This is the Privacy Policy of Kurato Ltd. The policy outlines the data collection, use, and protection practices for users visiting the Kurato website. The company is committed to respecting user privacy and safeguarding their personal data. The policy describes the types of data collected, including Identity, Contact, Financial, Technical, Profile, and Sensitive Data, how the data is collected, and how it may be used. Kurato may use personal data to register new customers, process orders, deliver products, and for marketing and advertising purposes. Kurato may share user data with third-party service providers who must treat the data according to applicable laws and regulations. The policy also outlines how Kurato uses cookies and other technologies to collect user data. Kurato is committed to complying with all applicable laws, regulations, and codes of practice related to user data protection. This document can be printed for reference by using the print command in the settings of any browser.


1. Introduction

Kurato Ltd ("we" or "us" or "our") respects the privacy of our users ("user" or "you"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [kurato.co.uk] including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the "Site"). Please read this Privacy Policy carefully. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS THE SITE.

 2. Data Controller

"Kurato Ltd" is the controller and responsible for your personal data (referred to as "we", "us" or "our" in this privacy policy).

 3. Personal Data We Collect

We collect various types of personal data about you, which we have grouped together as follows:

  • Identity Data: This includes your first name, last name, username or similar identifier, and title.
  • Contact Data: This includes your billing address, delivery address, email address, social media addresses, and telephone numbers.
  • Financial Data: This includes your bank account and payment card details.
  • Transaction Data: This includes details about payments to and from you, as well as other details of products and services you have purchased from us.
  • Technical Data: This includes your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data: This includes your username, password(this is encrypted), purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Sensitive Data: This may include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. We will only collect sensitive data with your explicit consent.
  • Photo/Video/Audio Files Sharing - To provide better functionality, our site enables users to share multimedia files containing audio, video, or photographic material through their accounts. We may also ask for such content for marketing purposes. By uploading or sending us such content, you acknowledge that all media will be publicly accessible and can be viewed by others visiting our website. Although users may edit their profile preferences later, any previously uploaded images, clips, music, etc. may remain available online after deletion due to caching systems. Therefore, sharing intimate or revealing footage is discouraged unless you wish for it to become widely visible over time. Make informed decisions when choosing what assets to display, and avoid posting something embarrassing, harmful or illegal. Where this is flagged to us we will take reasonable steps to promptly delete the information from our records.

We may also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data, but it is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

We take your privacy seriously and are committed to protecting your personal data. We use your personal data only for the purposes for which it was collected and will not share it with third parties except as necessary to provide our services to you or as required by law.

 

4. How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

  • Direct interactions: You may give us your Identity, Contact, Financial, and Profile Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • create an account on our website;
    • make a purchase from us;
    • request marketing to be sent to you;
    • give us feedback or contact us.
  • Automated technologies or interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies.
  • Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
      • Technical Data from the following parties:
      • analytics providers;
      • advertising networks; and
      • search information providers.

 

5. How We Use Your Personal Data

We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

We may also use your personal data in the following situations:

  • Where you have given us explicit consent to use your personal data for a specific purpose.

We may use your personal data for the following purposes:

  • To register you as a new customer.
    • To process and deliver your order including:
    • managing payments, fees, and charges;
    • collecting and recovering money owed to us; and
    • arranging for shipping and delivery of products.
    • To manage our relationship with you including:
    • notifying you about changes to our terms or privacy policy;
    • asking you to leave a review or take a survey; and
    • responding to your customer service requests.
    • To administer and protect our business and this website including:
    • troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data;
    • ensuring network and information security;
    • preventing fraud and money laundering;
    • managing contacts, queries, complaints, disputes, and legal claims.
  • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
  • To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences.
  • To comply with applicable laws, regulations, and codes of practice.

The Personal Data collected will only be used for the purposes listed below, unless there is a reasonable need to use it for another compatible reason.

