Kata

Privacy Policy

Last updated: January 2025

1. Introduction

Kata ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at kata.co.uk.

By using Kata, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

When you create an account and use Kata, we collect:

  • Account information: name, email address, phone number, password
  • Business profile information: business name, description, contact details, address, business hours
  • Content you upload: logos, images, catalogue items, team member information
  • Payment information: processed securely through Stripe (we do not store full card details)

2.2 Information Collected Automatically

When you access our services, we automatically collect:

  • Device information: browser type, operating system, device identifiers
  • Usage data: pages visited, time spent, clicks, referring URLs
  • IP address and approximate location
  • Cookies and similar tracking technologies (see our Cookie Policy)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Create and manage your account and business profile
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmation, password resets, billing)
  • Send marketing communications (with your consent)
  • Respond to your enquiries and provide customer support
  • Analyse usage patterns to improve user experience
  • Detect, prevent, and address technical issues or fraud
  • Comply with legal obligations

4. Legal Basis for Processing (UK GDPR)

Under UK data protection law, we process your data based on:

  • Contract: To provide services you have requested
  • Legitimate interests: To improve our services, prevent fraud, and for marketing (where appropriate)
  • Consent: For marketing communications and non-essential cookies
  • Legal obligation: To comply with applicable laws

5. Information Sharing

We may share your information with:

  • Service providers: Companies that help us operate our business (hosting, payment processing, email delivery, analytics)
  • Payment processors: Stripe processes payments on our behalf
  • Legal authorities: When required by law or to protect our rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets

Your public business profile information (name, description, contact details, catalogue) is visible to anyone who views your profile page. This is the core purpose of the service.

6. Data Storage and Security

We store your data on secure servers and implement appropriate technical and organisational measures to protect your information. However, no method of transmission over the Internet is 100% secure.

Your images and files are stored using industry-standard cloud storage services. Payment information is processed and stored by Stripe in accordance with PCI-DSS standards.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymise your data within 30 days, except where we need to retain it for legal or legitimate business purposes.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests or for marketing
  • Withdraw consent: Where processing is based on consent

To exercise these rights, please contact us at privacy@kata.co.uk. We will respond within one month.

9. International Transfers

Some of our service providers may be located outside the UK. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Children's Privacy

Kata is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or by posting a notice on our website. Your continued use of Kata after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.