Privacy policy.

 KAHO LTD Customer Privacy Notice

This privacy notice tells you what to expect us to do with your personal information.

·   Contact details

·   What information we collect, use, and why

·   Lawful bases and data protection rights

·   Where we get personal information from

·   How long we keep information

·   Who we share information with

·   Sharing information outside the UK

·   How to complain

Contact details

Email

aston.kaho@outlook.com

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

·   Names and contact details

·   Addresses

·   Purchase or account history

·   Payment details (including card or bank information for transfers and direct debits)

·   Account information

·   Information relating to loyalty programmes

·   Website user information (including user journeys and cookie tracking)

·   Photographs or video recordings

·   Information relating to compliments or complaints

We collect or use the following information for the operation of customer accounts and guarantees:

·   Names and contact details

·   Addresses

·   Payment details (including card or bank information for transfers and direct debits)

·   Purchase history

·   Account information, including registration details

·   Information used for security purposes

·   Marketing preferences

We collect or use the following information for service updates or marketing purposes:

·   Names and contact details

·   Addresses

·   Marketing preferences

·   Location data

·   Recorded images, such as photos or videos

·   Purchase or viewing history

·   IP addresses

·   Website and app user journey information

·   Records of consent, where appropriate

We collect or use the following information for research or archiving purposes:

·   Names and contact details

·   Addresses

·   Location data

·   Recorded images, such as photos or videos

·   Purchase or viewing history

·   IP addresses

·   Website and app user journey information

·   Personal information used for administration of research

·   Personal information used for the purpose of research

·   Records of consent, where appropriate

We collect or use the following information to comply with legal requirements:

·   Name

·   Contact information

We collect or use the following personal information for dealing with queries, complaints or claims:

·   Names and contact details

·   Address

·   Payment details

·   Account information

·   Purchase or service history

·   Customer or client accounts and records

·   Financial transaction information

·   Correspondence

Lawful bases and data protection rights

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide services and goods are:

·   Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

·   Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

·   Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for research or archiving purposes are:

·   Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for legal requirements are:

·   Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

·   Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Where we get personal information from

·   Directly from you

·   Providers of marketing lists and other personal information

How long we keep information

We will only store personal information for as long as we require.

Who we share information with

Data processors:

Squarespace

This data processor does the following activities for us: (a) maintaining and servicing your Account(s); (b) serving and rendering your websites to End Users; (c) enabling you to transact and communicate with your End Users; (d) providing analytics, auditing or verifying events related to your End Users’ visits to your websites; (e) ensuring the security and integrity of the Services; and (f) debugging, and improving the Services.

Sharing information outside the UK

Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Squarespace

Category of recipient: Website provider

Country the personal information is sent to: United States

How the transfer complies with UK data protection law:

Taking into account, in particular, the Security Measures and safeguards provided for in this DPA and the specific circumstances, you authorize Squarespace to transfer Your Controlled Data away from the country in which such data was originally collected to other countries globally in which Squarespace or any Sub-Processors operate, including in particular, to the US. Squarespace, Inc. complies with the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework (each individually and collectively, the “Data Privacy Frameworks”). Squarespace, Inc. has certified to the U.S. Department of Commerce its adherence to the Data Privacy Frameworks regarding the processing of personal information received from the EEA, Switzerland and/or the UK. You can find Squarespace, Inc.’s certification here. Squarespace, Inc. is committed to treating personal information received from the EEA, Switzerland and/or the UK pursuant to the applicable Data Privacy Framework in accordance with the principles thereof (the “DPF Principles”). You can learn more about the Data Privacy Frameworks and DPF Principles by visiting https://www.dataprivacyframework.gov/. Squarespace will use the applicable Data Privacy Framework to lawfully transfer personal information received from the EEA, Switzerland and/or the UK, and ensure that it provides at least the same level of protection to such personal information as is required by the DPF Principles and will let you know if it is unable to comply with this requirement. If European Data Protection Laws require that appropriate safeguards are put in place (for example, if the Data Privacy Frameworks do not cover the transfer to Squarespace, Inc. in the US and/or the applicable Data Privacy Framework is invalidated), the standard contractual clauses, approved by the European Commission decision 2021/914, dated 4 June 2021 (and with respect to the UK, the international data transfer addendum to the European Commission’s standard contractual clauses approved by the Information Commissioner’s Office, effective March 21, 2022) will be incorporated by reference and form part of the Agreement. Unless such transfer is otherwise permitted under European Data Protection Laws, transfers to a Sub-Processor in any country not recognized under European Data Protection Laws as providing an adequate level of protection for Your Controlled Data shall proceed pursuant to (a) the processor to processor (module 3) standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR and approved by the European Commission decision 2021/914, dated 4 June 2021 (and with respect to the UK, the international data transfer addendum to the European Commission’s standard contractual clauses approved by the Information Commissioner’s Office, effective March 21, 2022); or (b) such other standard contractual clauses for the transfer of personal data to third countries that are recognized under the applicable European Data Protection Laws in the EEA, UK or Switzerland. In order to facilitate an efficient and coordinated service, all communication with Squarespace and any Sub-Processor (including Squarespace, Inc.) in connection with such standard contractual clauses will, to the extent possible, be coordinated and directed through Squarespace Ireland Limited.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

06 October 2024