This privacy notice is split across the following:
- Contact details
- What information We collect, use, and why
- Lawful bases and data protection rights
- Where We get personal data from
- How long We keep information
- Who We share information with
- Sharing information outside the UK
- How to complain
“PK Group” means PK Group Ventures Limited (registered in England and Wales, number 08480181) and its wholly owned subsidiary, PK Partners LLP (registered in England and Wales, number 06585758).
“We”, “Us” and “Our” refers to PK Group.
From time to time We may update this privacy notice. When making changes to this privacy notice, We will add a new date to this privacy notice.
This version is effective as of 16 April 2025.
Postal address:
PK Group, 1 Parkshot, Richmond, Surrey, TW9 2RD
Telephone number:
020 8334 9953
Email:
data.protection@pkgroup.co.uk
Personal data
UK General Data Protection Regulation and the Data Protection Act 2018 define personal data as any information in relation to an identified or identifiable living individual. An identifying characteristic could include name, ID number or location data. Such information is treated as personal data, even if it can only be potentially linked to a living individual.
We may collect or use the following personal data to provide and improve products and services for clients, to support the work We do for Our clients, for marketing purposes and to comply with regulatory requirements:
- Names and contact details,
- Addresses,
- Gender,
- Occupation,
- Date of birth,
- Marital status,
- Third party information (such as family members or other relevant parties),
- Payment details (including card or bank information for transfers and direct debits),
- Financial data (including income and expenditure),
- Transaction data (including details about payments to and from you and details of products and services you have purchased),
- Usage data, including information about how you interact with and use Our website,
- Employment details (including salary, sick pay and length of service),
- Financial information e.g. for fraud prevention or detection,
- Marketing preferences,
- Identification documents,
- IP addresses,
- Credit history and credit reference information, and
- Records of meetings and decisions.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, We have put in place suitable physical, technical and managerial procedures to safeguard and secure the information We collect. In addition, We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on Our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where We are legally required to do so. As detailed in section 6 of in this notice, in some cases, PK Group uses third parties to handle personal information on Our behalf, e.g. software providers, who might store personal information on the cloud.
If you want to know what personal data We hold about you, you can make a subject access request to the email address quoted in section 1. Such a request is used to ask Us for details of the personal data We hold about you and to request a copy of such personal data.
Upon receipt of a subject access request, We will take steps to confirm your identity, after which We have one calendar month to respond to your subject access request.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps Us analyse data about webpage traffic and improve Our website in order to tailor it to your needs. We only use this information for statistical analysis purposes. Overall, cookies help Us provide you with a better website by enabling Us to monitor which pages you find useful and which you do not. A cookie in no way gives Us access to your computer or any information about you.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Our website may contain links, or computational models containing links, to other websites of interest. Once you have used these links to leave Our site, you should note that We do not have any control over that other website. Therefore, We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy statement applicable to the website in question.
Your data protection rights
Under UK data protection law, We must have a “lawful basis” for collecting and using your personal data. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis We rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
- Your right of access – You have the right to ask Us for copies of your personal information. You can request other information such as details about where We get personal data from and who We share personal data with. There are some exemptions which means you may not receive all the information you ask for.
- Your right to rectification – You have the right to ask Us to correct or delete personal data you think is inaccurate or incomplete.
- Your right to erasure – You have the right to ask Us to delete your personal information.
- Your right to restriction of processing – You have the right to ask Us to limit how We can use your personal information.
- Your right to object to processing – You have the right to object to the processing of your personal data.
- Your right to data portability – You have the right to ask that We transfer the personal data you gave Us to another organisation, or to you.
- Your right to withdraw consent – When We use consent as Our lawful basis you have the right to withdraw your consent at any time.
Our lawful bases for collecting or using personal data to operate, provide, market and improve products and services for clients are:
- Consent – We have permission from you after We gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
- Contract – We have to collect or use the information so We can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
- Legal obligation – We have to collect or use your information so We can comply with the law. We may have to use your personal data without your knowledge or consent when We have a legal obligation to do so. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
- Legitimate business interest – We have to collect or use relevant information for legitimate business interests. For these purposes, business may be personal, administrative, financial, regulatory, payroll and business development purposes. All of your data protection rights may apply, except the right to portability.
