1. Company Information

We are KGC Associates Limited, part of Independent Governance Group (“IGG”). We provide operational support and consultancy services to the pensions sector. IGG is a trading name of Ross Trustees Services Limited (07904277) whose registered office is 4th Floor Cannon Place, 78 Cannon Street, London, EC4N 6HL. Ross Trustees Services Limited is registered with the Information Commissioner’s Office under registration number Z3430813.

This Privacy Notice explains how KGC Associates Limited collects, stores and protects personal data. For full details of how IGG uses personal data, please view the IGG Privacy Notice.

2. General Information

We are committed to safeguarding the privacy and security of all personal information we handle.  This policy explains how we collect your personal information, what we do with it and your rights in respect of it.

In most circumstances, we are the data controller for the personal data we process about you. This means that we determine (sometimes jointly with another party) how your personal information is processed and for what purposes. This privacy notice tells you what to expect when we handle personal data as a data controller.

We sometimes process personal data as a ‘data processor’. This is when handle personal data on behalf of our clients. In these cases, we process this information upon our clients’ written instructions under a contract. Any collection or use of that information is limited to the purpose of providing the service to our clients.

3. Contact Us

If you have any queries about this privacy notice or the services we offer, please email us at enquiry@kgcassociates.com.  You may also write to us at 4th Floor Cannon Place, 78 Cannon Street, London EC4N 6HL

4. How we obtain personal data

Most of the personal data we process is provided to us directly by you, for example when you:

  • make an enquiry by email, phone or through our website
  • sign up to our newsletters, blogs and promotions
  • work with us as an employee or contractor
  • use our website

We may also collect personal information about you indirectly, for example through:

  • our clients
  • prospective clients
  • public sources (e.g. websites and professional networking sites)
  • recruitment agencies
  • referees to support your job application (at your request)

5. How we collect and handle personal data

Subscribers

We collect the name and contact details of people who want to subscribe to our marketing communications. We collect this information where there is a legitimate interest for us to do so or with the consent of the person. If a person unsubscribes, we remove them from our mailing list but retain their details within a suppression list to ensure we do not contact them with marketing material again in the future. We keep subscriber data until they unsubscribe or if the email address becomes invalid. We retain the contact details of those who have unsubscribed indefinitely.

Enquirers and Client Leads

When an enquiry is made, in almost all cases we will collect and use information which allows us to identify and contact you such as title, name, the company you work for, your job title or position, your address, email address, phone number, and marketing preferences.

This information is usually collected directly from you either by email, in person, by phone or by completing an enquiry form on our website.  It can also be collected through a person acting on your behalf such as a business colleague.

Where we believe a person will be interested in hearing about our services as they are relevant to that person’s job role, we sometimes collect the name, job role and work contact details of employees working for potential clients. This information is collected from public sources, such as company websites or where the employee has published their name, work profile and contact details on a networking site for professionals, (such as LinkedIn) and therefore would have a reasonable expectation that companies like us, may contact them to make introductions and market their services.

As well as using this data to enable us to contact you about our work, mutual clients, opportunities and your role with is; unless you opt-out, we also use your contact details to promote our services and to contact you with communications about industry news, newsletters and events. This is within our legitimate interests. You may opt out at any time by emailing enquiry@kgcassociates.com.

If an enquiry or client lead does not result in the individual becoming a client, personal data relating to the enquiry will be held for 1 year.

Client representatives and contacts

We collect and process personal information obtained or created in relation to the services we provide, including the personal information of:

  • our clients, our client contacts, their people and third parties engaged by our clients
  • other third parties connected to the matters on which we are working for our clients
  • professional advisers, experts and consultants involved in the work that we carry out for our clients or engaged by us

We obtain this personal data for the purposes of delivering our responsibilities under the contract with our clients and in some cases for our own legitimate business interests. We keep this data for up to 7 years after the contract with the client has ended.

Visitors to our offices

When someone visits our offices, we record the visitor’s name, company they work for and the date of their visit. We also collect CCTV footage or images of persons visiting our offices.  This is used only for security purposes.

We collect this information for our legitimate interests for the prevention and detection of crime, to maintain a register of who is or has been on our premises and for use in case of a fire or other incident.

Job applicants (employees and contractors)

We receive Curriculum Vitae (CVs) and application forms from people who apply for jobs with us. This will often include the individual’s name, contact details, experience, education and a personal statement to support their application. We don’t routinely view applicants’ social media profiles as part of the recruitment process, however we will view them if an individual has chosen to provide details of them within their CV.

Where an applicant applies for a role with us via LinkedIn, we will view their LinkedIn profile. We collect this information on the basis of our legitimate interests to be able to assess the suitability of the individual and where relevant, invite them to interview. Should the interview be successful, we will collect external references and, where required, the outcome of their criminal record (DBS) check. This information will almost always be provided directly by you or, in the case of recruits, through your appointed agency or a vetting agency employed by us.

Where there is a lawful basis and condition to do so, occasionally we will collect sensitive personal information in relation to our staff, such as diversity, health, religious beliefs, ethnicity or other special category personal information.  We will also collect next-of-kin and dependant’s contact details.

Information relating to successful applicants, will be retained on their employee file and held for the duration of their employment, plus a further 7 years after their contract has ended.

