with our website and/or mobile application, please let us know so that we can delete that data. This version of our privacy policy is primarily written for adults, including parents and guardians of child users.

  1. Personal Data we collect from you

​The personal data we collect about you depends on the particular activities carried out through our website and mobile application. We will collect and use the following personal data about you:

  • your name, address and contact information, including email address and telephone number and company details
  • information to check and verify your identity, eg date of birth
  • your gender, if you choose to give this to us
  • location data, if you choose to give this to us
  • your billing information, transaction and payment card or other payment method information
  • bank account and payment details
  • details of any information, feedback or other matters you give us by phone, email, post or via social media
  • your account details, such as username and login details
  • your activities on, and use of, our website
  • your personal or professional interests
  • information about the services we provide to you
  • information about how you use our website and technology systems
  • your responses to surveys, competitions and promotions
  1. How your personal data is collected

Kelp Social collect personal data about you through various ways, both directly and indirectly which include but may not be limited to:

  • Having a Kelp Social account
  • Telephone conversations between you and our staff (we do may audio record conversations).
  • Email communications.
  • Entering details into our website or App.
  • Contact via social media.
  • Social media searches such as LinkedIn
  • Clients and vendor interaction.
  1. What Happens When You Withhold Your Data?

The information you provide enables us to allow you access to the Kelp Social platform.

Where you are obliged to provide personal data, or where we require your personal data to progress the service, the consequences of failure to provide the data may be that:

  • we will not be able to supply you with the service that you have requested.
  • we may not be able to fulfil our contractual requirements.
  • we may not be able to continue with our relationship.
  1. Why am I Processing the Data?

Legitimate interest

As necessary, the company will process your personal data for our own legitimate interest, or those of other persons and organisations which includes;

  • for good governance, accounting, managing and auditing of our business operations.
  • to monitor emails, calls and other communications, and activities related to our service provision.
  • to facilitate creation and manage online accounts.
  • to collect your personal information from 3rd parties in order to research suitability for specific services.
  • for our internal administrative activities, such as invoicing and charging where relevant.
  • to process or share your data in connection with crime detection, tax collection or actual or anticipated litigation.
  • for market research, analysis and developing statistics.
  1. Consent

As necessary, the company will process your personal data with your consent: 

  • in certain circumstances which require us to ask for your consent to process your personal data in a particular way; and
  • to provide consent we will normally require you to provide written confirmation (e.g. email or completed consent form, or a tick box / web form).  You have the right to withdraw consent at any time.
  1. When and How will I be Informed?

When we engage with you for the first time, when you approach us, or visit our website(s), we will provide you with this privacy notice.  If significant changes are made – we will inform you.

Where we gather your personal data prior to contacting you, we will:

  • inform you that we hold your personal data (what we hold and from which source the personal data originated, and if applicable, whether it came from publicly accessible sources);
  • provide you (the individual) with this Privacy Notice (transparency information) no later than one month after we have collected the data, or when we first communicate if that is before one month and;
  • ask you to register with us to continue the relationship and process this information on the basis that we will provide our services to you according to this privacy notice.
  1. How is My Personal Data Safeguarded?

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We will protect personal data through the following principles:

  • not collecting or retaining excessive amounts of data;
  • protecting personal data from loss, misuse, unauthorised access and disclosure;
  • keeping personal data up to date;
  • storing and destroying it securely;
  • ensuring that appropriate administrative, technical and physical safeguards are in place to protect personal data. These measures include measures to deal with any suspected data breach;
  • regularly reviewing our information collection, storage and processing practices, including physical security measures.
  1. Who Will you Share My Personal Data With?

Where appropriate and in accordance with local laws and requirements, we may share your personal data for various reasons with certain categories of third parties such as:

  • ​partners (including current, past and prospective partners);
  • our internal staff;
  • technology platforms and suppliers; including Customer Relationship Management (CRM) software provider (s) and data forwarding agencies where we have an appropriate processing agreement (or similar protections) in place. 

We do not disclose personal information we collect about you, except as described in this Privacy Policy or in separate notices provided in connection with particular activities.

We will not sell or rent to any third party any of the personal information or data that you provide to us.

Where we share personal information with vendors who perform services on our behalf, based on our instructions (data processors), we ONLY authorise these vendors to use or disclose the information as necessary to perform services on our behalf or comply with legal requirements.

  1. Where is My Personal Data Held?

Please be aware that your information may be securely stored in locations including:

  • Local file servers and file structures in the US.
  • CRM and Database systems provided by 3rd party providers, based in the UK and the EEA.
  • Cloud-based systems (1st and 3rd party) whose servers are located within the US, UK and the EEA.
  1. How long will my Personal Data be kept? 

We will keep your personal data while you have an account with us or we are providing services] to you. Thereafter, we will keep your personal data for as long as is necessary:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly;
  • to keep records required by law.

We will not keep your personal data for longer than necessary. Different retention periods apply for different types of personal data. When it is no longer necessary to keep your personal data, we will delete or anonymise it.

  1. Will My Personal Data be Transferred Overseas?

To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK/EEA, eg:

  • with your and our service providers located outside the UK[/EEA];
  • if you are based outside the UK/EEA;
  • where there is a European and/or international dimension to the services we are providing to you.

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

  • the UK government or, where the EU GDPR applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
  • a specific exception applies under data protection law

These are explained below.

a.       Adequacy decision

We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:

  • all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);
  • Gibraltar; and
  • Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

Other countries or international organisations we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

b.      Transfers with appropriate safeguards

Where there is no adequacy decision, we may transfer your personal data to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally-approved standard data protection contract clauses.

c.       Transfers under an exception

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, eg:

  • you have explicitly consented to the proposed transfer after having been informed of the possible risks;
  • the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
  • the transfer is necessary for a contract in your interests, between us and another person; or
  • the transfer is necessary to establish, exercise or defend legal claims

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.

  1. What Data is Collected by Automated Means?

 

  1. Website Cookies and Third Party applications

When you visit our Websites, we may collect certain information by automated means.  Details of cookies used are in our “cookie policy”.  Your web browser is most likely set to automatically accept cookies, but you can consult your browser help file if you wish to change these settings. 

The providers of third-party apps, tools, widgets and plug-ins on our Sites, such as social media sharing tools, also may use automated means to collect information regarding your interactions with these features. This information is collected directly by the providers of the features and is subject to the privacy policies or notices of these providers.  Subject to applicable law, Kelp Social is not responsible for these providers’ information practices.

We will ask for your consent for some aspects of these activities which are not covered by our legitimate interests, in particular, the collection of data via cookies when you use our websites.

  1. Update to this Privacy policy

We will update this privacy policy over time to reflect changes in our personal information practices.

For significant changes, we will notify you by posting a prominent notice on our websites and contact you by email indicating when it was most recently updated.  

Last Policy Update: September 2021

Welcome to Kelp Social's Beta Version

Kelp Social is in the first stages of many; soon to be brought to you as an app, with exciting membership perks and collaborations with animal-friendly sponsors. Make an account free of charge and start chatting with this growing community. Stay in touch with us on the site, via email or by following our social media (shown at the bottom of the site). We are always open to your thoughts and suggestions as to how we can improve this space. This platform cannot work without you!