We will also explain what rights you have with regards to your personal data and how you can exercise those rights.
Next Review Date 20:02:2021
The K Plan (www.thekplan.com) is a trading name for the parent company known as Watoto Play.
Watoto Play is the data controller for all the organisations within the group. This means that Watoto Play determines what data is collected by each organisation within the group, how this data is going to be used and how this data is protected.
You can contact us for postal enquiries at:-
51 High St,
If you have questions about how we process personal data or would like to exercise your data subject rights, please email us at email@example.com
Your Rights As A Data Subject
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email firstname.lastname@example.org or use the information supplied in the Contact us section below. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:
- The right to be informed
- The right of access
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:
- a) The purposes of the processing
b) The categories of personal data concerned
c) The recipients to whom the personal data has been disclosed
d) The retention period or envisioned retention period for that personal data
e) When personal data has been collected from a third party, the source of the personal data
- If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.
- The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
- The right to erasure (the ‘right to be forgotten’)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
- The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
a) The accuracy of personal data is contested.
b) Processing of personal data is unlawful.
c) We no longer need the personal data for processing but the personal data is required for part of a legal process.
d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
- The right to data portability
You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
- The right to object
You have the right to object to our processing of your data where
- Processing is based on legitimate interest;
- Processing is for the purpose of direct marketing;
- Processing is for the purposes of scientific or historical research; or
- Processing involves automated decision-making and profiling.
We will use your personal information ONLY to allow us to provide the services you have requested.
We will only share your information with other professional partners who are directly involved in providing the service and care you have requested.
- The K Plan Customer Services
- Doctor or Nurse
- Therapists - Coaches, Psychotherapists, Counsellors, Fitness Coaches, Nutritionist
- Royal Mail (Name & Address Only)
To improve the content and functionality of our website we may send you promotional material about the services offered by Kickstarter Medical Limited. You may opt out at any time of our email communication by clicking on the unsubscribe link at the end of every email we send you.
Your details are not shared or sold to any third parties under any circumstances.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Cookies are small text files that are stored by the browser (for example, Internet Explorer, Chrome or Safari) on your computer or mobile phone. They allow websites to store things like user preferences. You can think of cookies as providing a ‘memory’ for the website so that it can recognise you when you come back and respond appropriately.
While you are signed into the site, we combine information from your registration cookies with analytics cookies, which we could use to identify which pages you have seen on.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
The K Plan will conduct an identity check at the point that you enrol into our paid services. We will require a valid form of I.D, such as a passport or driving licence in digital format and this will be stored securely on your profile with us.
All medical records by The K Plan will be retained in accordance with “Records Management Code of Practice for Health & Social Care, Jul 2016”
All data at The K Plan is stored in keeping with best practice for ISO 27001:2018. This means that your data is securely stored and only accessible to people with the authority to access it via our clinical application.
The K Plan databases are secured in a private network and access to these databases are granted on an exceptional basis only. Your data is secured by industry standard protocols and firewalls to prevent unauthorised access to information. The K Plan operates to a recovery point objective of 20 minutes, which means your data is also securely backed up and protected in the event of any disruption to our IT system.
All access to data is logged so we have a complete audit trail of your data inside of our organisation.
We do not work with 3rd parties who are not directly involved in providing the service and care you have requested. Therefore we do not have a requirement to exchange data outside of our organisation with these third parties. You can be sure that when you consent to provide your personal information to us, The K Plan is the only user of this information.
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee would normally be payable, and we will endeavour to provide any and all information in response to your request free of charge within 28 days of receiving your request. Please contact us for more details at email@example.com
The table below describes the various forms of personal data we collect and the lawful basis for processing this data. Our business architecture, accounting and systems infrastructure and compliance organisation means that all personal data may be processed on common, group-wide platforms.
We have processes in place to make sure that only those people in our organisation who need to access your data can do so. A number of data elements are collected for multiple purposes, as the table below shows. Some data may be shared with third parties; where this happens, this is also identified below.
When we process on the lawful basis of legitimate interest, we apply the following test to determine whether it is appropriate:
The purpose test – is there a legitimate interest behind the processing?
Necessity test – is the processing necessary for that purpose?
Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?
You can download our "Purpose of Collection" table below. Or click here to view
51 The High St,
Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you. We will respond within 28 days from receiving your enquiry.
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in confidence.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the UK, this is the ICO (Information Commissioner’s Office), which is also our lead supervisory authority. Its contact information can be found here