Try our free assessments – get your maturity scores instantly

CaroKahn...coming soon...
CaroKahn...coming soon...
  • Home
  • The Customer Challenge
  • Why Choose CaroKahn
  • Our Services
  • About Us
  • Contact Us
  • Our Blog
  • Resources
  • The C6 Maturity Model
  • Shop
  • More
    • Home
    • The Customer Challenge
    • Why Choose CaroKahn
    • Our Services
    • About Us
    • Contact Us
    • Our Blog
    • Resources
    • The C6 Maturity Model
    • Shop
  • Sign In
  • Create Account
  • Orders
  • My Account

  • Signed in as:

  • filler@godaddy.com

  • Orders
  • My Account

  • Sign out

Subscribe

Signed in as:

filler@godaddy.com

  • Home
  • The Customer Challenge
  • Why Choose CaroKahn
  • Our Services
  • About Us
  • Contact Us
  • Our Blog
  • Resources
  • The C6 Maturity Model
  • Shop

Account

  • Orders
  • My Account

  • Sign out

  • Sign In
  • Orders
  • My Account
Subscribe

Privacy Policy - Assessments

  

CaroKahn Ltd – Maturity Assessments Privacy Notice


1. Who we are

CaroKahn Ltd (“CaroKahn”, “we”, “us”) is the organisation responsible for the processing of your personal data in connection with our online maturity assessments. We act as the data controller for this activity under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. 

Registered office: CaroKahn Ltd, 86-90, Paul Street, London EC2A 4NE
Company number: 15435407
Email: assessments@carokahn.com

If you have any questions about this notice or how we handle your data, you can contact us using the details above.


2. What this notice covers

This notice explains how we collect and use your personal data when you complete one of our maturity assessments, including (but not limited to):

  • Access Governance Maturity Assessment
  • Data Protection & Security Maturity Assessment
  • Any other CaroKahn assessment delivered via Microsoft Forms or similar online tools. 

Our general website privacy policy continues to apply to other interactions with us (for example when browsing our website or signing up to newsletters). 


3. What data we collect

Depending on the specific assessment and the questions you choose to answer, we may collect:

  • Identity and contact details – name, job title, organisation name, business email address, business telephone number. 
  • Organisation information – sector, size, geographic footprint, technology      landscape (for example ERP platforms, cloud providers). 
  • Assessment responses – your answers to maturity questions, free‑text comments, ratings and self‑assessments relating to access governance, data protection, security and related business processes. 
  • Engagement data – whether and when you completed the assessment, follow‑up interactions relating to your results (for example workshop notes or      meeting outcomes). 

We do not intentionally collect special category data (such as health, ethnicity or religious beliefs) or criminal offence data through these assessments, and we ask you not to include this information in free‑text responses. 


4. How we collect your data

We collect your data directly from you when you:

  • complete one of our online maturity assessments; or
  • participate in a follow‑up meeting, workshop or consultation where we discuss or      refine your responses. 


5. Why we use your data (purposes)

We use your personal data from maturity assessments to:

  • Analyse and benchmark your organisation’s current level of maturity in areas such      as access governance, data protection and security.
  • Generate and share tailored reports, insights and recommendations with you.
  • Prepare for and deliver follow‑up conversations, workshops or advisory services.
  • Develop and improve our assessment tools, frameworks and consulting services      (using aggregated and anonymised data wherever possible). 
  • Maintain appropriate records of our relationship with you and manage our business      operations (for example pipeline management and internal reporting). 

We will not sell your data to third parties or use it for unrelated purposes without informing you and, where required, obtaining your consent. 


6. Our lawful bases for processing

Under UK GDPR, we rely on the following lawful bases for processing your personal data: 

  • Legitimate interests (Article 6(1)(f)) – where you complete an assessment in a business / professional context, we process your data to provide you and your organisation with insights and recommendations, and to grow and manage our business. We balance these interests against your rights and expectations and only process data that is necessary and proportionate. 
  • Consent (Article 6(1)(a)) – where we explicitly ask for your consent, for example to send you ongoing marketing communications or to use a testimonial or case study that identifies you personally. You can withdraw this consent at any time – see section 11. 


7. Who we share your data with

We may share your data with:

  • Microsoft –  as our cloud service provider for Microsoft Forms / Microsoft 365 (acting      as our data processor). 
  • Other carefully selected service providers who support our IT, analytics, customer relationship management or communication tools (for example secure email or CRM platforms), all under appropriate data processing agreements. 
  • Professional advisers (such as legal or accounting advisers) where necessary for our legitimate business interests and subject to confidentiality obligations. 

We do not share your assessment responses with other clients without your explicit agreement. Where we use examples, case studies or aggregated statistics in marketing or thought leadership, we remove or anonymise identifiable details unless you have given us permission to do otherwise. 


8. International transfers

Some of our service providers (including Microsoft) may store or process your data outside the UK.
Where this happens, we ensure that appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses approved by the UK Information Commissioner’s Office (“ICO”). 


9. How long we keep your data

We retain your personal data from maturity assessments only for as long as necessary for the purposes described in this notice: 

  • Assessment responses and related contact details are typically retained for up to 7 years from the date of your  last interaction with us, so that we can provide longitudinal insights, benchmarking over time and continuity in our advisory work. 
  • Where you become a client, we may retain relevant assessment data as part of your client file, in line with our client data retention schedule and legal obligations. 
  • If you withdraw consent for marketing, we will stop using your data for that purpose and retain limited information only to record your preference. 

When data is no longer needed, we securely delete or anonymise it. 


10. How we keep your data secure

We take appropriate technical and organisational measures to protect your personal data, including:

  • limiting access to authorised CaroKahn personnel and trusted processors;
  • using secure, access‑controlled cloud platforms (such as Microsoft 365) with strong authentication and logging;
  • encrypting data in transit and at rest where appropriate;
  • maintaining policies, controls and training relating to information security and data protection. 


11. Your rights

You have a number of rights under UK data protection law in relation to your personal data: 

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to ask us to delete your data in certain circumstances.
  • Right to restriction – to ask us to limit the way we use your data.
  • Right to object – to object to our processing where we rely on legitimate interests, including profiling; we will stop processing unless we have compelling legitimate grounds.
  • Right to data portability – to receive the personal data you provided to us in a structured, commonly used and machine‑readable format, and to ask us to transfer it to another controller where technically feasible.
  • Right to withdraw consent – where we rely on consent (for example for      marketing), you can withdraw it at any time by contacting us or using the      unsubscribe options in our communications.

To exercise any of these rights, please contact us using the details in section 1.


12. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Website: https://ico.org.uk
Telephone: 0303 123 1113


13. Changes to this notice

We may update this privacy notice from time to time to reflect changes in our assessments, services, technology or legal obligations.
We will indicate the date of the latest update at the top of the notice and, where appropriate, notify you of significant changes.

Copyright © 2026 CaroKahn - All Rights Reserved.

  • About Our Founder
  • Contact Us
  • Assessments
  • Subscribe
  • Our Blog
  • Privacy Policy
  • Access - IGA Resources
  • Terms and Conditions
  • Privacy - Assessments

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept