Who are we?

We are Kindred Soul Limited, a UK limited company, (‘we’, ‘us’, ‘our’, ‘Kindred’) with a registered office at PEM, Salisbury House, Station Rd, Cambridge CB1 2LA.

We are registered with the UK Information Commissioner's Office under number ZA728760.

For any queries or requests relating to your data, how we collect or process it, or anything to do with this privacy notice, please contact us at privacy@kindredteam.com

What do we do?

Kindred provides several products on our platform/service that displays coupon codes and offers provided by advertisers as you shop online. In addition, Kindred will plant trees/donate to charities as purchases are made using commission paid by advertisers when you purchase online.

Kindred works with advertisers to provide insights into shopping behaviour and audience curation services, while users get access to discount codes to save money at advertisers. Kindred collects commission due from validated transactions from the advertiser and consent to the collection of data necessary to run the service.

What is this notice about?

We take your rights very seriously and have built our service to collect the minimum data necessary to provide a great service to you and our advertisers. Please take the time to understand how we collect, use, and process your data.

We collect and use certain data to deliver the Kindred experience to you when you use: our websites, www.kindred.co and app.kindred.co and sdk.kindred.co (collectively the ‘Websites’), The Kindred app (from the Apple App Store or the Google Play Store), the Kindred SDK, Kindred API service and the add-on for Samsung or other services (collectively the ‘Services’). Kindred serves as the data controller unless stated otherwise.

Our data capture technology is unique in that it has been designed to selectively capture a limited range1 of your shopping preferences. Kindred does not collect data indiscriminately and only captures data necessary to provide its services to you and to its clients and their third-party vendors. This enables Kindred to use IDs to work with approved third parties and provide insights and audience curation services. In return our users get additional benefits such as exclusive discounts and collectively contribute to environmental and charitable causes.

This website is not intended for children, and we do not knowingly collect data relating to children.

