Privacy Policy
# Privacy Policy
Effective: September 1st 2024
This Privacy Policy describes how Kositek Ltd [Y ("we", "us", or "our") collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable, the EU GDPR.
## 2. Personal Data We Collect
### 2.1 When You Visit Our Site
- Browser type and version
- IP address
- Time zone
- Cookie information
- Pages viewed
- Device information
### 2.2 When You Make a Purchase
- Name
- Billing/shipping addresses
- Payment information
- Email address
- Phone number
- Purchase history
## 3. Lawful Bases for Processing
We process your data under the following legal bases:
- Contract fulfillment (processing orders)
- Legal obligation (tax records)
- Legitimate interests (security, fraud prevention)
- Consent (marketing communications)
## 4. How We Use Your Data
### 4.1 Essential Processing
- Order processing and fulfillment
- Payment processing
- Shipping and delivery
- Customer service
- Legal compliance
### 4.2 Optional Processing (With Consent)
- Marketing communications
- Product recommendations
- Customer surveys
- Analytics
## 5. International Data Transfers
### 5.1 UK and EU Data Transfers
We ensure appropriate safeguards through:
- UK International Data Transfer Agreements (IDTAs)
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions
### 5.2 Other International Transfers
Additional measures for non-UK/EU transfers include:
- Data transfer impact assessments
- Supplementary technical measures
- Contractual safeguards
## 6. Your Rights
Under UK and EU data protection laws, you have the right to:
- Access your data
- Rectification of inaccurate data
- Erasure ('right to be forgotten')
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
- Lodge a complaint with the ICO or EU supervisory authority
## 7. Data Security
We implement appropriate technical and organizational measures including:
- Encryption
- Access controls
- Regular security assessments
- Staff training
- Incident response procedures
## 8. Cookie Policy
### 8.1 Essential Cookies
Required for site functionality
### 8.2 Optional Cookies
- Analytics
- Marketing
- Preferences
You can manage cookies through your browser settings.
## 9. Third-Party Processors
We use the following categories of processors:
- Payment processors
- Shipping providers
- Analytics services
- Marketing platforms
- Customer service tools
All processors are bound by data processing agreements compliant with UK/EU requirements.
## 10. Data Retention
We retain personal data for:
- Active accounts: Duration of relationship
- Closed accounts: [Period] after closure
- Transaction records: 6 years (UK tax law)
- Marketing data: Until consent withdrawal
## 11. Children's Privacy
We do not knowingly process data of children under 13 (UK) or 16 (EU).
## 12. Your Choices
You can:
- Manage marketing preferences
- Control cookies
- Request data deletion
- Export your data
through [describe method/link to preferences]
## 13. Complaints
You have the right to complain to:
- The Information Commissioner's Office (ICO)
- Your local EU data protection authority
- Us directly at [contact details]
## 14. Changes to This Policy
We will notify you of material changes through:
- Email notification
- Site notifications
- Account alerts
## 15. Additional Information for EU Customers
When we process EU resident data, we:
- Comply with EU GDPR requirements
- Provide EU representative details
- Enable EU-specific rights
- Follow EU data transfer requirements
## Contact Us
Data Protection Enquiries:
Kositek Ltd
Unit 1, Haliwell Mill, Bertha Street, BL1 8AH, United kingdom.
Email: kositekltd@gmail.com
EU Representative:
EURP
eucomply OÜ
Pärnu mnt 139b-14
11317 Tallinn, Estonia
hello@eucompliancepartner.com
+3375690241