Compliance with the GDPR is a top priority for KUDO and our customers. As both a data controller and processor, we have taken measures to ensure our compliance with the GDPR.

We’re continuing our strategy of proactively incorporating privacy features into our product development that meet and exceed current regulations.

Our GDPR principles

  • we will process all personal data fairly and lawfully
  • we will only process personal data for specified and lawful purposes
  • we will endeavor to hold relevant and accurate personal data, and where practical, we will keep it up to date
  • we will not keep personal data for longer than is necessary
  • we will keep all personal data secure

Our GDPR overview

We implement the relevant policies and practices to ensure we protect any data handled by the KUDO – for its employees, customers, suppliers, partners and stakeholders, specifically including the following:

  • employees will be made aware of the GDPR and restrictions and obligations within it as may be relevant to them, with the relevant training provided as necessary.
  • all new employees joining after the 25th May will receive awareness training as part of our induction program
  • suppliers who process personal data on behalf of the KUDO have been identified and asked to provide details of their state of compliance with the GDPR and where appropriate agree to new contractual arrangements. Any new supplier will not be taken on unless we are satisfied that they comply with the new data protection regulations

Our GDPR activities

  • we appointed a Data Protection Officer
  • our internal project is maintaining a log of GDPR compliance work, which will be available to scrutiny if/when asked
  • we undertook a gap analysis of all our business processes where personal data is either held or collected and produced an action plan
  • we are reviewing and updating our range of policies, including our Privacy policy
  • we have introduced mechanisms to identify a potential personal data breach, how these will be investigated and reported, where necessary within 72 hours
  • we are undertaking a systematic review of the personal data we store, manage, maintain, collect, process and control
  • we have assessed our lawful bases for processing data to ensure all personal data is processed lawfully, fairly and transparently
  • we have conducted data mapping of all our processes involving personal data
  • we are providing training to our employees and generally raising the awareness and importance of GDPR to our business and their individual responsibilities arising from this
  • we are and will continue to look at ways of improving our systems and procedures to better comply with GDPR best practice

Data Subject Rights

Under the GDPR, individuals can exercise the following rights:

  • what personal data we hold about them
  • the purposes of the processing
  • the categories of personal data concerned
  • the recipients to whom the personal data has/will be disclosed
  • how long we intend to store your personal data for
  • if we did not collect the data directly from them, information about the source
  • the right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
  • the right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
  • the right to lodge a complaint or seek judicial remedy and who to contact in such instances.

Data protection

Protecting your data is of paramount importance and a constant focus in KUDO.

  • All access to the KUDO website is restricted to HTTPS encrypted connections.
  • We never store credit card or payment details in our database.
  • User passwords are encrypted. Passwords are never stored in plain text