Privacy Notice


1. Introduction 


'KDERC' is trading name of KDERC International Limited. 

We are committed to compliance with all relevant laws regarding personal data, and the protection of the rights and freedoms of individuals whose personal data or information we collect and process. We do this in accordance with the General Data Protection Regulation (GDPR) now embodied in the Data Protection Act 2018.

KDERC is a “data controller”. This means that we are responsible for deciding how we hold and use personal data or information about you. This is called “personal data” throughout this privacy notice. 

We collect, store and process personal data relating to those who use our services in order to both manage our relationship with them and to facilitate resolution of the issues with which they are involved. 

This privacy notice sets down how we collect and uses personal data about you during and after the end of our period working with you. 

However, this privacy notice does not form part of any agreement with you and we may be update it at any time. 

We are committed to protecting the privacy and security of your personal data. This starts with our being clear and transparent about how we collect and use that data in accordance with our data protection obligations. 

2. Data Protection Principles
We are required to ensure that the personal data we hold about you is: 

  • used lawfully, fairly and in a transparent way;
  • collected only for valid purposes that we have clearly explained to you and not
    used in any way that is incompatible with those purposes;
  • relevant to the purposes we have told you about and limited to those purposes
  • accurate and kept up to date;
  • kept only for such time as is necessary for the purposes we have told you about;
  • kept securely.

  3. What Information does KDERC collect and process?

We collect and process a range of personal data about you. Personal data means any information about an individual from which the person can be identified. This includes:

  • personal contact details, such as your name, title, address and contact details, including email address and telephone number;
  • date of birth;
  • gender;
  • the terms and conditions of your employment or engagement with your
  • details of your qualifications, skills, experience and employment history,
    including start and end dates, with current and previous employers and others;
  • information about your remuneration;
  • information about your nationality, country/countries of residence and
    entitlement to work in the UK;
  • details of periods of leave taken by you, including holiday, sickness absence,
    family leave, sabbaticals, and the reasons for the leave;
  • details of any disciplinary or grievance procedures in which you have been
    involved, including any warnings issued to you and related correspondence;
  • assessments of your performance, including appraisals, training you have
    participated in, performance improvement plans and related correspondence;
  • CCTV footage and other information obtained through electronic means e.g.
    swipe card records.
    We may also collect, store and use the following special categories of more sensitive personal information:
  • information about medical or health conditions, including whether or not you have a disability for which we need to make reasonable adjustments;
  • details of trade union membership;
  • information about your criminal record (if relevant); and
  • equal opportunities monitoring information, including information about your
    ethnic origin, sexual orientation, health and religion or belief.
    We collect this personal data in a variety of ways, e.g. through the process in which
    an issue is referred to us or during a grievance investigation or mediation
    Personal data is stored by us in a range of different places including our IT and email systems. 

4. Why does KDERC process personal data?

We need to process personal data to both enter into our agreements and/or
arrangements with and to meet our obligations under our referral agreement(s). 

Also, we have to process personal data to ensure that we are complying with our legal obligations, e.g. when ensuring that all our processes are fair and law-compliant. 


In other cases, we have a legitimate interest in processing personal data before, during and after the end of our period working with you. 

5.  When does KDERC use personal data?
Situations in which we will process your personal data are listed below In order to:

  • consider and make findings during the course of a grievance investigation;
  • maintain accurate and up-to-date records and contact details (including details of whom to contact in the event of an emergency), and records of employee
    legal (contractual and statutory) rights;
  • prepare and effect any grievance resolution outcome documentation
  • ensure effective general business administration;
  • deal with any legal disputes involving you or others; and
  • facilitate monitoring of our policies on equal opportunities and diversity. 

6.  Failure to provide personal data
If you do not provide certain information when requested, we may not be able to carry out a grievance investigation or mediation either as we would have wished or at all.

7.  Change of Purpose
We will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so.

You should be aware that we may process your personal data without your knowledge or consent where this is required or permitted by law.

8. How we use Sensitive Personal Information
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out our legal and other obligations e.g. in relation to those with disabilities and for health and safety purposes.

We use other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion for the purposes of meaningful equal opportunities monitoring or reporting.

Data used by the Company for these purposes is anonymised or is collected with the express consent of those concerned. Consent given for this purpose can be withdrawn at any time.


9.  Information about criminal convictions
We will only collect information about criminal convictions during the course of a grievance investigation if this is appropriate or where we are legally required to do so.

10.  Automated Decision-Making
No part of our processes is based solely on automated decision-making.

11.  How long does KDERC keep personal data?
We will only hold your personal data for as long as is necessary to fulfil the purposes for which we collected, including any legal, accounting, reporting, monitoring or enforcement requirements.

12.  Who has access to personal data?
Your personal data obtained during a grievance mediation may be shared with your employer and others involved in that investigation. Personal data obtained during a grievance mediation, together with all other matters communicated during a grievance mediation will be privileged and not disclosed to any other person or body without your prior consent unless required by law. 

Your data may be transferred to third countries or international organisations outside the European Economic Area (EEA). However, in such cases we check that there is an adequate level of protection established.

13.  How does KDERC protect personal data?
We take the security of your personal data seriously. We have internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees or others in the performance of their duties.
Examples of the policies and controls that we have are:

  • GDPR Data Protection Policy
  • Privacy Policy
  • Data and Purpose Review Process  


  • Personal Data Breach Notification Procedure
  • Consent & Withdrawal of Consent Procedures
  • Complaints Procedure
  • Transfers of Personal Data to Third Countries or International Organisations
  • Data Portability Procedure
  • Subject Access Request Procedure  A copy of all these policies and procedures is available from Keith Davis who may be contacted at KDERC, 10 High Street, Poole, Dorset, BH15 1BP, United Kingdom or at 

14.  Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please be sure to promptly keep us informed if your personal information changes during our period working with you.

15.  Your rights
As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request (known as a “data subject access request”);
  • require us to change incorrect or incomplete data;
  • request erasure of your personal data. This enables you to ask us to delete or stop processing your personal data, for example where it is no longer necessary
    for the purposes of processing;
  • object to the processing of your personal data where we are relying on our
    legitimate interests as the legal ground for processing; and
  • ask us to suspend the processing of your personal data for a period of time if it is inaccurate or where there is a dispute about its accuracy or the reason for
    processing it.
    If you would like to exercise any of these rights, or you have any questions about this privacy notice, please contact Keith Davis at KDERC, 10 High Street, Poole, Dorset, BH15 1BP, United Kingdom or at
    If you believe that we have not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office.