We will only use your personal data for the purpose for which it was collected. Such use will include, but will not necessarily be limited to, the following:
- Using personal data to discharge Our engagement responsibilities.
- To comply with Our legal, regulatory and corporate governance obligations and good practice including investigations by regulatory bodies, including H M Revenue & Customs, or in connection with legal proceedings or requests.
- Operational reasons, such as training and quality control, ensuring the confidentiality of commercially sensitive information, credit scoring and checking.
- Undertaking anti-money laundering checks as required under Money Laundering Regulations.
- When We hold your permission to do so, for marketing purposes. PK Group undertake marketing activities using a variety of methods, which include email, telephone and post. You will not be sent unauthorised or spam marketing by Us. You always have the right to object to Our processing your personal data for the purposes of direct marketing, whatever lawful basis applies.
- Supplying you with information by email and/or post that you have opted-in to (you may unsubscribe or opt-out at any time by emailing data.protection@pkgroup.co.uk.
During the course of Our engagement, We will obtain your personal data from various sources that will include:
- Directly from you,
- Regulatory authorities,
- Legal bodies or professionals,
- Publicly available sources,
- Previous employment,
- Credit reference agencies, and
- Suppliers and service providers.
We will take steps to protect your personal data against loss or theft, as well as from unauthorised access, disclosure, copying, use or modification.
We will retain your personal data for a period of at least 6 years from the end of the relationship or as long as We are required to for legal reasons to fulfil Our record-keeping obligations, and will not retain personal data longer than is necessary, unless there is a legal reason for extended retention, such as any ongoing contractual liability We may have for advice provided.
Who
We may disclose your data to a number of parties, including:
- The two separate legal entities constituting PK Group,
- Professional or legal advisors, consultants, receivers and administrators and service providers, including data processors,
- Courts, governmental and non-governmental agencies, law enforcement agencies and tax authorities,
- Regulatory authorities,
- External auditors,
- Credit Reference Agencies and Fraud Prevention Agencies, and
- Any other organisation We are legally obliged to share personal data with.
If you provide Us with an e-mail address, We will act on the basis that you are the only person accessing it. If your work colleagues or family members share access and you may not want them to see confidential correspondence, please supply Us with another address.
We may share your personal data with third party service providers, in their capacity as data processors.
UK data protection law defines a data processor as a third party natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
During the course of your relationship with PK Group, We will act as the data controller, and may share your personal data with the following data processors:
- Cloud-based accounting software providers such as Xero and Quickbooks, who will store and process accounting information provided and posted by you and Us;
- Company secretarial software providers, who will store and process company secretarial information, which will include personal data in relation to directors and shareholders;
- Payroll software providers, who will store and process personal data including your name, date of birth, address, national insurance number, tax code, salary and PAYE code.
- Professional and legal advisors and consultants who We may instruct to support Us during your relationship with PK Group. The information shared with these data processors will be specific and limited to that personal data relevant to Our engagement with you.
Data processors act on Our behalf and under Our authority. In doing so, they serve Our interests rather than their own. The data processor should only process personal data in line with Our instructions, unless they are required to do otherwise by law.
If a data processor acts without Our instructions in such a way that it determines the purpose and means of processing, including to comply with a statutory obligation, it will be a controller in respect of that processing and will have the same liability as a controller.
Where necessary, We may transfer personal data outside of the UK. When doing so, We comply with the UK GDPR, making sure appropriate safeguards are in place.
As noted in section 6.2 of this privacy notice, We may make use of online cloud-based software packages for the purpose of Our service delivery during your relationship with PK Group. Such systems are provided to Us as licensee by the licensor, and are subject to appropriately compliant data processing agreements between Us and the licensor.
Most of the online cloud-based software packages are based in the UK. If storage of personal data occurs outside of the UK, then your personal data may be transferred outside of the UK during the course of your relationship with PK Group. When sharing your personal data outside the UK, We take steps to ensure that the country to which the personal data is transferred provides standards of personal data protection equivalent to UK general data protection requirements.
For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact Us using the contact information provided above.
If you have any concerns about Our use of your personal data, you can make a complaint to Us using the contact details at the top of this privacy notice.
If you remain unhappy with how We have used your data after raising a complaint with Us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint