In this Privacy Statement
We ask that you read this Privacy Statement carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are
This Privacy Statement relates to KYOCERA Document Solutions (U.K.) Limited and its subsidiaries (herein referred to as “KYOCERA” “we” “our” or “us”) and is addressed to all individuals outside our organisation with whom we interact, including channel partners, customers, vendors, visitors to our website here; https://www.kyoceradocumentsolutions.co.uk/ including any of its landing pages and other sites operated by us (our “sites”), employees of our channel partners, dealers, distributors and other recipients of our services (herein referred to “you”).
For the purposes of data protection laws, KYOCERA Document Solutions (U.K) Limited (registered in England with company number 02150688) is the controller and is responsible for your personal data.
We have appointed a Data Protection Lead who is responsible for overseeing questions in relation to this Privacy Statement. If you have any questions about this Privacy Statement, including any requests to exercise your legal rights, please contact the Data Protection Lead using the details set out below.
Full name of legal entity: KYOCERA Document Solutions (U.K) Limited
Data Protection Lead Contact Details:
Email address: email@example.com
Postal address: Eldon Court, 75-77 London Road, Reading, RG1 5BS, United Kingdom
KYOCERA Document Solutions (U.K.) Limited is registered with the UK Information Commissioners Office Z4632709
The personal data we collect and use
Personal data means any information about an individual from which that person can be identified. It does not include data where the details revealing the individual‘s identity have been removed (anonymised data).
The personal data we collect depends on whether you just visit our site(s) or use our services. If you visit our website, you do not need to provide any personal data. However, your browser transmits some data automatically, such as the date and time of retrieval of one of our web pages, your browser types and settings, your operating systems, the last web page you visited, data transmitted and the access status, and your IP address.
If you use our services, certain personal data is required to fulfil the requirements of a contractual or service relationship, which may exist between you and us.
You should be aware that if you are using or benefiting from our services as a representative of an organisation, your organisation may pass your personal data to us, control and administer your use of our services as well as access and process your information including the contents of your communications. Please direct any queries that you have regarding your organisation’s control of and access to your information, to your organisation.
We collect the following personal data in the course of offering services when you provide it to us:
- Personal details: nickname(s); given name(s); contact details (including email address; telephone number; address (location address, delivery address, home address)); passwords; and
- Electronic identifying data: including cookies; online identifier; web forms; IP addresses; activity logs; unique device identifiers and geo-location data.
Some of this personal data may be necessary for us to provide our services or perform our contract with you or your employer. Where you don’t provide us with certain personal data we may be unable to provide you or your organisation with the services requested.
What we do with your personal data
We process personal data only for the purposes for which they are collected. The purposes vary depending on the nature and circumstances of your interactions with us and whether you only use our site(s), or additionally, any of our services. If you use or your organisation uses our services you may be required to register with us and we will collect your personal data.
We use this personal data for:
- Site and product development: Providing and administering the site and our services and managing related internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to compile reports and/or develop and improve the site and our products and services.
- Service management: Providing and managing our services (including fleet solutions, fleet audit, helpdesk and warranty services) and responding to queries in relation to them. This may include:
- Set up and management of user accounts;
- Monitoring counter information for the purpose of billing and supply management, of all relevant devices;
- Creating and managing log files for the purpose of device management and remote maintenance, of KYOCERA devices;
- Managing service incidents;
- Ensuring smooth service operation, including management of product warranties.
- Contract management: Managing our contract with you or your organisation. This may include contacting you in relation to the requirement for the account with us and for all service related matters to ensure a smooth operation of relevant devices we provide and/or service and our contract with you or your organisation. (For example, we may contact you in relation to delivery, installation, returns, invoice payments, credit notes, credit query, toner and solutions order details, repairs, exchanges, fleet monitoring through KYOCERA Fleet Service (KFS), service updates and incident management).
- Dealing with requests: Responding to queries and requests you send to us. Where you make a request via a web-form on our sites, we will only process your personal data for the purpose communicated to you within that form. For example, to provide download materials you request and, where you have given opt-in consent to receive our electronic marketing communications, to send those communications.
