Kosi Ateler | GOOD THINGS FOR EVERY SPACE & PERSONALITY

Privacy Policy

Effective Date: 1st September 2024

This Privacy Policy describes how Kositek Ltd ("we", "us", or "our") collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable, the EU GDPR.

1. Personal Data We Collect

When You Visit Our Site

We automatically collect certain technical information, including your browser type and version, IP address, time zone, cookie information, pages viewed, and device information.

When You Make a Purchase

We collect the information needed to process and fulfil your order, including your name, billing and shipping addresses, payment information, email address, phone number, and purchase history.

2. Lawful Bases for Processing

We process your personal data under the following legal bases:

  • Contract fulfilment — processing and fulfilling your orders
  • Legal obligation — maintaining tax and financial records
  • Legitimate interests — security and fraud prevention
  • Consent — marketing communications (where you have opted in)

3. How We Use Your Data

Essential Processing

We use your data to process and fulfil orders, handle payments, arrange shipping and delivery, provide customer service, and meet our legal compliance obligations.

Optional Processing (With Your Consent)

Where you have given consent, we may also use your data for marketing communications, product recommendations, customer surveys, and analytics.

4. International Data Transfers

UK and EU Transfers

Where your data is transferred between the UK and EU, we ensure appropriate safeguards are in place through UK International Data Transfer Agreements (IDTAs), EU Standard Contractual Clauses (SCCs), and adequacy decisions.

Other International Transfers

For transfers outside the UK and EU, we apply additional measures including data transfer impact assessments, supplementary technical safeguards, and contractual protections.

5. Your Rights

Under UK and EU data protection law, you have the right to:

  • Access your personal data
  • Rectification of any inaccurate data
  • Erasure of your data (the 'right to be forgotten')
  • Restrict how we process your data
  • Data portability — receive your data in a portable format
  • Object to certain types of processing
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the ICO or your local EU supervisory authority

6. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including encryption, access controls, regular security assessments, staff training, and incident response procedures.

7. Cookie Policy

Essential Cookies

These are required for the site to function correctly and cannot be disabled.

Optional Cookies

We also use optional cookies for analytics, marketing, and storing your preferences. You can manage or disable these at any time through your browser settings.

8. Third-Party Processors

We work with trusted third-party processors including payment processors, shipping providers, analytics services, marketing platforms, and customer service tools. All processors are bound by data processing agreements that comply with UK and EU requirements.

9. Data Retention

We retain your personal data for the following periods:

Data TypeRetention PeriodActive accountsDuration of the relationshipClosed accountsTo be confirmedTransaction records6 years (UK tax law)Marketing dataUntil consent is withdrawn

10. Children's Privacy

We do not knowingly collect or process personal data from children under the age of 13 (UK) or 16 (EU). If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Your Choices

You are in control of your data. You can manage your marketing preferences, control cookie settings, request deletion of your data, or export your data at any time. Please contact us using the details below to exercise any of these options.

12. Complaints

If you have a concern about how we handle your data, you have the right to complain to:

  • The Information Commissioner's Office (ICO)ico.org.uk
  • Your local EU data protection authority (for EU residents)
  • Us directly — see contact details below

We would always appreciate the opportunity to address your concern directly before you escalate to a supervisory authority.

13. Additional Information for EU Customers

When processing data of EU residents, we comply fully with EU GDPR requirements, provide EU representative details (see below), enable EU-specific rights, and follow EU data transfer requirements.

14. Changes to This Policy

We will notify you of any material changes to this policy via email notification, site notifications, and account alerts where applicable.

Contact Us

Data Protection Enquiries:

Kositek LtdUnit 1, Haliwell Mill, Bertha StreetBolton, BL1 8AHUnited Kingdom📧 hello@kosiatelier.com

EU Representative:

EURP eucomply OÜPärnu mnt 139b-1411317 Tallinn, Estonia📧 hello@eucompliancepartner.com📞 +33 756 902 41

Last updated: 1st September 2024