1. Introduction
Kennis Europe Limited, trading as KTL Europe (“we”, “us”, “our”, or the “Company”), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with us, including when you use our website, services, or otherwise engage with us as a customer, supplier, business contact, or job applicant.
This policy complies with:
- The UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, together with the Data Protection Act 2018 (DPA 2018)
- The EU General Data Protection Regulation (EU) 2016/679 (EU GDPR), where applicable to our processing activities directed at individuals in the European Economic Area (EEA)
Please read this Privacy Policy carefully. If you have any questions about how we handle your personal data, please contact us using the details in Section 2 below.
2. Who We Are — Data Controller
For the purposes of UK GDPR and EU GDPR, the Data Controller is:
Registered in England and Wales
Jury Farm Ripley Lane, West Horsley, Leatherhead, KT24 6JT, United Kingdom
Email: gdpr@ktleurope.co.uk
Telephone: +44 (0) 1234 634567
We have appointed a Data Protection Lead who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions, including requests to exercise your legal rights, please contact our Data Protection Lead using the contact details above.
3. Personal Data We Collect
We may collect and process the following categories of personal data about you:
3.1 Identity Data
- First name and last name
- Title and/or job title
- Company or organisation name
- Username or similar identifier
3.2 Contact Data
- Business or personal email address
- Telephone number(s)
- Postal address (business or personal)
3.3 Financial and Transaction Data
- Bank account details (where required for payment processing)
- Purchase history, invoices, and payment records
- VAT registration numbers
3.4 Technical and Usage Data
- Internet Protocol (IP) address
- Browser type and version
- Time zone setting and location
- Operating system and platform
- Website usage data and analytics (including pages visited and duration of visit)
3.5 Marketing and Communications Data
- Preferences in receiving marketing communications from us
- Your communication preferences
3.6 Recruitment and HR Data (Job Applicants and Employees)
- Curriculum vitae (CV) / resume
- Employment history and references
- Right to work documentation
- Equal opportunities monitoring data (where provided voluntarily)
- National Insurance number or equivalent tax identification
3.7 Special Categories of Personal Data
We do not routinely collect or process special category data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data). Where we exceptionally need to process such data, we will obtain your explicit consent or rely on another lawful basis permitted under UK GDPR / EU GDPR Article 9 and will make this clear to you at the point of collection.
4. How We Collect Your Personal Data
We collect personal data through the following means:
- Directly from you: when you fill in forms on our website, contact us by email, telephone or post, enter into a contract with us, or apply for a role at the Company
- Automated technologies: as you interact with our website, we may automatically collect technical data using cookies, server logs, and similar technologies (see our Cookie Policy for further details)
- Third parties: including business partners, subcontractors, analytics providers, search information providers, credit reference agencies, and publicly available sources such as Companies House or LinkedIn
5. Lawful Basis for Processing
We will only process your personal data where we have a lawful basis to do so under Article 6 UK GDPR / EU GDPR. The lawful bases we rely on are:
- Contractual necessity (Article 6(1)(b)): where processing is necessary to perform a contract with you or to take steps at your request before entering a contract
- Legal obligation (Article 6(1)(c)): where processing is necessary to comply with a legal obligation to which we are subject, such as tax, employment law, or anti-money laundering requirements
- Legitimate interests (Article 6(1)(f)): where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your interests, rights, or freedoms
- Consent (Article 6(1)(a)): where you have given us clear and specific consent to process your personal data for a specific purpose. You may withdraw your consent at any time
- Vital interests (Article 6(1)(d)) and public task (Article 6(1)(e)): where applicable in specific circumstances
6. Purposes for Which We Use Your Personal Data
We process your personal data for the following purposes:
- To provide and manage our products and services
- To process and fulfil orders, including managing payments, fees, and charges
- To communicate with you about your account, purchases, or queries
- To comply with our legal and regulatory obligations
- To conduct due diligence, credit checks, and identity verification where required
- To manage our relationship with customers, suppliers, and business contacts
- To send you marketing communications about our products and services (where you have consented or where we have a legitimate interest to do so)
- To improve and develop our website and services, including analytics and research
- To manage and process job applications and recruitment processes
- To detect, investigate, and prevent fraud, security incidents, and other illegal or unauthorised activity
- To enforce our contractual terms and protect our legal rights
7. International Transfers of Personal Data
We are based in the United Kingdom and operate primarily within the UK and the European Economic Area (EEA). Where we transfer personal data outside of the UK or EEA, we ensure that appropriate safeguards are in place in accordance with UK GDPR and EU GDPR requirements, including:
- Transfers to countries or organisations covered by an adequacy decision by the UK Secretary of State (UK GDPR) or the European Commission (EU GDPR)
- Where no adequacy decision applies, transfers subject to appropriate safeguards such as Standard Contractual Clauses (SCCs) / UK International Data Transfer Agreements (IDTAs) or EU GDPR Model Clauses
- Where required, binding corporate rules or other approved transfer mechanisms
You may request further information about the specific safeguards applied to any international transfers by contacting us using the details in Section 2.