  • In case of using Personal Data for an unrelated purpose, the Privacy Policy will be updated and the legal basis for using it will be explained.
  • The GDPR requires a legal basis for each purpose of using Personal Data.
    • The legal bases we rely on are:
    • Contractual Necessity: When there is a need to perform or have performed a contract with you.
    • Legitimate Interests: When using Personal Data is necessary for our legitimate interests, as long as it does not override your interests and fundamental rights. The specific legitimate interests pursued for each Purpose are detailed in the table below.
    • Compliance with Law: When there is a need to comply with a legal or regulatory obligation


The legal bases used for each Purpose are provided in a table format.

PurposeWhy we do itOur legal basis for using this data

Provide Services

To ensure that we can provide you with the best possible Kurato Market experience, we need to process certain information. This is especially important in order to fulfill our contract with you, which governs the provision of our services. The types of processing we undertake include:

  • Administering orders and returns, such as by handling payments and refunds through our trusted payment processor.
  • Sharing your information with sellers so that they can fulfill your order.
  • Offering customer support to help address any issues you may encounter.
  • Creating and managing your account on the Site.
  • Providing any other necessary aspects of the Kurato Market services to you.

Contractual Necessity.

Legitimate interests (where you make an order for someone else) we have a legitimate interest in processing the Personal Data of the recipient of your order for the purposes of performing the agreement we made with you.


Gain Insight


To ensure that our users have the best possible experience on the Site, we occasionally record a small percentage of user sessions. This helps us identify any issues with the user journey and maintain a high level of service quality.

Legitimate Interests.

It is in our legitimate interests that we are able to monitor certain user journeys to ensure that we can develop and improve the features and functionalities of our Site.

Aggregated Data

We may use and share "Aggregated Data," which refers to statistical or demographic data that does not directly or indirectly reveal your identity. Aggregated Data may be created from your Personal Data, but once it is in aggregated form, it will not be considered Personal Data for the purposes of the GDPR. This means that we can use this data for any purpose, such as calculating the percentage of users accessing a specific Site feature by aggregating Technical Data and Behavioural Data.

However, if we combine Aggregated Data with your Personal Data in a way that can directly or indirectly identify you, we will treat the combined data as Personal Data and handle it in accordance with this Privacy Policy.


Legitimate Interests.

We have a legitimate interests in creating Aggregated Data to use and share for our own business purposes.

Safety and Compliance

Your Personal Data is used by us when we consider it necessary or suitable for the following reasons:

  • Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical, or illegal activities;
  • Enforce the terms and conditions that govern the use of the Kurato Market platform;
  • Comply with applicable laws, regulations, legal processes or governmental requests;
  • Protect our rights, privacy, safety or property, and/or that of you or others.

Legal Obligations.

Legitimate Interests.

We may also need to process your Personal Data to comply with a legal obligation, a court order or to exercise or defend legal claims.

Trouble Shooting

We may monitor our Site and services in order to track any technical issues that may arise. This helps us ensure that we can maintain a high level of service quality and promptly address any technical issues that may affect our users.


Legitimate Interests.

Monitoring and maintaining the proper functioning of our Site and associated systems and services is a key priority for us. We believe that we have a legitimate interest in conducting ongoing monitoring to ensure that our systems are operating smoothly and efficiently. This helps us identify and resolve any issues that may arise quickly and effectively, ultimately resulting in a better experience for our users.

Security

We use your Personal Data to help us keep our Site, as well as any associated services and systems, running smoothly and securely. This includes maintaining the functionality of our systems and protecting against any potential security threats.


Legitimate Interests.

We take the security and stability of our Site and associated IT services very seriously. To ensure ongoing protection, we have a legitimate interest in implementing measures to guard against potential threats, including scraping, automated spamming, denial-of-service attacks, crawling and similar activities. These measures help us maintain the integrity of our systems and provide a safe and secure experience for our users.

Marketing

We may use the information we collect to send you marketing communications about products and boutiques that we believe may be of interest to you. This helps us tailor our marketing efforts and ensure that we are providing you with relevant information about our offerings.

Legitimate Interests.

