Privacy Policy
We are committed to protecting your privacy and comply with all applicable UK and EU data protection laws when controlling and processing your data.
This policy sets out when, how and why we may collect and use your personal information, as well as the type of personal information we may collect from you when using the www.keepincase.com websites (the “Platform”).
This policy also sets out your rights and our obligations in respect of the controlling and processing of your personal information by us.
To the extent that we provide personal information to third party processors, those processors are obliged to comply with this policy when processing personal information on our behalf. Any breach of this policy by that third party may result in disciplinary action being taken against them.
- Who we are
We are TKTAK Limited (“we/our/us”). We are a company registered in England and Wales with company number 15610515. Our business address is Unit 5 Bromley Hall, 43 Gillender Street, London, England, E14 6RN.
For the purpose of the Data Protection Act 1998 (“the Act”) and General Data Protection Regulation (Regulation (EU) 2016/679) (“the Regulation”) we are a data controller provided by you to us through our Platform.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager at sales@keepincase.com
- Information we may collect and process
We may collect and process various types of personal information at the time of you create an account, make a purchase through and during your use of our Platform. We will also collect personal information when corresponding with us by phone, email or otherwise.
The type of information collected, and the manner in which such information is used by us, will vary depending on how you use our Platform and whether or not you have consented for us to collect and/or process that information. Further details are set out below in paragraph 3 under the heading “How We Collect Personal Information”.
By using our Platform you are agreeing for us to collect and process the personal information provided as part of that process, for the purposes made clear to you at that time of collection.
The personal information we collect from you may be held on paper or on a computer or other media, and is subject to certain legal safeguards specified in the Act and the Regulation.
- How we collect personal information
Personal information may be collected by us by you actively giving us the information or passively by you using our Platform. The specific types of personal information we may collect from you, and the manner in which such data may be collected, includes:
-
i) Account Registration Information.This is data we must collect from you in order to process and activate your account registration to use our Platform. We may also use Account Registration Information for the purpose of providing you with information about similar products and services we or selected third parties provide.
Account Registration Information includes, but is not limited to, names, email addresses, passwords, addresses, postcodes and telephone numbers. You may also choose to provide additional, non-necessary information to us at the time of completing the relevant account registration form.
Account Registration Information will be collected by us when completing and submitting the account registration form through the Platform. -
ii) Purchase Information. This data includes information which you submit to us when you place an order or purchase products through our Platform.
Purchase Information includes, but is not limited to, names, email addresses, addresses, postcodes, payment details, telephone numbers, delivery addresses, delivery preferences and details of your electronic products. You may also choose to provide additional, non-necessary information to us at the time of completing the relevant request form.
iii) Information from your contact with us. This data includes information which we collect or you submit by getting in contact with us via the Platform, phone or in writing by letter or email.
Information from your contact with us includes, but is not limited to, names, email addresses, addresses, postcodes, telephone numbers, delivery addresses and details of your queries or complaints to us. You may also choose to provide additional, non-necessary information to us at the time of completing the relevant request form.
- iv) Platform Data.This data is passively collected by us in the course of you using and browsing the Platform (“Platform Data”).
-
v)Platform Data includes, but is not limited to, your device’s Internet Protocol (IP) address, your login information, web cookies, browser type and version, the pages of our Platform you visit, the amount of time spent on each page of our Platform, time zone settings, the time and date of your visit and the operating system or platform you use, information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Platform (including date and time), any products you have viewed or searched for, page response times, download errors, length of visits to certain pages within the Platform, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. Platform Data is collected by us when it is transmitted to us during or after your use of the Platform. Marketing and Communications Data. This data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Marketing and Communication Data includes, but is not limited to, names, email addresses, addresses, postcodes, telephone numbers, delivery addresses and details of your choice of marketing materials.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
- How we use your personal information
We may use the personal data we collect for several purposes, including for the purpose of creating your personal user account, granting a user account to you, reviewing orders, processing orders, in order for you to gain full accessibility to the Platform, assessing our performance and the performance of our Platform or implementing changes to our service or the Platform.
Where you have chosen or where we have given you a password, you are responsible for keeping this password confidential. We ask you not to share this password with anyone and to change it if you suspect someone has gained access to it.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us [LINK] if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
To register you as a new customer/client |
(a) Identity (b) Contact |
Performance of a contract with you |
To process your order or request and to deliver products/services to you including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms and Conditions or privacy policy (b) Asking you to leave a review, take a survey or provide other feedback |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers/clients use our products/services) |
To enable you to partake in a competition, to complete a survey or to provide other feedback |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers/clients use our products/services, to develop them and grow our business) |
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to study how customers/clients use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products/services, marketing, customer/client relationships and experiences |
(a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of customers/clients for our products/services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about products/services that may be of interest to you |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
Direct Marketing
We may also use such data in order for us to send newsletters and direct marketing to you if:
- you have consented to receiving such information; or
- if you have not consented, if we consider sending such information to you to be a legitimate interest.
You may inform us that you wish us to stop using your data for this purpose at any time by following the unsubscribe procedure described in the marketing and newsletter emails you receive.