8. Sharing Your Personal Data
We may share your personal data with the following categories of third parties:
- Service providers and data processors: IT and system administration providers, cloud hosting providers, payment processors, logistics companies, and professional advisers — all bound by contractual obligations to keep your data confidential
- HM Revenue and Customs, regulators, and other public authorities: where required by law or to comply with legal obligations
- Business partners and customers: where necessary to perform our contracts
- Prospective buyers: in the event of a business sale, merger, or acquisition (subject to appropriate confidentiality obligations)
9. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
| Data Type | Retention Period |
|---|---|
| Customer & supplier contract records | 7 years from end of contractual relationship |
| Financial and transaction records | 7 years from date of transaction |
| Employee records | Up to 7 years from termination of employment |
| Unsuccessful job applicant records | Up to 6 months from notification of outcome |
| Marketing contact records | Until consent is withdrawn or legitimate interest ceases |
| Website analytics data | As defined by our cookie settings |
Where we no longer need to process your personal data, we will securely delete or anonymise it.
10. Your Rights Under UK GDPR and EU GDPR
Subject to applicable law and certain conditions, you have the following rights in relation to your personal data:
Request a copy of the personal data we hold about you (Subject Access Request).
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data in certain circumstances.
Request that we restrict the processing of your personal data.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests or for direct marketing.
Not to be subject to decisions based solely on automated processing.
Withdraw consent at any time without affecting prior lawful processing.
11. Right to Lodge a Complaint
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the relevant supervisory authority. We would appreciate the opportunity to deal with your concerns first — please contact us before approaching a regulator.
12. Cookies and Similar Technologies
Our website uses cookies and similar tracking technologies to distinguish you from other users and to improve your experience. We use the following types of cookies:
- Strictly necessary cookies: required for the operation of our website. These cannot be switched off
- Analytical / performance cookies: used to count visitors and see how they move around our website (e.g., Google Analytics). Information is aggregated and anonymised
- Functionality cookies: used to recognise you when you return and personalise content
- Targeting cookies: used to record your visit and make our website and advertising more relevant to your interests
You can set your browser to refuse all or some cookies. If you disable or refuse cookies, some parts of our website may become inaccessible. For full details, please see our Cookie Policy at https://ktleurope.co.uk/cookie-policy/
13. Third-Party Websites and Links
Our website may include links to third-party websites, plug-ins, and applications. We do not control these websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
14. Data Security
We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These measures include:
- Encryption of personal data in transit and at rest where appropriate
- Access controls limiting personal data to those with a business need to know
- Procedures for dealing with suspected personal data breaches
- Regular testing and evaluation of the effectiveness of our security measures
We will notify you and any applicable supervisory authority (including the ICO) of a breach where we are legally required to do so.
15. Children’s Personal Data
Our services are not directed at children under the age of 13 (or up to 16 under applicable local law). We do not knowingly collect personal data from children. If you believe we may have collected data from a child without appropriate consent, please contact us immediately and we will take steps to delete that data.
16. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a revised “Last Updated” date. We encourage you to review this policy periodically.
17. Glossary
- “Personal data” — any information relating to an identified or identifiable natural person.
- “Processing” — any operation performed on personal data, such as collection, storage, use, disclosure, or destruction.
- “Data controller” — the entity that determines the purposes and means of processing personal data.
- “Data processor” — an entity that processes personal data on behalf of the data controller.
- “Special category data” — data revealing racial or ethnic origin, political opinions, religious beliefs, health, sex life, sexual orientation, genetic or biometric data.
- “UK GDPR” — the UK General Data Protection Regulation as retained in UK law by the EU (Withdrawal) Act 2018, together with the Data Protection Act 2018.
- “EU GDPR” — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.