Our interaction with you	What data we collect and from whom	What we do with your data	Legal basis for processing your data
Visiting our websites	We collect information about your browser, device, and activities on our websites. We collect this data directly from you and you interaction with our Websites.	We collect, store, and use website visit data to make our website more intuitive and easier to use and protect the security and effective functioning of our websites. Your data is stored in the UK or the Netherlands, and we keep it for up to 2 years. We use third parties (see Part 4 below) based in the EU and the US to help us understand how you use our websites.	It is in our legitimate interests to monitor how our website is used to help us (a) improve the layout and information available on our website and provide a better service to our website users, (b) see website usage and statistics, and (c) monitor how our website is used to detect and prevent fraud, other crimes, and the misuse of our website.
Making contact	When you contact us via the Website, email, telephone, instant chat, social media, we will collect and store the details you give us, which may include your first name and surname, email address, job title, company, and any other information you choose to provide us. We collect this data directly from you when you contact us.	We use the data you provide us to communicate with you, answer your queries, and to respond to your requests. Your data is stored in the UK or the Netherlands, and we keep it for up to 2 years and is not shared with any third parties, except on occasion with service providers such as IT or security, to ensure that our services are maintained.	Our legal basis for processing your data is legitimate interest, and we process your data to respond to you contacting us.
Signing up for our newsletter or alerts	If you sign up for our newsletters or alerts, we will collect your contact details. Depending on how you want to be contacted we will collect your name, email address and/or your phone number. We collect this data directly from you.	We collect your data when you sign up for our newsletters or alerts so that we can provide you with the latest Kindred news and offers as they become available. Your data is stored in the UK or the Netherlands, and we keep this until such times as you withdraw your consent. This data is not shared with any third parties, except on occasion with service providers such as IT or security, to ensure that our services are maintained..	To process your data in this way, we ask for your consent at the time you sign up for the newsletter or alert. You can withdraw your consent at any time, and if you do so we will be unable to continue to provide you with our newsletters of alerts.
Signing up	If you create an account, we will collect your contact details (name and email address) and another other details you may provide us (for example, phone number, nickname, Paypal account details, and consent to receiving marketing). We collect this data directly from you.	We collect your data when you sign up for our services to manage your account, and where relevant, your marketing choice. Your data is stored in the UK or the Netherlands, and we keep this until you close your account, and then for a further 6 years. This data may be shared with third parties on occasion with service providers such as IT or security, to ensure that our services are maintained, or as necessary to manage your account.	It is in our legitimate interest to process your data when you sign up for an account, so that we can manage your account (to provide you cashback from merchants from whom you make a purchase and allow you to donate to a charity of your choice) and to communicate with you. Where you have consented to us providing you marketing material, we use your consent to do so, and you have the right to remove that consent at any time. If you withdraw your consent to marketing, we will stop marketing to you (as described in the sign-up process), however the marketing undertaken prior to you withdrawing your consent is still lawful.
When you use our Websites or Services (e.g., App, browser extension services). This is the default for all Kindred users	Information sent to us by your computer, mobile phone, or other device, including: Randomly assigned anonymous click IDs for each visit Anonymous Kindred user ID Website URL Device identifier, device name, operating system, and browser type, country code We collect this data directly from you.	We use your data to: To administer the app and browser extension services To personalise your experience To provide you with support We use third parties (see also Part 4 below) based in the EU and the US to help us understand how you use our websites. Your data is stored up to 2 years.	We use legitimate interest to process your data to provide our Services and Websites, to administer and to provide you with support for these
When you use our Websites or Services (e.g., App, browser extension services).	When you use our services, we process information sent to us by your device (e.g., computer, mobile phone) where you have installed and activated including: Randomly assigned anonymous click IDs for each visit Anonymous Kindred user ID IP address Selected data from your search strings Website URL Device identifier, device name, operating system, and browser type, country code We collect this data directly from you. We may also collect third party IDs where these have been made available to us by our partners. We refer to the above as ‘App Data’.	We process your data for the following purposes, specifically where you allow us: To select advertising using limited data To measure advertising performance To measure content performance To understand audiences through statistics or combinations of data from different sources To develop and improve services To select content using limited data ‘App data’ is stored in the UK or the Netherlands for up to 2 years. We share ‘App data’ with our partners according to the relationship we have with them, e.g., service providers, business customers (see also Part 4 below).	We use legitimate interest to process your data to provide our services, and in doing so we may collect, sell, share, and disclose App Data to our partners. Kindred provide you control over our processing under legitimate interest.
When you use our Websites or Services (e.g., The Kindred App, Kindred SDK, Add-on for Samsung, and Kindred API services) and have used our CMP & TCF UI to manage your preferences	When you use our services, we process information sent to us by your device (e.g., computer, mobile phone) where you have installed and activated including: Device identifier, device name, operating system, and browser type, country code IP address Your consent and transparency preferences Selected data from your search strings Website URL We collect this data directly from you. We may also collect third party IDs where these have been made available to us by our partners. We refer to the above as ‘App Data’.	We also process your data for the following purposes, only with your consent: To store and/or access information on a device To create profiles for personalised advertising To use profiles to select personalised advertising To create profiles to personalise content To use profiles to select personalised content To save and communicate privacy choices ‘App data’ is stored in the UK or the Netherlands for up to 2 years or less if you withdraw your consent. We share ‘App data’ with our partners according to the relationship we have with them, e.g., service providers, business customers (see also Part 4 below).	We ask for your explicit consent to process your data for these purposes. We manage your explicit consent for each of these purposes, using the Kindred TCF & CMP UI (a popup available on all our Websites and Services). This gives you control over your consent and allows you to opt-in and opt-out to each of these purposes at any time.

Our interaction with you

What data we collect and from whom

What we do with your data

Legal basis for processing your data

Visiting our websites

We collect information about your browser, device, and activities on our websites.

We collect this data directly from you and you interaction with our Websites.

We collect, store, and use website visit data to make our website more intuitive and easier to use and protect the security and effective functioning of our websites.

Your data is stored in the UK or the Netherlands, and we keep it for up to 2 years.

We use third parties (see Part 4 below) based in the EU and the US to help us understand how you use our websites.

It is in our legitimate interests to monitor how our website is used to help us (a) improve the layout and information available on our website and provide a better service to our website users, (b) see website usage and statistics, and (c) monitor how our website is used to detect and prevent fraud, other crimes, and the misuse of our website.

