Privacy Policy & Disclaimer 

If you have any queries about the below details, or should you wish to exercise any of these rights, please do not hesitate to contact us. 

Data Protection – Privacy Notice 

At Knight Consultancy Limited we are aware of the trust you place in us and our responsibility to protect your privacy and keep your personal data secure in accordance with Data Protection legislation. 

The privacy of your personal information is very important to us. This Privacy Notice explains the types of information Knight Consultancy may collect, what we do with it, and why we require that information. In order to provide our clients with services, Knight Consultancy needs to collect personal information. We will control and process your personal information in accordance with the applicable data protection laws and will ensure that personal data is provided with appropriate protection. 

Any questions regarding this Statement and our privacy practices should be sent by email to [email protected] or by writing to the Data Protection Officer, Knight Consultancy limited, Design House, Hills Meadow Industrial Estate, Douglas, IM1 5EB, Isle of Man. 

The Data Controller: 

Knight Consultancy is the Data Controller for the purposes of the Data Protection Act 2018 and in relation to all personal data provided to us. The primary legal basis for which we process this personal data is for the performance of service contracts we enter into (or may enter) into with you through our Terms of Business. 

Who are we? 

Knight Consultancy Limited is a company that provides integrated business services across multiple sectors, including, IT Support, Compliance Support, Management Consultancy, marketing and Back Office Support & Admin, Company No. 136669C. Registered Address: Design House, Hills Meadow Industrial Estate, Douglas, IM1 5EB, Isle of Man. 

Collection of personal data 

Knight Consultancy processes personal data about contacts (existing and potential clients and/or individuals associated with them) and would be stored on our systems. 

The collection of personal data about contacts and the addition of that personal data to the Knight Consultancy is initiated by an officer or employee of Knight Consultancy and may include the name, employer name, contact title, phone, email and other relevant business contact details. 

Use of personal data 

Personal data relating to business contacts may be visible to and used by Knight Consultancy to learn more about an account, client or an opportunity, and may be used for the following purposes: 

• Administering, managing and developing our businesses and services; 

• Providing information about us and our range of services with consent; 

• Making contact information available to Knight Consultancy officers and employees; 

• Identifying clients/contacts with similar needs; 

• Describing the nature of a contact’s relationship with Knight Consultancy; and 

• Performing analytics, including producing metrics for the board of Knight Consultancy such as trends, relationships, sales information and prospective sales. 

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data where it is strictly needed for those purposes. 

Where we need to process personal data to provide professional services, we ask our clients to provide the necessary information to the data subjects regarding its use. Our clients may use relevant sections of this privacy statement or refer data subjects to this privacy statement if they consider it appropriate to do so. 

Generally, we collect personal data from our clients or from third parties acting on the instructions of the relevant client. 

We use personal data for the following purposes: 
Providing our services 
We provide a diverse range of services. Some of our services require us to process personal data in order to provide advice and deliverables. For example, we may review customer due diligence held on customer files of our clients as part of our review services. 

Where we need to process personal data to provide professional services to our clients and only where it is considered necessary to support our observations such data may be included in our deliverables (such as the reports we create). 
Administering, managing and developing our businesses and services 
We process personal data in order to run our business, including: 

• managing our relationship with clients; 

• developing our businesses and services (such as identifying client needs and improvements in service delivery); 

• maintaining and using IT systems; 

• hosting or facilitating the hosting of events; and 

• administering and managing our website and systems and applications. 

• We also collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures we may carry out searches using publicly available sources to check that there are no issues that would prevent us from working with a particular client. 

Providing our clients with information about us and our range of services 
With consent or otherwise in accordance with applicable law, we use client business contact details to provide information that we think will be of interest about us and our services. For example, industry updates and insights, other services that may be relevant and invites to events. 

We are continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new offerings. To the extent that the information we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes. 
Complying with any requirement of law, regulation or a professional body of which we are a member 
As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data. 

How do we collect information from you? 

We obtain information about you at the time of on-boarding the relationship by completing the “Gathering Information document”. We may periodically update our records which may require us re-contacting you to obtain additional information. 

How long do we retain your personal information? 

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. 

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence is 7 years. 

Personal data may be held for longer periods where extended retention periods are required by law and in order to establish, exercise or defend our legal rights. 

If you have been unsuccessful in applying for a job with us, we will retain your information for a maximum of 6 months unless you give us permission to retain it for longer. 

Once your information is no longer necessary, it shall be destroyed in accordance with Data Protection legislation. 

Security & Sharing of Information 

• We will not sell or rent your information to third parties. 

• We will not share your information with third parties for marketing purposes. 

It is not normally necessary during the usual course of business to transfer your personal data outside of the Isle of Man or the UK. However, in the event it is necessary, it will be done so in accordance with the requirements of Data Protection legislation. These requirements include the provision that the recipient of your personal data must have the same level of protections in place as you are entitled to on the Isle of Man or in the UK. We will advise you in the event that your personal data is to be transferred in this manner. 

