KernowTek (“We” / “Us” ) are committed to protecting and respecting privacy, at a minimum complying with current UK data protection legislation but often going much further.

This policy sets out the basis on which any personal or sensitive data we collect from you as well as data that you provide to us or that we have access to, both in terms of processing as well as storage.

For the purpose of the Data Protection Act (the Act) and GDPR, the data controller is KernowTek of Clies Farm, Gunwalloe, Helston, Cornwall, TR12 7QQ, United Kingdom.

Information you provide to us

In doing business with us you may provide some of the following types of information:

Staff names, email addresses & business addresses

Computer, network, device and service authentication credentials

Your clients personal information, sales and processing data as needed to research, develop, operate and maintain supplied services

Payment information such as bank account and paypal details

Information we may have access to during the course of providing our services

Documents

Databases

Emails

Service accounts, such as domain registrar, hosting, email, online accounting etc

Potentially virtually everything you have - your own data as well as that of your clients, depending on the type of service provided and what you collect. IT service providers are somewhat unique in this regard.

Information we may pass on to third parties

When paying us we may have to provide your payment details to a payment processor to facilitate the transaction, eg card details.

Encrypted off-site backups of your data potentially. We currently use dropbox to store off-site backups. They are encrypted with AES-256 ( very strong ) using a long random key. The backup provider cannot read this data, however given enough motivation and funding any encryption can be broken.

If instructed by the legal authority of the UK to hand over data we will probably comply, unless the request is unreasonable and we think we could argue successfully against it.

Information third parties may collect

On this website we use a traffic analysis service called Google Analytics, they report aggregate stats about site usage to us, so we do not have the ability to inspect the activity of single “session”, only for instance the number of views a page has had throughout the day with numbers by hour, they may also collect your ip address and browser information to populate network and browser level stats.

Information you provide to third parties

When paying online, those details are entered directly on our payment processors site, so they have access to that data for the purposes of processing your payment. Our online payment processors are Stripe and PayPal.

Where and how your information is stored

The information you provide to us as well as that which we have collected during research & development is stored primarily in the United Kingdom and as such within the European Economic Area (EEA). Encrypted backups and emails are cloud based and may be geographically distributed for redundancy & resiliance outside of the EEA by upstream service providers.

Files that you have provided or which we have collected may stored on the following:
Development desktop machine at our office in Gunwalloe ( site is secured and covered by CCTV )
Development and backup servers at our office in Gunwalloe
Development and Production Web, Database & Email servers in Gosport, London and Manchester, UK.
Encrypted backups at Dropbox
For email we use Google Mail (gmail)
For general online storage and collaboration we use Google Drive

If you pay online, data held by our payment processors may be transferred to or stored outside of the EEA by them or their upstream providers as well as your bank.

What do we use your information for?

Any information you provide to us or which we collect from you is used solely for the purposes of developing and providing the services or products which you have requested. We respect privacy nearly above all else and will not even look at your data unless the current task requires it ( internal justification is required ).

Upstream Service Providers

Google - email, analytics, web services, docs/drive (only shared files)
Dropbox - shared files and encrypted backups
Microsoft - email and office 365 ecoysystem (no customer data currently)
OVH (UK) - dedicated servers
Fasthosts - domain registrar/DNS services
123-reg - domain registrar/DNS services
DNS Made Easy - DNS services
Krystal - UK hosting for some websites
SMTP.com - email services/relay
Mailjet - email services/relay
Amazon SES - email services/relay
BT - telephony and internet
O2 - mobile telephony and internet

Cookies

We do not currently use cookies on this site however our traffic stats supplier Google Analytics may.

Your access to information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.

Right to be forgotten

If you wish to have us remove any information that we may have related to you, you may request that we remove that information from our systems where possible.

Changes to our privacy policy

We may change our privacy policy from time to time. We will always update the privacy policy on our website.