Strategy Kiln Privacy Policy
General Data Protection Regulation (GDPR) Policy
​
1. Introduction
This GDPR Policy sets out the obligations of Strategy Kiln ("us", "we", or "our") regarding data protection and the rights of individuals ("data subjects") in accordance with the General Data Protection Regulation (GDPR).
​
2. Data Protection Principles
​
We are committed to processing data in accordance with its responsibilities under the GDPR. Article 5 of the GDPR requires that personal data shall be:
​
-
Processed lawfully, fairly, and in a transparent manner in relation to the data subject.
-
Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
-
Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
-
Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay.
-
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
-
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
​
3. Data Subject's Rights
​
The GDPR sets out the following rights applicable to data subjects:
​
-
The right to be informed;
-
The right of access;
-
The right to rectification;
-
The right to erasure;
-
The right to restrict processing;
-
The right to data portability;
-
The right to object; and
-
The right not to be subject to automated decision-making, including profiling.
​
4. Lawful, Fair, and Transparent Data Processing
The GDPR seeks to ensure that data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. Therefore, we shall ensure that:
-
Data is processed lawfully, fairly, and in a transparent manner in relation to the data subject.
-
The data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes.
-
The data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
-
The data is accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay.
-
Data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
-
Data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
-
​
5. Consent
​
We shall ensure that the data subject's consent is obtained for the processing of their data. Consent is defined in Article 4(11) of the GDPR as "any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."
​
6. Data Breaches
In the case of a data breach, we shall ensure that the relevant supervisory authority is informed within 72 hours, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. We will also notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
7. Data Protection Officer
We have appointed a data protection officer (DPO) who will be responsible for ensuring that this policy is followed and that data subjects' rights are protected.
​
8. Data Protection Impact Assessments
We shall carry out data protection impact assessments for any new projects or significant changes to existing projects that involve the processing of personal data.
​
9. International Data Transfers
​
We ensure that appropriate safeguards are in place for any international data transfers.
​
10. Privacy by Design and Default
​
We shall ensure that data protection is included from the onset of the designing of systems, rather than as an addition.
California Consumer Privacy Act (CCPA) Privacy Policy
1. Introduction
​
This CCPA Privacy Policy for Strategy Kiln ("us," "we," or "our") describes how we collect, use, and disclose California residents' personal information and explains the rights of California residents under the California Consumer Privacy Act (CCPA).
2. Categories of Personal Information Collected
We collect the following categories of personal information:
Identifiers
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Protected classification characteristics under California or federal law
Commercial information
Biometric information
Internet or other similar network activity
Geolocation data
Sensory data
Professional or employment-related information
Non-public education information
Inferences drawn from other personal information
We collect this personal information for the business and commercial purposes described in our Privacy Policy.
3. Disclosure of Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except for the intended business purpose.
​
4. California Residents' Rights
California residents have the following rights under the CCPA:
The right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, including the specific pieces of personal information we have collected about you.
The right to request the deletion of your personal information, subject to certain exceptions.
The right to opt-out of the sale of your personal information.
5. Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties.
Provide you a different level or quality of goods or services.
6. How to Exercise Your Rights
To exercise the rights described above, please submit a verifiable consumer request to us by [insert method of contact].
​
7. Verification
We will verify your request by [insert method of verification], which may require you to provide certain pieces of personal information to verify your identity.
​
8. Contact Information
If you have any questions or concerns about our privacy policies and practices, you may contact us at questions@strategykiln.com