Platform Data:
We may use Platform Data for the purpose of understanding how our customers’ behave in order for us to develop or optimise:
a) how the Platform works for you;
b) the information and services provided to you through our Platform;
c) the effectiveness of our online advertising and branding (to the extent that we use such advertising).
Storage of personal data
All personal information we collect and process is stored on our secure servers.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for at least six years after they cease being customers for tax purposes.
Details of other retention periods for different aspects of your personal data are contained in our retention policy which you can request from us by contacting us.We do not store any credit card or banking details. All of the payments on our Platform are processed through Paypal, a third party payment provider unconnected to our Platform. Please refer to their terms and conditions https://www.paypal.com/ee/webapps/mpp/ua/useragreement-full) and their privacy policy (available at https://www.paypal.com/ee/webapps/mpp/ua/privacy-full) for more details on their service, how your payments are processed and how they collect and use your payment information.
- Your rights and our obligations
Consent
We will generally process personal data on the basis of having specific consent to do so for that specific purpose. If we require your consent, we will explicitly ask for such consent at the time of collecting your personal data.
However, we may also process your personal information if we are able to do so without explicit consent under the Act and/or Regulation. For example, we may be able to legally control and process your personal information without your consent if it is necessary in order for us to provide the service you have asked to, or if we have a legitimate interest in doing so, or if doing so is in the public interest.
We may also process your personal information without your consent if we have a legitimate interest in doing so, for example, for some internal administrative purposes, or for the purpose of ensuring electronic information security.
If we are controlling and processing your personal information on the sole basis of having your consent to do so, we must gain separate consents from you in respect of each distinct processing operation.
Where we are processing your personal information on the basis of you having given us your consent to do so, you do have the right to withdraw that consent at any time, but this will not affect the lawfulness of processing prior to the withdrawal of such consent. You can exercise your right to withdraw consent to processing at any time by contacting us via sales@keepincase.com.
Rectification and Erasure
You benefit from the right to rectify inaccurate personal information we hold which relates to you (also known as the “right to rectification”). This means that, taking into account the subject of the processing, you shall have the right to have incomplete personal information completed. You can exercise your right to rectification by contacting us via sales@keepincase.com.
You also benefit from the right to erasure (also known as the ‘right to be forgotten’). This means that you have the right to request us to erase personal information we hold about you, and that we should erase such data without undue delay, provided that you are able to demonstrate one of the following to us:
- that our processing of the personal information is no longer necessary in relation to the purpose for which it was collected;
- that you withdraw your consent to the processing and there is no other legal ground for us to continue to process the data;
- that you object to the processing under regulation 21 of the Regulation and there are no overriding legitimate grounds for processing;
- that the personal information must be erased in order to comply with a national legal obligation; or
- the personal information in question belongs to a child under the age of 16 and no consent is given or authorised by the holder of parental responsibility over the child.
Data Portability
You also have the right to receive the personal information concerning you in a structured, commonly used and machine-readable format. You have the right to transmit such data to other data controllers without hindrance from us. This applies where we are processing that data on the basis of your consent or where it is necessary for the performance of a contract, and the processing is carried out by automated means.
Subject Access Requests
You as a data subject are entitled to make a formal request to have details and copies of the personal information we hold about you. We must provide you with a copy of this information, the reasons it is being processed and whether it will be given to any other organisations or people provided that you make this request in writing. Some exceptions to this will apply.
- Sharing and transferring personal information
We use industry standard encryption for transmission of data to our systems. Although we cannot guarantee the absolute safety of transmission of data via the Internet, we adhere to the highest standards to give your data the strongest protection possible.
Sharing of Personal information
We may share personal information we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also disclose personal information we hold to third parties, with your consent, or on the basis of us an otherwise lawful reason for doing so under the Act and/or Regulation:
- in order to facilitate, provide and improve the products and services we provide to you through our Platform;
- in order to analyse the manner in which our services are used by services and product users;
- in the event that we sell or buy any business or assets, in which case we may disclose personal information we hold to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party, in which case personal information we hold will be one of the transferred assets; and
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Transfers outside the EEA
We may transfer any personal information we hold to a country outside the European Economic Area (EEA), provided that one of the following conditions applies:
- the country to which the personal information is transferred ensures an adequate level of protection for the data subjects' rights and freedoms;
- you have given your consent;
- the transfer is necessary for one of the reasons set out in the Act and/or Regulation, including the protection of your vital interests;
- the transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims; or
- the transfer is authorised by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects' privacy, their fundamental rights and freedoms, and the exercise of their rights.
Personal information we hold may also be processed by staff operating outside the EEA who works for us or for one of our suppliers. That staff may be engaged in, among other things, the provision of support services.
- Changes to this policy
This version was last updated on 24 May 2018
We reserve the right to change this policy at any time. Where appropriate, we will notify you, as a data subject, of those changes by email.
We recommend that you also regularly review this privacy policy for any changes.
- Concerns or complaints
If you have any concerns or complaints relating to this policy, its subject matter, or the manner in which we collect, control and/or process your personal information, please do let us know by sending an email to sales@keepincase.com.
You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal information has infringed the Regulation. In the UK, the relevant supervisory authority is the Information Commissioner’s Office.