# Privacy Policy

Effective: September 1st 2024

This Privacy Policy describes how Kositek Ltd [Y ("we", "us", or "our") collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable, the EU GDPR.

## 2. Personal Data We Collect

### 2.1 When You Visit Our Site
- Browser type and version
- IP address
- Time zone
- Cookie information
- Pages viewed
- Device information

### 2.2 When You Make a Purchase
- Name
- Billing/shipping addresses
- Payment information
- Email address
- Phone number
- Purchase history

## 3. Lawful Bases for Processing

We process your data under the following legal bases:
- Contract fulfillment (processing orders)
- Legal obligation (tax records)
- Legitimate interests (security, fraud prevention)
- Consent (marketing communications)

## 4. How We Use Your Data

### 4.1 Essential Processing
- Order processing and fulfillment
- Payment processing
- Shipping and delivery
- Customer service
- Legal compliance

### 4.2 Optional Processing (With Consent)
- Marketing communications
- Product recommendations
- Customer surveys
- Analytics

## 5. International Data Transfers

### 5.1 UK and EU Data Transfers
We ensure appropriate safeguards through:
- UK International Data Transfer Agreements (IDTAs)
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions

### 5.2 Other International Transfers
Additional measures for non-UK/EU transfers include:
- Data transfer impact assessments
- Supplementary technical measures
- Contractual safeguards

## 6. Your Rights

Under UK and EU data protection laws, you have the right to:
- Access your data
- Rectification of inaccurate data
- Erasure ('right to be forgotten')
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
- Lodge a complaint with the ICO or EU supervisory authority

## 7. Data Security

We implement appropriate technical and organizational measures including:
- Encryption
- Access controls
- Regular security assessments
- Staff training
- Incident response procedures

## 8. Cookie Policy

### 8.1 Essential Cookies
Required for site functionality

### 8.2 Optional Cookies
- Analytics
- Marketing
- Preferences

You can manage cookies through your browser settings.

## 9. Third-Party Processors

We use the following categories of processors:
- Payment processors
- Shipping providers
- Analytics services
- Marketing platforms
- Customer service tools

All processors are bound by data processing agreements compliant with UK/EU requirements.

## 10. Data Retention

We retain personal data for:
- Active accounts: Duration of relationship
- Closed accounts: [Period] after closure
- Transaction records: 6 years (UK tax law)
- Marketing data: Until consent withdrawal

## 11. Children's Privacy

We do not knowingly process data of children under 13 (UK) or 16 (EU).

## 12. Your Choices

You can:
- Manage marketing preferences
- Control cookies
- Request data deletion
- Export your data
through [describe method/link to preferences]

## 13. Complaints

You have the right to complain to:
- The Information Commissioner's Office (ICO)
- Your local EU data protection authority
- Us directly at [contact details]

## 14. Changes to This Policy

We will notify you of material changes through:
- Email notification
- Site notifications
- Account alerts

## 15. Additional Information for EU Customers

When we process EU resident data, we:
- Comply with EU GDPR requirements
- Provide EU representative details
- Enable EU-specific rights
- Follow EU data transfer requirements

## Contact Us

Data Protection Enquiries:
Kositek Ltd
Unit 1, Haliwell Mill, Bertha Street, BL1 8AH, United kingdom.
Email: kositekltd@gmail.com

EU Representative:
EURP

eucomply OÜ
Pärnu mnt 139b-14
11317 Tallinn, Estonia

hello@eucompliancepartner.com

+3375690241