We have a legitimate interest in providing you with a high-quality experience and tailored content that meets your needs. To achieve this, we may:

  • Send you marketing communications about our products and services if you have subscribed to our mailing list or expressed interest in purchasing from us.

  • Track your engagement with our marketing emails, including whether you open or forward them, to ensure that the products and offers we share with you are relevant to your interests.

By taking these actions, we are able to deliver marketing communications that are relevant and helpful to you, while also ensuring that we are meeting our obligations as a responsible business.

 


6. Disclosure of Your Personal Data

We may share your personal data with the parties set out below for the purposes set out in Section 5:

  • Other companies in our group who provide IT and system administration services and undertake management reporting.
  • Third party service providers who provide IT and system administration services, payment processing, delivery, and marketing services.
  • Professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
  • HM Revenue & Customs, regulators, and other authorities who require reporting of processing activities in certain circumstances.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

7. International Transfers

We may transfer personal data to countries outside the European Economic Area (EEA) for the purposes described in this privacy policy. We will ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws.

 

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

 

9. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

 

10. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data including the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Withdraw consent.

If you wish to exercise any of the rights set out above, please contact us using the details provided in Section 2.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

11. Changes to Our Privacy Policy

We reserve the right to update this privacy policy at any time, and we will provide you with a new privacy policy when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.

 

12. Cookie Policy

Our website uses cookies, which are small files of letters and numbers that are stored on your browser or hard drive. Cookies allow us to distinguish you from other users of our website, which helps us to provide you with a better experience and improve our site.

We use the following types of cookies:

  • Strictly necessary cookies: These are required for the operation of our website, including cookies that enable you to log into secure areas.
  • Analytical/performance cookies: These allow us to count the number of visitors and see how they use our website. This helps us improve the site by making it easier to find what you're looking for.
  • Functionality cookies: These recognize you when you return to our site and allow us to personalize our content for you, such as remembering your language preference.
  • Targeting cookies: These record your visit to our site, the pages you visit, and the links you follow. We use this information to make our site and advertising more relevant to your interests. We may share this information with third parties for this purpose.

You can block cookies by adjusting your browser settings, but please note that this may impact your ability to access some parts of our site. For more information on cookies and how to disable them, please visit www.allaboutcookies.org.

We store cookies on your computer for varying lengths of time depending on the type of cookie. By using our site, you consent to our use of cookies.

When we use targeting cookies, we work with third-party advertising networks that allow us to show you ads that are more relevant to your interests. This involves sharing data with these networks, which may include information about your browsing activity on our site. However, we do not share any personally identifiable information with these networks.

The length of time we store cookies on your computer depends on the type of cookie. Session cookies are deleted when you close your browser, while persistent cookies may be stored for up to two years.

You can withdraw your consent to cookies at any time by adjusting your browser settings. Please note that this may impact your ability to access some parts of our site.

 

13. Changes to Our Cookie Policy

We may update our cookie policy from time to time. We will notify you of any changes by posting the new cookie policy on our website.

 

14. Third-Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.


15. Policy on Children

  • The Kurato Site is not intended for or marketed towards children under the age of 18.
  • We do not knowingly collect or solicit personal information from children under the age of 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take reasonable steps to promptly delete the information from our records.

 

16. Third Party Disclosure

We use several third-party services to help us operate the platform and provide services to our users. These services include Elementor, SiteGround, WordPress, Google reCAPTCHA, Yoast, MailChimp, Dokan, WooCommerce, Xtemos WordPress theme, Contact Form 7, Slider Revolution, Stripe and PayPal. These services may collect personal information from users, such as their IP address and browsing behaviour, in order to provide these services to us. We take appropriate measures to ensure that any third-party services we use are reputable and comply with applicable data protection laws. Stripe and PayPal are fully PCI compliant, Kurato does not directly handle or store any card details.

 

17. Contact Details

If you have any complaints or issues regarding the use of the Site or if you need further information, you can contact us at the following email address: enquiries@kurato.co.uk

We will make reasonable efforts to promptly address your concerns.

These Privacy Policies were last updated on September 13th, 2023.