Privacy Policy

1. Introduction

Kennis Europe Limited, trading as KTL Europe (“we”, “us”, “our”, or the “Company”), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with us, including when you use our website, services, or otherwise engage with us as a customer, supplier, business contact, or job applicant.

This policy complies with:

  • The UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, together with the Data Protection Act 2018 (DPA 2018)
  • The EU General Data Protection Regulation (EU) 2016/679 (EU GDPR), where applicable to our processing activities directed at individuals in the European Economic Area (EEA)

Please read this Privacy Policy carefully. If you have any questions about how we handle your personal data, please contact us using the details in Section 2 below.

2. Who We Are — Data Controller

For the purposes of UK GDPR and EU GDPR, the Data Controller is:

Kennis Europe Limited t/a KTL Europe
Registered in England and Wales
Jury Farm Ripley Lane, West Horsley, Leatherhead, KT24 6JT, United Kingdom
Email: gdpr@ktleurope.co.uk
Telephone: +44 (0) 1234 634567

We have appointed a Data Protection Lead who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions, including requests to exercise your legal rights, please contact our Data Protection Lead using the contact details above.

3. Personal Data We Collect

We may collect and process the following categories of personal data about you:

3.1 Identity Data

  • First name and last name
  • Title and/or job title
  • Company or organisation name
  • Username or similar identifier

3.2 Contact Data

  • Business or personal email address
  • Telephone number(s)
  • Postal address (business or personal)

3.3 Financial and Transaction Data

  • Bank account details (where required for payment processing)
  • Purchase history, invoices, and payment records
  • VAT registration numbers

3.4 Technical and Usage Data

  • Internet Protocol (IP) address
  • Browser type and version
  • Time zone setting and location
  • Operating system and platform
  • Website usage data and analytics (including pages visited and duration of visit)

3.5 Marketing and Communications Data

  • Preferences in receiving marketing communications from us
  • Your communication preferences

3.6 Recruitment and HR Data (Job Applicants and Employees)

  • Curriculum vitae (CV) / resume
  • Employment history and references
  • Right to work documentation
  • Equal opportunities monitoring data (where provided voluntarily)
  • National Insurance number or equivalent tax identification

3.7 Special Categories of Personal Data

We do not routinely collect or process special category data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data). Where we exceptionally need to process such data, we will obtain your explicit consent or rely on another lawful basis permitted under UK GDPR / EU GDPR Article 9 and will make this clear to you at the point of collection.

4. How We Collect Your Personal Data

We collect personal data through the following means:

  • Directly from you: when you fill in forms on our website, contact us by email, telephone or post, enter into a contract with us, or apply for a role at the Company
  • Automated technologies: as you interact with our website, we may automatically collect technical data using cookies, server logs, and similar technologies (see our Cookie Policy for further details)
  • Third parties: including business partners, subcontractors, analytics providers, search information providers, credit reference agencies, and publicly available sources such as Companies House or LinkedIn

5. Lawful Basis for Processing

We will only process your personal data where we have a lawful basis to do so under Article 6 UK GDPR / EU GDPR. The lawful bases we rely on are:

  • Contractual necessity (Article 6(1)(b)): where processing is necessary to perform a contract with you or to take steps at your request before entering a contract
  • Legal obligation (Article 6(1)(c)): where processing is necessary to comply with a legal obligation to which we are subject, such as tax, employment law, or anti-money laundering requirements
  • Legitimate interests (Article 6(1)(f)): where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your interests, rights, or freedoms
  • Consent (Article 6(1)(a)): where you have given us clear and specific consent to process your personal data for a specific purpose. You may withdraw your consent at any time
  • Vital interests (Article 6(1)(d)) and public task (Article 6(1)(e)): where applicable in specific circumstances

6. Purposes for Which We Use Your Personal Data

We process your personal data for the following purposes:

  • To provide and manage our products and services
  • To process and fulfil orders, including managing payments, fees, and charges
  • To communicate with you about your account, purchases, or queries
  • To comply with our legal and regulatory obligations
  • To conduct due diligence, credit checks, and identity verification where required
  • To manage our relationship with customers, suppliers, and business contacts
  • To send you marketing communications about our products and services (where you have consented or where we have a legitimate interest to do so)
  • To improve and develop our website and services, including analytics and research
  • To manage and process job applications and recruitment processes
  • To detect, investigate, and prevent fraud, security incidents, and other illegal or unauthorised activity
  • To enforce our contractual terms and protect our legal rights

7. International Transfers of Personal Data

We are based in the United Kingdom and operate primarily within the UK and the European Economic Area (EEA). Where we transfer personal data outside of the UK or EEA, we ensure that appropriate safeguards are in place in accordance with UK GDPR and EU GDPR requirements, including:

  • Transfers to countries or organisations covered by an adequacy decision by the UK Secretary of State (UK GDPR) or the European Commission (EU GDPR)
  • Where no adequacy decision applies, transfers subject to appropriate safeguards such as Standard Contractual Clauses (SCCs) / UK International Data Transfer Agreements (IDTAs) or EU GDPR Model Clauses
  • Where required, binding corporate rules or other approved transfer mechanisms

You may request further information about the specific safeguards applied to any international transfers by contacting us using the details in Section 2.

