Data Protection Policy for Kibbo Kift Agency
1. Introduction
Kibbo Kift Agency is committed to protecting personal data in compliance with the UK GDPR and Data Protection Act 2018. This policy outlines how we collect, process, store, and protect personal information.
2. Scope
This policy applies to all employees, contractors, and third parties handling personal data on behalf of Kibbo Kift Agency. It covers client, employee, and supplier data.
3. Data We Collect
- Client contact details (name, email, phone number, company details)
- Employee personal information (address, payroll data, emergency contacts)
- Website visitor analytics (cookies, IP addresses)
4. Legal Basis for Processing
We collect, and process data based on:
- Contractual necessity – When processing is essential to fulfil a contract, such as managing client accounts, delivering PR services, or handling employee payroll.
- Legitimate interest – When processing supports business activities without overriding individual rights, such as sending relevant industry updates to existing clients, analysing business trends, or improving our services. A Legitimate Interest Assessment (LIA) is conducted to ensure compliance.
- Consent – When individuals explicitly agree to data processing, such as opting into marketing emails. Users can withdraw consent at any time.
- Legal obligations – When processing is required by law, such as tax reporting, employment regulations, or compliance with government requests.
5. Data Storage and Security
- Data is stored securely on encrypted systems with access controls.
- Google Drive is used for client data storage with strict access controls. While it does not provide end-to-end encryption, access is restricted to authorised personnel only.
- Physical files are kept in locked storage with limited access.
- Employees & external consultants receive training on data protection best practices.
6. Data Sharing
We do not sell or share data with third parties except when necessary (e.g., service providers, legal requirements). All third parties must comply with UK GDPR.
7. Data Retention
- Client and project data: Retained for 5 years post-project completion.
- Employee data: Retained for 6 years after employment ends.
- Marketing data: Retained until consent is withdrawn.
8. Data Subject Rights
Individuals have the right to:
- Access their data
- Request correction or deletion
- Restrict processing
- Object to marketing communications
Requests should be sent to Sam Narr [sam.narr@kibbokiftagency.com] and we will respond within one month.
If you are not satisfied with our response to a data protection query, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.
9. Data Breach Response
- Detection & Assessment: Identify and assess the nature and extent of the breach.
- Containment: Take immediate action to secure data, such as revoking access to compromised systems, resetting passwords, and restricting affected files.
- Internal Reporting: Report the breach to the Data Protection Officer (DPO) and senior management.
- Risk Evaluation: Assess whether the breach is likely to result in harm to individuals, clients, or the business.
- Notification: If necessary, report the breach to the ICO within 72 hours and inform affected individuals with guidance on protective actions.
- Investigation & Remediation: Conduct a post-incident review to identify the root cause and implement measures to prevent recurrence.
10. Updates & Compliance
This policy will be reviewed regularly and updated as necessary to reflect changes in legislation, internal processes, or data handling practices. We will notify relevant stakeholders of significant changes via email or our website.
For data protection matters, Sam Narr acts as the Data Protection Lead and point of contact Sam Narr (sam.narr@kibbokiftagency.com).
––––
Supplier Code of Conduct
At Kibbo Kift Agency, we are committed to working exclusively with suppliers who align with our mission of promoting climate solutions, social justice, and ethical business practices. Our Supplier Code of Conduct outlines the minimum standards we expect from all suppliers in areas of sustainability, fair labour, diversity, and ethical governance.
By working with Kibbo Kift Agency, suppliers confirm their commitment to the following principles:
1. Environmental Responsibility
Suppliers must:
- Minimise environmental impact by reducing waste, emissions, and resource consumption.
- Use sustainable materials and packaging where possible.
- Comply with all environmental laws and regulations.
- Be transparent about their sustainability efforts, including carbon footprint and resource use.
Preferred suppliers are those actively working towards carbon neutrality, zero waste, or using renewable energy.
2. Fair Labour & Working Conditions
Suppliers must:
- Ensure fair wages and safe working conditions.
- Guarantee no forced labour, child labour, or discrimination in their workforce.
- Follow all local employment laws and uphold ethical hiring practices.
Preferred suppliers are those that go beyond compliance and actively invest in worker well-being.
3. Diversity, Equity & Inclusion (DEI)
We prioritise suppliers that:
- Promote equal opportunities in hiring and leadership.
- Support underrepresented groups through recruitment, business partnerships, or community initiatives.
- Have policies in place to prevent discrimination and harassment.
Preferred suppliers are those with diverse leadership and those supporting small or local enterprises.
4. Ethical Business Practices
Suppliers must:
- Operate with integrity, transparency, and accountability.
- Avoid bribery, corruption, and unfair business practices.
- Respect confidentiality and data protection agreements.
- Disclose any conflicts of interest that may arise in their relationship with Kibbo Kift Agency.
Preferred suppliers are those with certified ethical governance policies.
5. Social & Community Impact
We encourage suppliers to:
- Engage in ethical marketing and responsible advertising.
- Support social impact initiatives, such as community engagement and charitable work.
- Continuously improve sustainability and ethical business practices.
Preferred suppliers are those that contribute positively to society beyond their commercial activities.
6. Compliance & Commitment
- All suppliers must make reasonable efforts to meet these standards.
- We conduct annual supplier reviews and request improvements where necessary.
- If a supplier fails to meet these principles and does not show progress, we reserve the right to terminate the business relationship.
By working with Kibbo Kift Agency suppliers confirm their commitment to these ethical and sustainable business practices.
For any questions or further information, please contact Sam Narr [sam.narr@kibbokiftagency.com].