Kindred Global Privacy Notices
Last updated 27 November 2024
In this privacy notice, we describe who we are, and how we look after your data. This notice applies to you if you browse our website, use the Kindred App, Kindred SDK, browser extension, APO's as well as the Add-on for Samsung (each are identified separately below).
You can manage your privacy preferences by contacting us on privacy@kindredteam.com or if you have used the Kindred CMP you can use that mechanism.
Part 1: Our approach
This section introduces us, the role we play in relation to your data, and our approach to protecting your data.
What is this notice about?
We take your rights very seriously and have built our service to collect the minimum data necessary to provide a great service to you and our advertisers. Please take the time to understand how we collect, use, and process your data.
We collect and use certain data to deliver the Kindred experience to you when you use: our websites, www.kindred.co and app.kindred.co and sdk.kindred.co (collectively the ‘Websites’), The Kindred app (from the Apple App Store or the Google Play Store), the Kindred SDK, Kindred API service and the add-on for Samsung or other services (collectively the ‘Services’). Kindred serves as the data controller unless stated otherwise.
Our data capture technology is unique in that it has been designed to selectively capture a limited range1 of your shopping preferences. Kindred does not collect data indiscriminately and only captures data necessary to provide its services to you and to its clients and their third-party vendors. This enables Kindred to use IDs to work with approved third parties and provide insights and audience curation services. In return our users get additional benefits such as exclusive discounts and collectively contribute to environmental and charitable causes.
Kindred services are not intended for children, and we do not knowingly process data relating to children.
Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. If you do not agree with how we do this, please do not use our services or use this Website any further. Kindred participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Kindred’s identification number is 1245. Kindred operates the Consent Management Platform.
Part 2: What we collect and use
This section describes what data we collect, when, and how and we've set this out by way of a typical user journey (though it may not happen in that sequence)
|
Our interaction with you |
What data we collect and from whom |
What we do with your data |
Legal basis for processing your data |
|
Visiting our websites |
We collect information about your browser, device, and activities on our websites. We collect this data directly from you and you interaction with our Websites. |
We collect, store, and use website visit data to make our website more intuitive and easier to use and protect the security and effective functioning of our websites. Your data is stored in the UK or the Netherlands, and we keep it for up to 2 years. We use third parties (see Part 4 below) based in the EU and the US to help us understand how you use our websites. |
It is in our legitimate interests to monitor how our website is used to help us (a) improve the layout and information available on our website and provide a better service to our website users, (b) see website usage and statistics, and (c) monitor how our website is used to detect and prevent fraud, other crimes, and the misuse of our website. |
|
Making contact |
When you contact us via the Website, email, telephone, instant chat, social media, we will collect and store the details you give us, which may include your first name and surname, email address, job title, company, and any other information you choose to provide us. We collect this data directly from you when you contact us. |
We use the data you provide us to communicate with you, answer your queries, and to respond to your requests. Your data is stored in the UK or the Netherlands, and we keep it for up to 2 years and is not shared with any third parties, except on occasion with service providers such as IT or security, to ensure that our services are maintained.
|
Our legal basis for processing your data is legitimate interest, and we process your data to respond to you contacting us. |
|
Signing up for our newsletter or alerts |
If you sign up for our newsletters or alerts, we will collect your contact details. Depending on how you want to be contacted we will collect your name, email address and/or your phone number.
We collect this data directly from you. |
We collect your data when you sign up for our newsletters or alerts so that we can provide you with the latest Kindred news and offers as they become available. Your data is stored in the UK or the Netherlands, and we keep this until such times as you withdraw your consent. This data is not shared with any third parties, except on occasion with service providers such as IT or security, to ensure that our services are maintained. |
To process your data in this way, we ask for your consent at the time you sign up for the newsletter or alert. You can withdraw your consent at any time, and if you do so we will be unable to continue to provide you with our newsletters of alerts. |
|
Signing up |
If you create an account, we will collect your contact details (name and email address) and another other details you may provide us (for example, phone number, nickname, Paypal account details, and consent to receiving marketing). We collect this data directly from you. |
We collect your data when you sign up for our services to manage your account, and where relevant, your marketing choice. |
It is in our legitimate interest to process your data when you sign up for an account, so that we can manage your account (to provide you cashback from merchants from whom you make a purchase and allow you to donate to a charity of your choice) and to communicate with you. |
|
When you use our Websites or Services (e.g., App, browser extension services).