Where applicants are not successful, prior to or after interview, their CV and application will be destroyed after 6 months, unless the applicant gives us their permission to retain this information for longer.

Website users

Like many website providers, when you visit our website we collect technical information, e.g. IP address, details of visits made to our online services such as the volume of traffic etc. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

This information is collected automatically by our website or other online platform or software.  We collect this information to improve your experience of our website, newsletters and other services, e.g. by monitoring and recording information relating to your browsing behaviour to make personalised content available to you more efficient and relevant.

We use Google Analytics to learn about our website visitors and possibly target future marketing material. All data is anonymised. You can opt-out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on.

To find out more about how we use cookies and tracking technologies, please view our Cookie Policy.

6. How we process personal data

We will only process your personal information where we are permitted to do so by law, meaning when we have one or more legal basis to do so by consent, contract, legal obligation, vital interests or public task.  Section 4 explains how we process your personal information depending on the context of how personal information typically comes into our care, and include further information about the legal basis or bases that we rely on in those circumstances.

In certain circumstances, we rely on the legal basis known as ‘legitimate interests’ to process your personal information.  This is where the processing of your personal information is necessary to pursue our legitimate interests in a way which is reasonably expected as part of running our business, but which is not detrimental to you and would have minimal impact on your privacy.  We undertake an assessment of any potential impact on your privacy before we process your personal information for our legitimate interests.

If you would like more details about the specific legal basis we are relying on to process your personal information, please email us at enquiry@kgcassociates.com.

7. How we store and share personal data

Where we store paper records, all records are held within locked cabinets. We use digital systems to support our business.

All of our IT systems are located in the UK, however some of our service providers may store some of our data outside these areas (usually in the USA). Where this is the case, we take the necessary steps to ensure the data processor provides appropriate levels of data protection and standard contractual clauses are in place to enforce data subject’s rights.

We do not share your data with other organisations, unless it is necessary for legal, contractual, regulatory or law enforcement purposes. Examples of this include:

  • service providers who support the operation of our business
  • law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where we are compelled to do so by law, regulation or professional obligations
  • other third parties in limited circumstances, e.g. where we run a joint seminar with a third party that you wish to attend
  • other third parties connected to, involved in or engaged by us to support our work for our client, e.g. professional advisers
  • other third parties in appropriate circumstances, e.g. to our clients during the course of our work with them or other external contractors and professional advisers from time to time which may include parties involved in restructuring or business changes

Where the recipient is a data ‘processor’ of ours, used help us manage and store our data (cloud storage providers); promote our services (advertising/marketing companies) or help us deliver our services (contractors or specialist companies), we have Data Processor Agreements or confidentiality agreements in place, to protect any personal data they may have access to on our behalf.

Our data processors only act on our instructions and are carefully selected to ensure they have robust security measures in place and comply with the UK GDPR when processing personal data.

Some of these recipients may be acting as data controllers. In all cases, the personal information of yours that we share will be limited to the minimum required for the relevant purpose and subject to appropriate protections.

8. Security and retention of personal data

We will take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the internet. Once we have received your information, we have in place appropriate technical and organisational security measures to protect it against loss, misuse, unauthorised access, disclosure or alteration.

We will retain your personal information for as long as is permitted in light of the purposes for which it was collected, which will be up to 7 years after the client relationship ends. Where we no longer require your information we will retain it for a period of time which reasonably allows us to comply with our legal and regulatory obligations or if retention is advisable in light of our legal position.

9. Your rights

You have the right:

  • to be informed about the collection and use of your personal information;
  • to ask whether we process your personal information and request a copy of it if so;
  • to object to decisions that we may make based solely on the automated processing of your personal information;
  • in certain circumstances, to object to processing of your personal information where we do so for the purposes of our legitimate interests;
  • to request that any inaccurate or incomplete personal information of yours in our care is rectified or completed;
  • in certain circumstances, to restrict our processing of your personal information;
  • in certain circumstances, to receive your personal information or have your personal information transmitted to another organisation in a structured, commonly used and machine readable format;
  • in certain circumstances, to request that we delete your personal information; and
  • to object to our processing of your personal information for direct marketing purposes.

Not all of these rights are absolute, which means that they may only apply in certain situations.  To exercise your rights, please email us at enquiry@kgcassociates.com.  You may also write to us at 4th Floor Cannon Place, 78 Cannon Street, London EC4N 6HL

To manage or update your marketing preferences please email enquiry@kgcassociates.com. You may also write to us on the above address.

10. How to make a complaint

Please direct any complaint relating to how we have processed your personal information to dataintegrityteam@weareigg.com.  You may also write to us at 4th Floor Cannon Place, 78 Cannon Street, London EC4N 6HL. We hope that we can resolve any query or concern you raise about our processing of your personal information.

If you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Information Commissioner’s Officer, at https://ico.org.uk/make-a-complaint/.

11. Links to other websites

We sometimes provide you with links to other websites, but these websites are not under our control. We are not liable to you for any issues arising in connection with their use of your information, the website content or the services offered to you by those websites.

We recommend that you check the privacy policy and terms and conditions on each website to see how each third party will process your information.

If you have any questions about privacy, please contact us.