- Marketing: Providing customers who have opted-in to receive marketing communications, with relevant and timely consumer offers by email. If you have opted-in to receive our newsletters and/or marketing mailings (for example in relation to our product information and warranty offerings), we will contact you via the opt-in option you have selected (this may include email, phone and/or by post). We will send you such newsletters/mailings until you opt-out.
If you do not wish to receive marketing communications from us you can opt out at any time by emailing our marketing team at MarketingDivision@duk.kyocera.com or by electronically unsubscribing from emails we have sent you. We will not send you further marketing emails after you unsubscribe but we may continue to contact you to the extent necessary for the purposes of any services you have requested.
- General business administration: Managing our operations including invoice handling, supplier selection, order processing, delivery of products and services, promotion handling, contract and record management, credit control, and insurance claim handling.
- Safety and security: Where you visit our premises, identifying and responding to accidents and incidents and emergency situations should they arise and for maintaining security of the office and our staff. This includes monitoring our premises with CCTV for the purpose of crime prevention and prosecution of offenders.
Lawful basis we use to process your personal data
We process your personal data based on the lawful bases set out below. We may process information you provide based on more than one lawful ground depending on the specific purpose for which we are using it:
- Legitimate interest: Our legitimate interests include: improving our sites, products and/or services; understanding how visitors and customers use our sites, products and/or services; undertaking research and informing our marketing strategy; providing our services to and managing our service agreement with your organisation; administering our business, including internal training; and maintaining the safety and security of our site, services and premises for you, us, other site visitors and our customers and employees.
- Contract: To carry out pre-contractual correspondence and enter into a contract with you and fulfil our contractual obligations to you under a contract.
- Consent: To provide information and carry out the services you have requested and provide information which you have opted-in to receive. This includes where you specifically request for us to send you information such as download materials available on our site or where you opt-in to receive relevant marketing communications from us (e.g. industry news and offers).
- Legal Obligation: Where processing is necessary to comply with legal or statutory requirements on us. This may include cooperating with police or other authorised agencies in relation to their crime prevention and prosecution activities.
Information collected from other sources
We also obtain personal data from other sources as follows:
- From analytics tools provided by third parties, purchased data and third party marketing campaigns. We use this data to serve you and provide products and online services that are, or may be, of value to you or your organisation.
- Online request or registration form. We may ask for additional demographic and contact information. This marketing information may be used to help us learn more about the types of users accessing our site and to help us provide you with services and products which you will find valuable.
- Through website forensics tool(s) provided by third parties, data suppliers and third party marketing campaign suppliers. This is also used to help provide you with services and products that you do or may find valuable.
- Through web browsers that automatically make your personal data available, including: IP addresses; internet domain names; types of devices accessing the website; and types of web browsers accessing the website. This is anonymous information and is not meant to personally identify you.
Who we share your personal data with
To maintain and improve our services, your personal data (e.g. your name, telephone, location details and delivery address details) may be shared with or disclosed to:
- To maintain and improve our services, your personal data (e.g. your name, telephone, location details and delivery address details) may be shared with or disclosed to:
- Our service providers, third party suppliers, and channel partners for delivery of the services and, in some cases, public authorities. These parties may include:
- Helpdesk engineers we appoint to carry out service call repairs and handle service call escalation;
- Couriers and delivery service providers;
- Payment processing providers, credit checking and fraud prevention agencies; debt collection agencies (for outstanding debts you have with us);
- Technology providers, software providers, cloud and hosting service providers;
- Customer relationship management services providers, including survey service providers.
- Our service providers, third party suppliers, and channel partners for delivery of the services and, in some cases, public authorities. These parties may include:
- Our EMEA headquarters KYOCERA Document Solutions Europe B.V. in the Netherlands for contract approval and audit purposes and their hosting provider for the hosting of the service data.