The exception to this is, if you as a customer live outside the Isle of Man, UK or the EEA and we are sending your personal information back to you. This will be necessary in order to communicate with you and for providing you with our services. Our e-mails to you are subject to encryption and any sensitive documentation will be sent via registered mail. 

• Third party organisations that provide applications / functionality, data processing and IT services to us – We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, website hosting and management, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres within the United Kingdom, and personal data may be stored in any one of them. 

• Third party organisations that otherwise assist us in providing goods, services or information – On certain client engagements, we may engage or otherwise work with other providers to helps us provide professional services to our clients. 

• Our Clients – Where we need to process personal data to provide professional services to our clients, we may share personal data in our deliverables (such as the reports we create). 

• Insurers and other professional bodies – Personal data may be shared with our insurers and other professional advisers as necessary in connection with the products and services they have been engaged to provide. 

• Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with applicable law or regulation – Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, or we may be under a legal obligation to disclose personal information to enforcement or other agencies. Such requests may be to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.  Legal obligations may include the reporting of suspicious activity to appropriate enforcement agencies. 

Fraud Prevention Agencies: 

We may share your personal information with fraud prevention agencies if we feel fraud has been or might be committed. These agencies collect, maintain and share data on known and suspected fraudulent activity for the purposes of fraud prevention. These records may be searched and shared with other organisations by the fraud prevention agencies. 

We have a legal obligation to report suspected fraud to law enforcement agencies. 

Your rights & Access to Personal Data 

Under Data Protection legislation you have the following rights free of charge.  If you wish to access the data we hold about you then please contact us by email at [email protected] or by writing to the Data Protection Officer, Knight Consultancy Limited, Design House, Hills Meadow Industrial Estate, Douglas, IM1 5EB, Isle of Man 

• In addition to the right to access your personal detail you also have the following rights under the legislation: 

• the right to access personal data held about you; 

• the right to object to processing (for example, direct marketing); 

• the right to data portability; 

• the right to complain about processing carried out by the data controller; 

• the right to object to automated decision making; 

• the right for the personal data being updated; and 

• the right to be forgotten. 

Please contact us as per the above details should you wish to exercise any of these rights. 

It is ultimately your choice as to whether to provide us with your personal data, but please note that if you fail to do so, or you fail to provide us with accurate data, we may not be able to properly provide you with our services. 

Rectification 

You have the right to the rectification of inaccurate data, and to obtain completion of incomplete personal data. To correct or amend your personal data, please contact the Data Protection Officer at the address below with the details. We will make the required changes as soon as possible. 

Erasure 

In certain situations, you have the right to request that your personal data is erased, however, there are limitations to this right. 

Examples of grounds for exercising your right to erasure include: 

• Your Personal data is no longer necessary for the purpose of the performance of a contract between us and you; 

• Where data has been unlawfully processed by us; 

• Where data has to be erased to comply with a legal obligation; 

• Where a right to object to direct marketing or the right to object to processing has been exercised. 

Examples of limitations to your right of erasure include: 

• It is still necessary for the performance of a contract between us and you; 

• Our compliance has a legal obligations to retain client records for certain periods of time (as detailed above); and 

• Our establishment, defence or exercise of legal claims. 

Restriction of Processing 

You have the right to restrict our processing of your personal data in the following circumstances: 

If you contest the accuracy of personal data processed by us, we may restrict processing for a limited period to enable us to verify the accuracy and amend the data as necessary, for example; 

• We no longer require your information for the purposes we originally obtained it; 

• We have no legitimate grounds for processing your information or your information has been processed unlawfully. 

• If you wish to exercise this right please contact the Data Protection Officer at the address overleaf with the full details. 

Data Portability 

You have a right to receive your personal information provided to us in a structured commonly used and machine-readable format. You also have a right to have this personal data transmitted to another data controller (i.e. another business), where technically feasible. 

Right to Object 

You have the right to object to us processing your personal data in the following circumstances: 

• For direct marketing purposes; 

• Profiling in relation to direct marketing. 

Right to Lodge a Complaint 

If you have a complaint regarding the way we are processing your personal data, please address it to us in the first instance in the hope that we will be able to resolve the matter directly with you. However, if you do not want to address your concerns to us, or we have failed to satisfactorily respond to your complaint, you have the right to complain to the Data Protection Supervisor – Information Commissioner’s website. 

The contact details are below: 

Information Commissioner 
First Floor, Prospect House 
Prospect Hill 
Douglas 
Isle of Man 
IM1 1ET 

Tel: +44(0) 1624 693260 

Automated Decision Making: 

Knight Consultancy does not use any kind of automated decision-making technology. 

Marketing: 

If you wish to receive information about our products or services, please let us know by any of the contact options provided below.