|
Information sent to us by your computer, mobile phone, or other device, including: • Device identifier, device name, operating system, and browser type, country code |
We use your data to: • To administer the app and browser extension services |
In all interactions with our App and services (see also below for App, browser extension service, Add-on for Samsung) on first usage, we ask for your explicit permission to collect specific information from your device. We do not assume you have already given permission and provide you an opt-in permission button to allow us to do so. Only when you have given us permission do we start to collect the information. We use legitimate interest to process your data as described under 'What we do with your data'. |
|
When you use our Websites or Services (e.g., App, browser extension services, API). |
When you use our services, we process information sent to us by your device (e.g., computer, tablet, mobile phone) where you have installed the App and activated the extension including: • Country code • Randomly assigned click IDs for each visit • Selected keywords from your search strings • MAID's (Mobile Advertising ID's) |
We process your data for the following purposes, in our legitimate interest: • To select advertising using limited data |
We use legitimate interest to process your data to provide our services. Kindred provides you control over our processing under legitimate interest by contacting us using the email address provided above. |
|
When you use our Websites or Services (e.g., The Kindred App, Kindred SDK, Add-on for Samsung, and Kindred API services) and have used our CMP TCF UI (our privacy preference management facility) to manage your privacy preferences. |
When you use our services, we process information sent to us by your device (e.g., computer, tablet, mobile phone) where you have installed the App and activated the extension including: • Country code |
We process your data for the following purposes, only with your consent: • To store and/or access information on a device |
We ask for your consent to process your data as described under 'What we do with your data'.
|
|
When you use our partners' services and they provide us information they have collected about you. |
When you use our partners' services, we process information sent to us by them which may include:
• Carrier
• Cell tower information
• Country code
• Device identifier, device name, make and model, operating system and version, and browser type and language
• Geolocation data
• Hashed mobile phone
• Hashed email address
• IP address
• MAID (mobile advertising ID)
• Postal code
• Website URL (domain name)
• Other Advertising ID's
We refer to the above as ‘App Data’.
|
We process your data, in our legitimate interest, for the following purposes:
• To select advertising using limited data • To measure advertising performance • To measure content performance • To understand audiences through statistics or combinations of data from different sources • To develop and improve services • To select content using limited data • To license the 'App data' ‘App data’ is stored in the UK or the EU for up to 2 years or less.
We share ‘App data’ with our partners according to the relationship we have with them, e.g., service providers, business customers (see also Part 4 below).
|
We use legitimate interest to process your data to provide our services to our partners.
Kindred provides you control over our processing under legitimate interest by contacting us using the email address provided above.
|
Legal basis: what it means
Data protection law requires that we only process your personal data when we have identified a valid legal basis to do so. There are six available legal bases for processing. No single basis is ‘better’ or more important than the others and depending on the relationship we have with you will determine which basis is most appropriate.
You’ll have seen one or more of the following identified as a legal basis (under ‘How we use it’ above):
Consent
Consent, as a lawful basis for us to process your personal data, means that we have asked you for your explicit consent to process your data. Pre-ticked boxes are not allowed to collect your consent and you can withdraw your consent at any time.
This also means that we can only process data under this basis if (a) we have been clear and unambiguous about the purposes for which we are processing your data, (b) that you have given your consent freely, and (c) we provide a means for you to withdraw your consent as easily as it was for you to give us your consent.
We must ask you for your permission (your ‘consent’) to process your data under the legal basis of consent before we process your data. If you have given your consent, you can withdraw it, which can be done by using the Kindred TCF CMP UI (if available), deactivating the browser extension, uninstalling the app, or emailing us at the address below.
If you withdraw your consent this does not affect the lawfulness of processing based on consent before its withdrawal.
Legitimate interest
Legitimate interest allows us to process your personal data for our own interests and this can include our commercial interests, or broader societal benefits, for example contributing to charities.
This also means that we must provide you the details of the processing as well as what our legitimate interests are. Importantly, we are also required to ensure that our interests do not override your rights.
We do not need to ask permission to process your data under legitimate interest, however you can object to this, which can be done by using the Kindred TCF CMP UI (a popup available on all our Websites and Services), deactivating the browser extension, uninstalling the app, or emailing us at the address below.
It is important to Kindred that you know and understand your rights regarding Kindred’s processing of your personal data, so we ask you to read ‘Part 3: Responsibilities and Rights’ carefully.
