Privacy Policy

Introduction

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

This notice applies to any online and mobile website, application and digital service ("Services") of Kit & Kin Ltd ("Kit & Kin", "we", "us" or "our").

It also describes your data protection rights, including a right to object to some of the processing which Kit & Kin carries out (e.g. direct marketing). More information about your rights, and how to exercise them, is set out in the “Your Rights” section.

Your Personal Details

Your privacy is important to us, which is why we will never release your personal details to any company outside of Kit & Kin for their mailing or marketing purposes without your specific consent to do so, although we reserve the right to disclose this information in the circumstances set out below. We treat all of your personal information as confidential and keep it on a secure server.

Information you give us may include:

  • Personal identification information such as, your name, gender, date of birth, email address and telephone number;
  • Demographic information such as postal address;
  • Financial information such as credit/debit card numbers;
  • Your purchase history, and any contact history we have from you, such as by email or phone;
  • Technical data including internet protocol (IP address, your login data, browser type and version, time zone setting and location, browser plug in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data including information about how you use our website, products and services.
  • Whether you have completed a survey or joined our loyalty scheme;
  • Your marketing preferences, including any consents you have given us when you subscribe to our newsletter or set up an online account

How is your personal data collected?

We use different methods to collect data from and about you including through:

Direct interactions: you may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for our products or services;
  • create an account on our website;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; or
  • give us feedback or contact us.

Indirect interactions: we may receive personal data about you from advertising networks such as Meta Platforms Inc. (eg Facebook).

When We May Use Your Personal Details

We process your personal data for the following purposes:

  • To fulfill a contract, or take steps linked to a contract including fulfilling any orders that you place or any orders that arise under a subscription agreement that you have taken out with us;
  • To communicate with you and provide our customer services;
  • To create a profile of your interests and preferences, and personalise content and advertising for you, so that you only receive content and marketing communications that are relevant to you;
  • To conduct our business and pursue our legitimate interests;
  • To send you newsletters and other promotional material about our Services by email and text, and to use technologies to check if these have been received and opened to help make our communications relevant to you. Please note that in certain circumstances, we may be relying on our legitimate interests to send you marketing emails (see below);
  • For purposes which are required by law.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

(a) Identity

(b) Contact

Performance of a contract with you

 

 

 

To process and deliver your order including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

 

 

 

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

 

 

 

To enable you to partake in a prize draw, competition or complete a survey

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

 

 

 

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

 

 

 

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

 

 

 

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

 

 

 

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

(f) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

 Where We Rely on Legitimate Interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Circumstances Where We May Share Your Data

We may share your data with some companies as an essential part of being able to provide our products and services to you. When we share any of your data we ensure that only the data required is shared and that it remains secure.

The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Your Rights

You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases.
  • The correction of your personal data when incorrect, out of date or incomplete.
  • The deletion of the data we hold about you, in specific circumstances; for example, when you withdraw consent or object, and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
  • A computer file in a common format (CSV or similar) containing the personal data that you have previously provided to us.
  • Restriction of the use of your personal data, in specific circumstances, generally while we are deciding on an objection you have made.
  • That we stop processing your personal data, in specific circumstances; for example, when you have withdrawn consent, or object for reasons related to your individual circumstances.
  • That we stop using your personal data for direct marketing (either through specific channels, or all channels). Once you do this, we will update your profile to ensure that you don’t receive further marketing messages. Note that stopping marketing messages will not prevent us from sending you service communications; so you will still receive order updates and delivery information. Similarly opting out of marketing does not stop us processing your data for analysis and profiling.
  • That we stop any consent-based processing of your personal data after you withdraw that consent.
  • Review by a director of any decision made based solely on automatic processing of your data (so where no human has yet reviewed the outcome and criteria for the decision).

You can contact us to request to exercise these rights at any time by emailing info@kitandkin.com.

If we choose not to action your request, we will explain the reasons for our refusal.

 Your Right To Withdraw Consent

If you have given us your consent to use your personal data for marketing purposes, you have the right to change your mind at any time and withdraw that consent.

 Checking Your Identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Using Our Website And Your Personal Details

You do not have to provide any information to us to use this website.  However, certain sections of the site or facilities within the site may not be accessible if you choose not to share essential information with us.

When you visit kitandkin.com or register for the newsletter, we will ask you to submit - and will collect - personal information from you, including: your name, email address and telephone number.

We may collect information about your internet connection and website use, e.g. the URL you came from, IP address, domain type, browser type, the country and telephone code where your computer is located, the web pages viewed during your visit and any search terms you entered on our website (User Information). We may collect this information from registered and unregistered users. We use this information to help us make improvements to our website and online services.

Any personal information you provide to us (or which is available on public registers) and any user information from which we identify you we use your information for the following purposes only:

  • For statistical purposes to improve this website and the services we offer;
  • To provide you with relevant content;
  • To administer this website.

We may disclose your personal information and / or user information if we are asked to do so by the police or any other regulatory or Government authority investigating suspected illegal activities.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see https://kitandkin.com/pages/cookie-policy

Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out in the table Purposes for which we will use your personal data above.

  • The following external third parties:
  • Service providers acting as processors based in the United Kingdom who provide warehousing, storage, packaging, and delivery services
  • Service providers acting as processors who provide an e-commerce platform for our online store.
  • Service providers acting as processors providing email marketing services.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

To help personalise your journey we currently use the following companies, who will process your personal data or use cookies (for personalisation of ads) as part of their arrangements with us:

  • Shopify - ecommerce platform
  • Google - Google Advertising, Google Search Console, Google Analytics, Youtube, Google Ad Manager, Google AdSense and Google AdMob
  • Meta - Meta Advertising, Instagram, Facebook
  • Microsoft Advertising - Microsoft Advertising
  • Trustpilot - product/site review partner
  • Klaviyo - customer email partner
  • Yotpo - loyalty programme and friend referral partner
  • RexBrown - order fulfilment centre
  • Evri - shipment partner
  • HotJar - online site review and monitoring partner
  • TikTok - TikTok advertising
  • Pinterest - Pinterest Advertising
  • Zapier - data automation partner 
  • Databox - business analytics partner
  • Dataexport.io - business analytics partner
  • Genova WebArt - ecommerce development partner
  • Mailgun - powers notifications for our subscriptions

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data: see [your legal rights] below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Contact Us

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that haven’t been covered, please contact one of our directors who will be pleased to help you:

Email us at info@kitandkin.com, or write to us at The Directors, Kit & Kin Ltd, 22 Wycombe End, Beaconsfield, Bucks. HP9 1NB

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.