Published 23rd April 2019
The Kamma platform provides information and services to private rented sector landlords and agents to enable automatic compliance monitoring of their property portfolios across the UK. When Kamma processes your personal information it is responsible as ‘controller’ of that personal information for the purposes of data protection laws including the EU General Data Protection Regulation 2016/679 (“GDPR”).
Kamma adheres to the following principles when processing your personal information as data controller:
You may provide us with information through the website, the Kamma platform, by email, over the phone or otherwise communicate or be in contact with us, when:
The categories of personal information you provide may include:
Our customers upload property information onto the Kamma platform. Some of that information may consist of personal information of the landlord and tenant relating to a particular property. As such, the following Property Personal Information may be uploaded onto the Kamma platform:
As part of an additional service to customers, we may also collect criminal conviction data as part of a due diligence check on a landlord. We would be carrying out this activity as data processor on behalf of the customer, the data controller.
Our customers are required to ensure that they provide clear and sufficient information to you, in accordance with the GDPR, of the purposes for which they will process your personal data, the legal basis for such purposes and such other information as is required by the GDPR including information explaining the disclosure of your personal data to Kamma and the uses which Kamma may make of your personal data (please see “What We Do With Your Personal Data” for further information on this).
We do not seek to collect sensitive personal information through our website or as part of our business transactions and our customers are required not to upload such information onto the Kamma platform. Sensitive personal information is information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; health; sex life, sexual orientation; or genetic or biometric information.
Kamma collects, stores and uses information about your visits to the website and platform, and about your computer, tablet, mobile or other device through which you access the website. This includes the following information:
We may also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data as this data will not directly or indirectly reveal your identity.
This website and the Kamma platform is not intended for or directed at children under the age of 16 years and we do not knowingly collect information relating to children under this age.
As a data controller, Kamma will only use your personal information if we have a legal basis for doing so. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained in the table below.
Generally, we do not rely on consent as a legal basis for processing your personal data although we may need your consent before sending direct marketing communications to you via email or text message where you are not an existing customer. Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences by contacting us as provided in Contacting us above.
We will share your personal information with any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.
We may also publish, disclose and use Aggregated Data and non-personal information for statistical analysis within the property sector, demographic profiling, marketing and advertising, and other business purposes.
Personal information will also be shared with our third party service providers and business partners who assist with the running of the platform and website and the operation of our business including third party hosting providers. Our third party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions.
In addition, Kamma may disclose information about you:
Where you are a customer, personal information may be shared with the National Landlords Association Limited (“NLA”). This is part of the NLA Licensing 365 project which is a joint partnership between the NLA and Kamma. The NLA’s services are promoted on the Kamma website to users who can voluntarily sign up to the NLA from within Kamma’s services. In addition, members of the NLA are invited to sign up to Kamma’s services on the NLA website. Members of the NLA can add up to 16 properties to Kamma’s platform. Where a genuine mistake has been made in adding a property, you may request it be removed via firstname.lastname@example.org. Kamma reserve sole and absolute discretion over the removal of properties. Where a user requests, on the Kamma website, to sign up to the NLA, Kamma will pass data about the user (including personal information) to the NLA. Where a user requests, on the NLA website, to sign up receive Kamma’s services, data about the user (including personal information) will be passed from the NLA to Kamma. In the latter scenario, Kamma will periodically check with the NLA whether the user’s NLA membership is still valid.
Where we collect personal data from you, it may be necessary for us to transfer your personal information outside of the European Economic Area (“EEA”) to our service providers and business partners located outside the EEA.
Where personal information is transferred to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal, we take steps to provide appropriate safeguards to protect your personal information, including entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal information. If you would like further information on the specific mechanism used by us when transferring your personal information outside of the EEA, please contact us using the details set out above.
We use appropriate technical and organisational security measures to protect personal information both online and offline from unauthorised use, loss, alteration or destruction. We use physical and procedural security measures to protect information from the point of collection to the point of destruction.
Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal information.
Despite these precautions, however, Kamma cannot guarantee the security of information transmitted over the Internet or that unauthorised persons will not obtain access to personal information. In the event of a data breach, Kamma have put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where required to do so.
If you have any questions about security on our website or within our business operations, you can contact us as provided in Contacting Us above.
You are responsible for keeping your password for accessing our website confidential; we will not ask you for your password except when you log in to our website.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
You have the right to access information which we hold about you (“data subject access request”).
You may also have the right to receive personal information which you have provided to us in a structured and commonly used format so that it can be transferred to another data controller (“data portability”). The right to data portability only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
You have the right to object at any time to our processing of your personal information for direct marketing purposes.
Where we process your information based on our legitimate interests
You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You also have the following rights under data protection laws to request that we rectify your personal information which is inaccurate or incomplete.
In certain circumstances, you have the right to:
Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.
For example, we may refuse a request for erasure of personal information where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive.
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
In order to improve the website, we may use small files commonly known as “cookies”. A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (your “device”) from the website and is stored on your device’s browser or hard drive.
You can find more information about how to do manage cookies for all the commonly used internet browsers by visiting www.allaboutcookies.org. This website will also explain how you can delete cookies which are already stored on your device.
We ask for your consent to place cookies on your device, except where these are essential for us to provide you with a service that you have requested.
We currently set the following cookies:
We currently use the following third party cookies:
AWSALBcookie is set by our AWS load balancer, which delivers our services seamlessly from multiple AWS servers. This cookie simply records which AWS application server cluster is delivering our services to you.
_utmcto calculate the average amount of time you spent on our web site and platform.
_utmbcookie to calculate when you close your browser or browse away from our web site or platform.
PREFcookie, uses the updated playback interface.
We are obliged by Google Analytics to state the following:
The website may, from time to time, contain links to and from the websites of our business partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and Kamma does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
You also have the right to complain to the Information Commissioner’s Office (https://ico.org.uk/).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Get in touch
Contact us using the form below and we will get back to you as soon as we can.
Sorry, but something went wrong. Please let us know and we'll do our best to fix it.
Thanks for sending us your message. You'll be hearing from us shortly.
How to find us
Situated in the heart of London's Clerkenwell district, our offices are co-located with Bennetts Associates and are a 7 minute walk from Angel Station (on the Northern Line) or a 15 minute walk from Farringdon Station (on the Circle, Hammersmith & City and Metropolitan Lines and on National Rail/Thameslink services).
1 Rawstorne Place, London, EC1V 7NL, United Kingdom
+44 (0) 203 872 2940