Part 3: Rights, responsibilities
This section describes our responsibilities and your rights with regard to your data.
| Our responsibilities | |
|
Data Protection law requires that we process your personal data in accordance with established data protection principles |
|
| Principle | What it means |
|
Lawfulness, fairness, and transparency |
We must only process your personal data lawfully, fairly and in a transparent manner. |
|
Purpose limitation |
We collect your personal data only for specified, explicit and legitimate purposes. |
|
Data minimisation |
We ensure that your personal data is adequate, relevant, and limited to what is necessary in relation to the services that we are providing you. |
|
Accuracy |
We ensure that your personal data is accurate and where necessary, kept up to date. |
|
Storage limitation |
We ensure that your personal data is not kept in a form which allows for you to be identified for longer than is necessary. |
|
Integrity and confidentiality |
We process your personal data in a manner that ensures its security using appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction, or damage. |
| Your rights | |
|
You have several rights under data protection law, that Kindred is required to uphold. It is important to recognise that not all rights apply all the time, which means some rights are dependent on our relationship and interactions with you. |
|
| Your right | What it means |
|
Access |
You have the right to ask us for copies of your personal data. This right always applies, however there may be some exemptions, which means you may not always receive all the personal data we process. |
|
Rectification |
You have the right to ask us to rectify any of your personal data that you think is inaccurate or incomplete. This right always applies. |
|
Erasure |
You have the right to ask us to erase your personal data: · Where it is no longer required for purpose for which it was collected, or · Where you withdraw your prior consent to us processing it and we have no other legal ground for processing it, or · Where it is being processed unlawfully, or · When it must be erased to comply with a legal obligation, or · Where it is being used for direct marketing purposes where we have no legitimate grounds for us doing so. |
|
Restriction |
You have the right to ask us to restrict the processing of your personal data: · Where it is inaccurate (allowing us to verify the accuracy), or · Where it is being processed unlawfully (and you want us to stop processing rather than erasing it), or · Where you have objected to us processing it while we’re verifying whether we have legitimate grounds for processing, or · Where it is no longer required for purpose for which it was collected, and you want us to keep it for the establishment, exercise, or defence of legal claims. |
|
Portability |
You have the right to ask us to transfer the information you provided us from one organisation to another or give it to you. This only applies if we are processing personal data based on your consent or as part of a contract, or in talks with you about entering into a contract and the processing is automated. This only applies to personal data you have given us. |
|
Objection |
You have the right to object to processing your personal data if: · We are using legitimate interests as our lawful basis for processing, or · It is being used for direct marketing. |
|
Withdraw consent |
You have the right to withdraw your consent that you have previously given to us for one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case. |
| Our other obligations | |
|
We are also required to tell you about a few other things |
|
| Your right | What it means |
|
Complaints |
You have the right to complain to a Supervisory Authority, in the UK that is the Information Commissioner’s Office. We would however, appreciate the chance to deal with your concerns before you approach a Supervisory Authority so please consider contacting us first. |
|
Opting out of marketing emails |
You can opt out of any marketing at any time by emailing us at privacy@kindredteam.com or by clicking the opt-out or unsubscribe button found in the footer of promotional emails. |
|
Automated decision-making and profiling |
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless you have given us your consent to do so, or it is necessary for entering into or the performance of a contract. |
|
Change of purpose |
We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at privacy@kindredteam.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. |
|
Disclosure of your data |
Kindred shares your data to support its relationship and interactions with you, with those identified in ‘Part 4: Your Data’ |
|
Breaches |
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so. |
|
Dealing with your requests |
We will deal with your requests as soon as possible which may take up to 1 (one) month and if this is likely to take longer, we will contact you and explain the situation (possibly extended to 3 months where the law permits). Normally there is no charge, however we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. |
|
Third-party sites |
Our Website may provide links to the websites of third parties, for example, the brands and merchants that we're connecting you with. They have their own privacy notices, policies, procedures, and activities which we do not control. Please check their policies before you submit any information via those websites. |
|
Security |
Kindred is ISO27001 certified, and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, destroyed, or accessed without authorisation. This includes consideration of security during the design and development of our services and products. While no data transmission or storage can be guaranteed to be secure, we implement a range of commercially reasonable physical, technical, and procedural measures to help protect personal data. These measures include policies, confidentiality agreements with third parties, secure development practices, security due diligence of service providers, products, services that may be used. |
Part 4: Your Data
This section lists our service providers and other entities, who may have access to your data when you use the Website or App.