Making contact

When you contact us via the Website, email, telephone, instant chat, social media, we will collect and store the details you give us, which may include your first name and surname, email address, job title, company, and any other information you choose to provide us.

We collect this data directly from you when you contact us.

We use the data you provide us to communicate with you, answer your queries, and to respond to your requests.

Your data is stored in the UK or the Netherlands, and we keep it for up to 2 years and is not shared with any third parties, except on occasion with service providers such as IT or security, to ensure that our services are maintained.

Our legal basis for processing your data is legitimate interest, and we process your data to respond to you contacting us.

Signing up for our newsletter or alerts

If you sign up for our newsletters or alerts, we will collect your contact details. Depending on how you want to be contacted we will collect your name, email address and/or your phone number.

We collect this data directly from you.

We collect your data when you sign up for our newsletters or alerts so that we can provide you with the latest Kindred news and offers as they become available.

Your data is stored in the UK or the Netherlands, and we keep this until such times as you withdraw your consent. This data is not shared with any third parties, except on occasion with service providers such as IT or security, to ensure that our services are maintained..

To process your data in this way, we ask for your consent at the time you sign up for the newsletter or alert.

You can withdraw your consent at any time, and if you do so we will be unable to continue to provide you with our newsletters of alerts.

Signing up

If you create an account, we will collect your contact details (name and email address) and another other details you may provide us (for example, phone number, nickname, Paypal account details, and consent to receiving marketing).

We collect this data directly from you.

We collect your data when you sign up for our services to manage your account, and where relevant, your marketing choice.

Your data is stored in the UK or the Netherlands, and we keep this until you close your account, and then for a further 6 years.

This data may be shared with third parties on occasion with service providers such as IT or security, to ensure that our services are maintained, or as necessary to manage your account.

It is in our legitimate interest to process your data when you sign up for an account, so that we can manage your account (to provide you cashback from merchants from whom you make a purchase and allow you to donate to a charity of your choice) and to communicate with you.

Where you have consented to us providing you marketing material, we use your consent to do so, and you have the right to remove that consent at any time. If you withdraw your consent to marketing, we will stop marketing to you (as described in the sign-up process), however the marketing undertaken prior to you withdrawing your consent is still lawful.

When you use our Websites or Services (e.g., App, browser extension services).

This is the default for all Kindred users

Information sent to us by your computer, mobile phone, or other device, including:

Randomly assigned anonymous click IDs for each visit
Anonymous Kindred user ID
Website URL
Device identifier, device name, operating system, and browser type, country code

We collect this data directly from you.

We use your data to:

To administer the app and browser extension services
To personalise your experience
To provide you with support

We use third parties (see also Part 4 below) based in the EU and the US to help us understand how you use our websites.

Your data is stored up to 2 years.

We use legitimate interest to process your data to provide our Services and Websites, to administer and to provide you with support for these

When you use our Websites or Services (e.g., App, browser extension services).

When you use our services, we process information sent to us by your device (e.g., computer, mobile phone) where you have installed and activated including:

Randomly assigned anonymous click IDs for each visit
Anonymous Kindred user ID
IP address
Selected data from your search strings
Website URL
Device identifier, device name, operating system, and browser type, country code

We collect this data directly from you.

We may also collect third party IDs where these have been made available to us by our partners.

We refer to the above as ‘App Data’.

We process your data for the following purposes, specifically where you allow us:

To select advertising using limited data
To measure advertising performance
To measure content performance
To understand audiences through statistics or combinations of data from different sources
To develop and improve services
To select content using limited data

‘App data’ is stored in the UK or the Netherlands for up to 2 years.

We share ‘App data’ with our partners according to the relationship we have with them, e.g., service providers, business customers (see also Part 4 below).

We use legitimate interest to process your data to provide our services, and in doing so we may collect, sell, share, and disclose App Data to our partners.

Kindred provide you control over our processing under legitimate interest.

