Privacy Policy

Kaizen Regulatory Consultancy (“Kaizen Regulatory Consultancy”/”we”/”us”/”our”) values and upholds an individual’s right to privacy. This Privacy Notice (“Notice”) outlines our practices regarding the collection and use of Personal Information when you visit our website at kaizenregulatoryconsultancy.com (“Website”), interact with us through our social media pages, or engage with us in any related manner. Please take a moment to read this Notice to understand how we collect, use, and protect your information, as well as your rights in relation to it. “Personal Information” refers to any information or set of information that identifies or can be used to identify an individual on behalf of Kaizen Regulatory Consultancy.

In particular, this Notice describes:

Overview: Kaizen Regulatory Consultancy (KRC) is a regulatory consultancy firm registered in England and Wales (company number 16149196) registered office 167-169 Great Portland Street, London, England, W1W 5PF (The Company). The company operates a website kaizenregulatoryconsultancy.com 

Scope and Purpose: This privacy notice provides important information on how Kaizen Regulatory Consultancy collects and processes your personal data when you use this website, including any data you provide through activities such as signing up for our newsletter or contacting us via our enquiry form, telephone, email, or post.

We ask that you carefully review this privacy policy, as it contains essential details about who we are, how we collect, store, use, and share your information, as well as your rights concerning your data. It also outlines how you can contact us or the relevant supervisory authorities if you have any concerns or complaints.

Please note that this privacy notice should be read alongside any other privacy notices we may provide on specific occasions. This notice complements, rather than overrides, those additional notices. We are required to inform you of this under data protection laws.

This policy applies to all data, whether stored electronically, on paper, or in other formats.

This website is not intended for use by children. Use of this website is also governed by our Terms of Use and Cookie Policy.

Changes to this Policy: We regularly review and update this notice to comply with our data protection obligations. Any changes or updates to the policy will be published on our website. It is important that you read and understand this notice before sharing any personal data with us.

Personal Data We Collect Directly from You

We may collect personal data directly from you when you visit our websites, use our services, participate in programs, or otherwise provide us with your information. The personal data we collect directly from you may include:

• Contact Information: such as your name, email address, postal address, and/or telephone number.
• Account Information: including your user ID and password.
• Financial Information: payment details provided when purchasing goods or services.
• Demographic Information: such as your date of birth and gender.
• Communications Information: details from messages sent through forms, product and service preferences, behaviors, and preferences for future communications.
• Survey Information: data provided when responding to survey questions, such as your name, contact details, date of birth, and gender.
• Marketing Information: personal details (e.g., name, contact preferences) provided to personalize marketing and promotional communications based on your activities and interests, where necessary for legitimate interest purposes.

In some instances, special categories of personal data, such as health or medical information, are processed to fulfill employment law obligations, particularly regarding employees with disabilities.

How Does KRC Protect Data?

KRC is committed to safeguarding your personal data and has implemented stringent internal policies and controls to prevent loss, accidental destruction, misuse, unauthorised disclosure, or access. Data access is strictly limited to employees who require it to perform their professional duties.

To enhance security, all company laptops and cloud-based storage systems are encrypted, and system access is restricted to authorised personnel only.

When engaging third parties to process personal data on its behalf, KRC ensures they operate under formal written agreements, adhere to strict confidentiality obligations, and implement robust technical and organiational measures to maintain data security.

Data Retention Policy

KRC retains personal data for the following periods:

• Candidate CVs – 12 months from the date of application
• Personal employment data – 7 years
• Training records – 25 years
• Client personal data – Up to 6 years after the contract has expired
  
  

Why Does the Organisation Process Personal Data?

The organisation processes personal data to maintain communication with you and your organisation and to establish business agreements. In certain cases, data processing is necessary to ensure compliance with legal obligations.

Additionally, the organisation has a legitimate interest in processing personal data to:

• Conduct recruitment and promotion activities
  
• Keep employment records accurate and up to date
  
• Track employee performance for succession planning and project management to meet client needs
  
• Operate a client-focused business by sharing relevant employee information for project requirements or business development
  
• Obtain occupational health advice to fulfill obligations related to individuals with disabilities and comply with health and safety laws
  
• Ensure efficient HR and business administration
  
• Provide employment references upon request
  
• Maintain training records in accordance with Good Clinical Practice standards

Should you consider that the organisation has infringed upon your rights under data protection law, you have the right to lodge a complaint with the organisation.