As with most technology businesses, we use third parties to host our Website and App and manage certain processes and business operations. This means sharing your data. We do it only when strictly necessary and we make sure there are safeguards in place. If it requires transferring data outside of the United Kingdom or the European Economic Area, we make sure that it's done under available lawful mechanisms.
| Provider | Purpose and use | Who does it apply to? | Where | More details |
Azure |
Cloud storage provider which hosts the App, stores Kindred data you provide and provides disaster recovery |
All users and partners. |
EU , US, SG, IN |
https://azure.microsoft.com/en-us/overview/trusted-cloud/privacy/ |
Hubspot |
Customer relationship management information |
partners - B2B contact details only. |
UK |
|
Freshdesk |
Customer relationship management information |
Kindred app only - help desk |
EU |
https://freshdesk.com/gdpr |
CustomerIO |
Customer relationship management information |
Kindred app only |
EU |
https://www.customer.io/docs/privacy/ |
Advertisers, Publishers, Agencies and advertising networks |
Store your personal data to select and serve relevant adverts to you, unless you have opted out of personalised adverts |
Kindred app, browser extensions and website service users |
EU, US, SG, IN
|
|
Segment |
Data analytics to assist us in improving and optimising the Website and App |
Kindred app only |
EU |
|
Mixpanel |
Data analytics to assist us in improving and optimising the Website and App |
Kindred app only |
EU |
|
Google Analytics |
Data analytics to assist us in improving and optimising the Website and App |
Kindred app only |
EU, US |
|
Optable |
Data management platform |
Kindred app, browser extensions and website service users |
EU |
https://terms.optable.co/privacy/privacy-policies/products-and-services |
Other disclosures
We will share your information with law enforcement agencies, public authorities and other organisations if legally required to do so, or if it's reasonably necessary to comply with the law, investigate and enforce any breaches of our terms of use, detect and prevent fraud or security breaches, reduce our credit risk exposure, and protect the rights and safety of Kindred and our users. We may share data with our service providers such as IT or security service providers, to ensure that our services are maintained. If we sell our business, we may need to disclose your data to the prospective buyer, and your data will form part of the assets transferred to the buyer on completion of the sale. We may also operate as a data processor on behalf of our clients. This means we process personal data strictly under their instructions and in accordance with the terms outlined in the Data Processing Agreements (DPAs) with those clients.
Kindred does not collect or process any sensitive personal data (special categories of data), such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning a person's sex life or sexual orientation.
Kindred does not collect or process any personal data relating to criminal convictions and offences.
Well done for reaching the end!
We'd love you to be comfortable with how we collect and use your data. If you have any questions or suggestions, please email privacy@kindredteam.com
US State Law Privacy Notice Addendum
This US State Law Privacy Addendum (‘Addendum’) supplements the Kindred Global Privacy Notice and provides the information that certain US states require us to tell you in addition to the Kindred Global Privacy Notice (https://event.kindred.co/privacy-policy).
Each US state’s laws apply to their residents only and are available when that state’s law is effective. Different terms are used, such as ‘personally identifiable information’ or ‘personal information’. Kindred also uses the term ‘Personal Data’ in its Global Privacy Notice.
California
Definitions
|
Term |
What this means |
|
CCPA |
California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and any regulations made under it |
|
Personal Information |
Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, and includes (a) identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers, (b) biometric information, (c) Internet or other electronic network activity information, including browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement, (d) commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies (e) geolocation data, and (f) inferences drawn from any of the information identified in this list to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes |
|
Sensitive Personal Information |
Personal Information that reveals (a) a consumer’s social security, driver’s license, state identification card, or passport number, (b) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, (c) a consumer’s precise geolocation, (d) a consumer’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership, (e) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication, (f) a consumer’s genetic data |
Personal Data Collected
We may collect (and during the last 12 months, may have collected) the following categories of personal data, sources of personal data, collection purposes, and categories of recipients – for details please see ‘Part 2: What we collect and use ’ above.
Your Rights Under the CCPA
You can exercise your rights by making verifiable request (meaning that we need to be able to confirm that the person making the request is the person to whom the personal data pertains or someone who is legally authorised to act on that person’s behalf – this is done to protect you and us) to Kindred by contacting us at privacy@kindredteam.com.