When you use our Websites or Services (e.g., The Kindred App, Kindred SDK, Add-on for Samsung, and Kindred API services) and have used our CMP & TCF UI to manage your preferences

When you use our services, we process information sent to us by your device (e.g., computer, mobile phone) where you have installed and activated including:

Device identifier, device name, operating system, and browser type, country code
IP address
Your consent and transparency preferences
Selected data from your search strings
Website URL

We collect this data directly from you.

We may also collect third party IDs where these have been made available to us by our partners.

We refer to the above as ‘App Data’.

We also process your data for the following purposes, only with your consent:

To store and/or access information on a device
To create profiles for personalised advertising
To use profiles to select personalised advertising
To create profiles to personalise content
To use profiles to select personalised content
To save and communicate privacy choices

‘App data’ is stored in the UK or the Netherlands for up to 2 years or less if you withdraw your consent.

We share ‘App data’ with our partners according to the relationship we have with them, e.g., service providers, business customers (see also Part 4 below).

We ask for your explicit consent to process your data for these purposes.

We manage your explicit consent for each of these purposes, using the Kindred TCF & CMP UI (a popup available on all our Websites and Services).

This gives you control over your consent and allows you to opt-in and opt-out to each of these purposes at any time.

Consent

Consent, as a lawful basis for us to process your personal data, means that we have asked you for your explicit consent to process your data. Pre-ticked boxes are not allowed to collect your consent and you can withdraw your consent at any time.

This also means that we can only process data under this basis if (a) we have been clear and unambiguous about the purposes for which we are processing your data, (b) that you have given your consent freely, and (c) we provide a means for you to withdraw your consent as easily as it was for you to give us your consent.

We must ask you for your permission (your ‘consent’) to process your data under the legal basis of consent before we process your data. If you have given your consent, you can withdraw it, which can be done by using the Kindred TCF CMP UI (if available), deactivating the browser extension, uninstalling the app, or emailing us at the address below.

If you withdraw your consent this does not affect the lawfulness of processing based on consent before its withdrawal.

Legitimate interest

Legitimate interest allows us to process your personal data for our own interests and this can include our commercial interests, or broader societal benefits, for example contributing to charities.

This also means that we must provide you the details of the processing as well as what our legitimate interests are. Importantly, we are also required to ensure that our interests do not override your rights.

We do not need to ask permission to process your data under legitimate interest, however you can object to this, which can be done by using the Kindred TCF CMP UI (a popup available on all our Websites and Services), deactivating the browser extension, uninstalling the app, or emailing us at the address below.

Our responsibilities
Data Protection law requires that we process your personal data in accordance with established data protection principles
Principle	What it means
Lawfulness, fairness, and transparency	We must only process your personal data lawfully, fairly and in a transparent manner.
Purpose limitation	We collect your personal data only for specified, explicit and legitimate purposes.
Data minimisation	We ensure that your personal data is adequate, relevant, and limited to what is necessary in relation to the services that we are providing you.
Accuracy	We ensure that your personal data is accurate and where necessary, kept up to date.
Storage limitation	We ensure that your personal data is not kept in a form which allows for you to be identified for longer than is necessary.
Integrity and confidentiality	We process your personal data in a manner that ensures its security using appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

Your rights
You have several rights under data protection law, that Kindred is required to uphold. It is important to recognise that not all rights apply all the time, which means some rights are dependent on our relationship and interactions with you.
Your right	What it means
Access	You have the right to ask us for copies of your personal data. This right always applies, however there may be some exemptions, which means you may not always receive all the personal data we process.
Rectification	You have the right to ask us to rectify any of your personal data that you think is inaccurate or incomplete. This right always applies.
Erasure	You have the right to ask us to erase your personal data: · Where it is no longer required for purpose for which it was collected, or · Where you withdraw your prior consent to us processing it and we have no other legal ground for processing it, or · Where it is being processed unlawfully, or · When it must be erased to comply with a legal obligation, or · Where it is being used for direct marketing purposes where we have no legitimate grounds for us doing so.
Restriction	You have the right to ask us to restrict the processing of your personal data: · Where it is inaccurate (allowing us to verify the accuracy), or · Where it is being processed unlawfully (and you want us to stop processing rather than erasing it), or · Where you have objected to us processing it while we’re verifying whether we have legitimate grounds for processing, or · Where it is no longer required for purpose for which it was collected, and you want us to keep it for the establishment, exercise, or defence of legal claims.
Portability	You have the right to ask us to transfer the information you provided us from one organisation to another or give it to you. This only applies if we are processing personal data based on your consent or as part of a contract, or in talks with you about entering into a contract and the processing is automated. This only applies to personal data you have given us.
Objection	You have the right to object to processing your personal data if: · We are using legitimate interests as our lawful basis for processing, or · It is being used for direct marketing.
Withdraw consent	You have the right to withdraw your consent that you have previously given to us for one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.