8. Sharing Your Personal Data

We may share your personal data with the following categories of third parties:

  • Service providers and data processors: IT and system administration providers, cloud hosting providers, payment processors, logistics companies, and professional advisers — all bound by contractual obligations to keep your data confidential
  • HM Revenue and Customs, regulators, and other public authorities: where required by law or to comply with legal obligations
  • Business partners and customers: where necessary to perform our contracts
  • Prospective buyers: in the event of a business sale, merger, or acquisition (subject to appropriate confidentiality obligations)
✓ Our commitment We do not sell, rent, or otherwise trade your personal data to third parties for their own marketing purposes.

9. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

Data Type Retention Period
Customer & supplier contract records 7 years from end of contractual relationship
Financial and transaction records 7 years from date of transaction
Employee records Up to 7 years from termination of employment
Unsuccessful job applicant records Up to 6 months from notification of outcome
Marketing contact records Until consent is withdrawn or legitimate interest ceases
Website analytics data As defined by our cookie settings

Where we no longer need to process your personal data, we will securely delete or anonymise it.

10. Your Rights Under UK GDPR and EU GDPR

Subject to applicable law and certain conditions, you have the following rights in relation to your personal data:

Right of Access
Article 15

Request a copy of the personal data we hold about you (Subject Access Request).

Right to Rectification
Article 16

Request correction of inaccurate or incomplete personal data.

Right to Erasure
Article 17

Request deletion of your personal data in certain circumstances.

Right to Restriction
Article 18

Request that we restrict the processing of your personal data.

Right to Portability
Article 20

Receive your data in a structured, machine-readable format.

Right to Object
Article 21

Object to processing based on legitimate interests or for direct marketing.

Automated Decisions
Article 22

Not to be subject to decisions based solely on automated processing.

Withdraw Consent
Article 6(1)(a)

Withdraw consent at any time without affecting prior lawful processing.

How to exercise your rights Contact us in writing at gdpr@ktleurope.co.uk. We will respond within one month of receipt. We may need to verify your identity before processing your request. There is generally no charge unless a request is manifestly unfounded, repetitive, or excessive.

11. Right to Lodge a Complaint

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the relevant supervisory authority. We would appreciate the opportunity to deal with your concerns first — please contact us before approaching a regulator.

🇬🇧 UK Residents — ICO

Information Commissioner’s Office

www.ico.org.uk

Helpline: 0303 123 1113

Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF

🇪🇺 EEA Residents

Contact the supervisory authority in your EU Member State of habitual residence, place of work, or place of the alleged infringement.

www.edpb.europa.eu

12. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users and to improve your experience. We use the following types of cookies:

  • Strictly necessary cookies: required for the operation of our website. These cannot be switched off
  • Analytical / performance cookies: used to count visitors and see how they move around our website (e.g., Google Analytics). Information is aggregated and anonymised
  • Functionality cookies: used to recognise you when you return and personalise content
  • Targeting cookies: used to record your visit and make our website and advertising more relevant to your interests

You can set your browser to refuse all or some cookies. If you disable or refuse cookies, some parts of our website may become inaccessible. For full details, please see our Cookie Policy at https://ktleurope.co.uk/cookie-policy/

13. Third-Party Websites and Links

Our website may include links to third-party websites, plug-ins, and applications. We do not control these websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

14. Data Security

We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These measures include:

  • Encryption of personal data in transit and at rest where appropriate
  • Access controls limiting personal data to those with a business need to know
  • Procedures for dealing with suspected personal data breaches
  • Regular testing and evaluation of the effectiveness of our security measures

We will notify you and any applicable supervisory authority (including the ICO) of a breach where we are legally required to do so.

15. Children’s Personal Data

Our services are not directed at children under the age of 13 (or up to 16 under applicable local law). We do not knowingly collect personal data from children. If you believe we may have collected data from a child without appropriate consent, please contact us immediately and we will take steps to delete that data.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a revised “Last Updated” date. We encourage you to review this policy periodically.

17. Glossary

  • “Personal data” — any information relating to an identified or identifiable natural person.
  • “Processing” — any operation performed on personal data, such as collection, storage, use, disclosure, or destruction.
  • “Data controller” — the entity that determines the purposes and means of processing personal data.
  • “Data processor” — an entity that processes personal data on behalf of the data controller.
  • “Special category data” — data revealing racial or ethnic origin, political opinions, religious beliefs, health, sex life, sexual orientation, genetic or biometric data.
  • “UK GDPR” — the UK General Data Protection Regulation as retained in UK law by the EU (Withdrawal) Act 2018, together with the Data Protection Act 2018.
  • “EU GDPR” — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.