If you are using the Kindred CMP UI, this also allows you to exercise your ‘Do Not Sell my Personal Information’ right (see ‘Right to Opt Out of Sale or Sharing of Personal Information’ in the table below).
|
Your Rights under the CCPA |
What this means |
|
Right to Delete Personal Information |
You have the right to ask us to delete any personal information about you which we have collected from you |
|
Right to Correct Inaccurate Personal Information |
You have the right to ask us to correct inaccurate personal information relating to you that we have collected |
|
Right to Know What Personal Information is Being Collected. Right to Access Personal Information |
You have the right to ask us to tell you about the personal data relating to you that we have collected. Please also see Section ‘Personal Data Collected’ in this Addendum. |
|
Right to Know What Personal Information is Sold or Shared and to Whom |
You have the right to ask us to tell you about your personal data that we sell, share, or disclose for a business purpose. Please also see Section ‘Personal Data Collected’ in this Addendum. |
|
Right to Opt Out of Sale or Sharing of Personal Information (aka ‘Do not Sell my Personal Information’) |
You have the right to ask us not to sell or share your personal information |
|
Right to Limit Use and Disclosure of Sensitive Personal Information |
Kindred does not collect sensitive personal information |
|
Right of No Retaliation Following Opt Out or Exercise of Other Rights |
Kindred will not discriminate against you for exercising any of your rights mentioned in this Addendum |
Kindred will respond to your requests within 45 calendar days and if the request is complex, we may notify you of a 45-day extension (potentially totalling 90 days).
Other US states
If your state is not listed in the following table, please see the Kindred Global Privacy Notice above for a description of your rights.
Definitions
|
Term |
What this means |
|
State Privacy Laws |
The relevant privacy and data protection laws as they become effective including the Colorado Privacy Act, the Connecticut Data Privacy Act (2022), Delaware Personal Data Privacy Act (2023), Indiana Consumer Data Protection Act (2023), Iowa Consumer Data Protection Act (2023), Kentucky Consumer Data Protection Act (2024), Maryland Online Data Privacy Act (2024), Minnesota Consumer Data Privacy Act (2024), Montana Consumer Data Privacy Act (2023), Nebraska Data Privacy Act (2024), Oregon Consumer Privacy Act (2023), Rhode Island Data Transparency and Privacy Protection Act (2024), Tennessee Information Protection Act (2023), Texas Data Privacy and Security Act (2023), Utah Consumer Privacy Act (2022) and Virginia Consumer Data Protection Act (2021) in each case as amended and including any regulations made under each. |
Your Rights Under Other States’ Privacy Laws
You can exercise your rights by making verifiable request (meaning that we need to be able to confirm that the person making the request is the person to whom the personal data pertains or someone who is legally authorised to act on that person’s behalf – this is done to protect you and us) to Kindred by contacting us at privacy@kindredteam.com.
If you use the Kindred CMP UI, this also allows you to exercise your ‘Do Not sell my Personal Information’ right’ (snip shown below)
While US state privacy law is undergoing change and currently with no comprehensive federal privacy law (e.g., like the UK and EU General Data Protection Regulation (GDPR)) the following table provides an overview of the categories of rights available to data subjects.
|
Your Rights under other States’ law |
What this means |
|
Right to access |
You have the right to ask us for the information or categories of information or categories of information we collect, process, and share with third parties, or the specific third parties or categories of third parties to which the information was shared |
|
Right to correct |
You have the right to request that we correct, but not delete, incorrect or outdated personal information |
|
Right to delete |
You have the right to request deletion of your personal information about the consumer under certain condition |
|
Right to opt out of certain processing |
You have the right to restrict our ability to process your personal information |
|
Right to portability |
You have the right to request personal information be disclosed in a common file format |
|
Right to opt out of sales |
You have the right to opt out of the sale of personal information to third parties |
|
Right to opt in for sensitive data processing |
You have the right to opt in before we can process your sensitive data |
|
Right against automated decision-making |
You have the right to ask and stop us from making decisions about you based solely on an automated process without human input |
Please be aware that not every state supports each the above privacy rights, for example the Iowa Consumer Data Protection Act (2023) and the Utah Consumer Privacy Act (2022).
Kindred will respond to your requests within one month of receipt of the request according to the Kindred Global Privacy Notice, unless specified differently in your state’s privacy law.
Personal Data Collected
Please see section ‘Personal Data Collected’ under California in this Addendum.
Kindred does not knowingly collect, sell, or share the Personal Information of those under 16 years of age.
Kindred does not collect Sensitive Personal Information.
Addendum Update
This US State Law Privacy Notice Addendum was last updated on 22/08/2024.