- Our global headquarters KYOCERA Document Solutions Inc. in Japan, that only uses your personal data for the set-up and management of your user account (including contract approval and audit purposes). The personal data is accessed only by selected employees with appropriate administrative user rights. For further information including on how we safeguard your personal data when this occurs, see (section 10, International Transfers) below.
We may be mandated to disclose your personal data in response to requests from a court, police service or other regulatory bodies. Where feasible we will consult with you prior to making such disclosure and, in order to protect your privacy, we will ensure that we will disclose only the minimum amount of your information necessary for the required purpose.
Whether information has to be provided by you, and if so why
The provision of personal data such as: your name, contact details and delivery address may be required from you to enable us to offer our services and fulfil our obligations under any contract with you or your organisation. We will inform you at the point of collecting information from you, whether you are required to provide the information to us for us to provide our services.
How long your personal information will be kept
We take reasonable steps to ensure your personal data is kept in an identifiable format and for no longer than necessary for the purposes for which it was collected. Personal information will be kept securely in accordance with our data retention policy and information security policy.
The period for which we process and store personal data varies depending on circumstances and purposes of collection and the nature of your interactions with us. We will:
- Hold your personal data related to your user account, including for Kyocera Fleet Service, for as long as you have an active user account with us. We will erase inactive user accounts after one year of last use. If you do not log in for the first time within 30 days of creation of the account, we will erase your account. You also have a right to request deletion of your user account at any time. In this instance, we shall erase your user account as soon as possible and in any event within 30 days after your request is submitted.
- Hold your personal data (e.g. contact details; financial details, incident reports; complaint reports; warranty details; IP- addresses and device ID’s) provided during our processing of fleet services, fleet audit, help desk services and service agreement(s) in our service system for as long as you are the contact person for the service agreement and for as long as we have a legal interest in storing the service agreement and not longer than necessary.
- Hold your personal data on warranty products communication until you opt-out from receiving such communication from us.
- Retain CCTV footage conducted during office visits for no more than 28 days unless the footage is being used to investigate an alleged crime or an incident in which case it may be retained for up to 2 years following the conclusion of any investigation.
- Hold your personal data (e.g. name, telephone number) provided during a survey for as long as necessary for us to monitor the service we offer to you under our service agreements or for as long as necessary for us to comply with our legal obligations.
- Retain all your personal data submitted (e.g. name, telephone number) during your visit to our sites (e.g. via cookies, web forms and direct marketing consents) only for as long as necessary for the purpose it was originally collected for or, in the case of direct marketing, until you opt-out or otherwise inform us you no longer wish to receive communication from us.
Where you apply for a position with us directly, through an agency or through an existing employee, you will supply your curriculum vitae and we will collect other information during the recruitment process.
The personal data we collect about you in the course of the recruitment processes may include:
- your name;
- your home address, email address and telephone number;
- your employment details (including the name of your current employer, job role, work email address, work telephone number and work postal address); and
- your education and qualification details.
The information we collect is used by our human resources function and the business unit to which you have applied to contact you in relation to your application, to assess your suitability for the role you have applied for and, if necessary, to fulfil legal or regulatory requirements. You do not have to provide the information we request but if you do not provide it, this might affect our ability to process your application. In the recruitment process, your curriculum vitae and personal data may also be shared with our EMEA and global headquarters for approval and hosting purposes (as set out in Who we share your personal data with above and subject to the protections set out below: International Transfers).
Processing of your personal data during the recruitment process is based on our legitimate interest of running our business and selecting and appointing appropriately skilled employees for vacancies in our business.
We may also collect special category data such as your date of birth, nationality. Where you provide this to us, you understand that we will process it on the basis of our legitimate interest as set out above (or, as relevant) to enable us to comply with a legal requirement on us and by providing it to us you are giving explicit consent to this processing.
We will hold personal data for recruitment purposes for the duration of the recruitment process and, in the event that you are not selected for the vacancy, we shall delete your personal data within 6 months after the recruitment process has ended, or after one year if you consent to us retaining your data for this extended period. In the event that you are selected for the vacancy, we will keep your personal data for the duration of your employment and as necessary in connection with the lawful purposes set out in our employee privacy notice and where we have a legitimate interest in processing those data for the purpose of your employment, fulfilling our business obligations under our employment contract with you or where we have a legal obligation to retain your personal data.
As stated above, we may transfer your personal data in the course of business and/or offering our services to you to companies located outside the United Kingdom and the European Economic Area (EEA), including our group companies. These countries may include MEA the Middle East and Africa, Japan and the United States. If such country does not provide for an adequate level of protection by domestic law according to the European Commission, we will ensure adequate level of protection by agreeing on additional appropriate safeguards with that company or third party through the Standard Data Protection Clauses adopted by the European Commission, or through the EU-US Privacy Shield.
A list of countries that have ensured an adequate level of protection according to the European Commission can be found here;
https://ec.europa.eu/info/law/law-topic/data-protection_enYou may request a copy of the standard data protection clauses by sending us an email, stating your request. (Please see how to contact us below).
You have certain legal rights that we wish to inform you of.
- Access. You have the right to be informed on whether we process your personal data or not and access to the personal data and related information on that processing.
- Rectification. You have the right to have your personal data rectified or completed by us without undue delay. If you have set up an account with us, you have the possibility to rectify or complete your personal data yourself.
- Right to be forgotten. You have the right to have your personal data erased by us without undue delay. This right is limited to specific grounds, for example if you have withdrawn your consent, or if you object and there are no overriding legitimate grounds for us to maintain the processing or if the personal data is no longer necessary in relation to the purposes for which it was collected. If you have an account with us, in many instances you have the option to erase your account yourself, in which case all your personal data is permanently deleted.
- Restriction of processing. You have the right to request that we restrict the processing of your personal data based on specific grounds. These are (1) the time for us to verify the accuracy of your personal data on your request; (2) instead of erasure of unlawful processing, you request restriction of use instead; (3) you need personal data in legal proceedings; or (4) we are verifying whether our legitimate grounds override your objection to the processing.
- Right to object. You have the right to object at any time to our processing of your personal data if such processing is (1) based on our legitimate interest (including us making a profile of you based on your consent); (2) for direct marketing purposes; or (3) necessary for the performance of a task carried out in the public interest or exercise of official authority vested in us. We shall cease to process your personal data based on your objection, unless we demonstrate compelling legitimate grounds overriding your interests, rights and freedoms or if we need your personal data in legal proceedings.
- Data portability. You have the right to receive your personal data from us so that you can transmit that personal data to another service provider. For KFS this means that at your request we shall supply you with your personal data related to your user account. It does not include any device data, including data that was transmitted to us in a log file.
- Consent withdrawal. If you have supplied us with your personal data based on your consent, you have the right to withdraw such consent at any time. You can also withdraw your consent to receive marketing communications at any time by emailing our marketing team at MarketingDivision@duk.kyocera.com or by electronically unsubscribing from emails we have sent you.
- Lodging a complaint. You have the right to lodge a complaint with a supervisory authority about our processing of your personal data. The supervisory authority in the UK is the Information Commissioner who may be contacted at;
Information Commissioner’s Office, United Kingdom
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
+44 1625 545 745
How can you exercise your rights?
If you would like to exercise any of your rights mentioned above, you may make a request by sending us an email to firstname.lastname@example.org.
How do we look after your personal data
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Where you provide your personal data to us online via third party websites, we are not responsible for use of your personal data by these third parties except where they act as our processor or any breach of security affecting your personal data caused by those websites unless this is due to our wilful default or negligence.
Changes to this Privacy Statement
This Privacy Statement may be changed or updated from time to time to reflect changes in our practices with respect to the processing of personal data or changes in applicable laws. We encourage you to read this Privacy Statement carefully and to regularly check this page to review any changes we might make in accordance with the terms of this Privacy Statement.
How to contact us
Please contact us if you have any questions about this Privacy Statement or the information we hold about you.
If you wish to contact us please send an email, or write to our Data Protection Lead using the following details:
Eldon Court, 75-77 London Road, Reading RG1 5BS
Company Email: email@example.com