Our other obligations
We are also required to tell you about a few other things
Your right	What it means
Complaints	You have the right to complain to a Supervisory Authority, in the UK that is the Information Commissioner’s Office. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please consider contacting us first.
Opting out of marketing emails	You can opt out of any marketing at any time by emailing us at privacy@kindredteam.com or by clicking the opt-out or unsubscribe button found in the footer of promotional emails.
Automated decision-making and profiling	You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless you have given us your consent to do so, or it is necessary for entering into or the performance of a contract.
Change of purpose	We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at privacy@kindredteam.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosure of your data	Kindred shares your data to support its relationship and interactions with you, with those identified in ‘Part 4: Other Processors’
Breaches	We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Dealing with your requests	We will deal with your requests as soon as possible which may take up to 1 (one) month and if this is likely to take longer, we will contact you and explain the situation (possibly extended to 3 months where the law permits). Normally there is no charge, however we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Third-party sites	Our Website may provide links to the websites of third parties, for example, the brands and merchants that we're connecting you with. They have their own privacy notices, policies, procedures, and activities which we do not control. Please check their policies before you submit any information via those websites.
Security	Kindred is ISO27001 certified, and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, destroyed, or accessed without authorisation. This includes consideration of security during the design and development of our services and products. While no data transmission or storage can be guaranteed to be secure, we implement a range of commercially reasonable physical, technical, and procedural measures to help protect personal data. These measures include policies, confidentiality agreements with third parties, secure development practices, security due diligence of service providers, products, services that may be used.

Part 4: Other processors

This section lists our service providers and other entities, who may have access to your data when you use the Website or App.

As with most technology businesses, we use third parties to host our Website and App and manage certain processes and business operations. This means sharing your data. We do it only when strictly necessary and we make sure there are safeguards in place. If it requires transferring data outside of the United Kingdom or the European Economic Area, we make sure that it's done under available lawful mechanisms.

Provider	Purpose and use	Who does it apply to?	Where	More details
Azure	Cloud storage provider which hosts the App, stores Kindred data you provide and provides disaster recovery	All users and partners.	EU	https://azure.microsoft.com/en-us/overview/trusted-cloud/privacy/
Hubspot	Customer relationship management information	partners - B2B contact details only.	UK	https://www.hubspot.com/data-privacy/gdpr
Freshdesk	Customer relationship management information	Kindred app only - help desk	EU	https://freshdesk.com/gdpr
CustomerIO	Customer relationship management information	Kindred app only	EU	https://www.customer.io/docs/privacy/
Advertisers and advertising networks	Store your personal data to select and serve relevant adverts to you, unless you have opted out of personalised adverts	Kindred app and website only	EU, US
Segment	Data analytics to assist us in improving and optimising the Website and App	Kindred app only	EU	https://www.twilio.com/legal/privacy
Mixpanel	Data analytics to assist us in improving and optimising the Website and App	Kindred app only	EU	https://mixpanel.com/legal/privacy-policy/
Google Analytics	Data analytics to assist us in improving and optimising the Website and App	Kindred app only	EU, US	https://safety.google/
Optable	Data management platform	App, browser extension services users	EU	https://terms.optable.co/privacy/privacy-policies/products-and-services

Other disclosures

We will share your information with law enforcement agencies, public authorities and other organisations if legally required to do so, or if it's reasonably necessary to comply with the law, investigate and enforce any breaches of our terms of use, detect and prevent fraud or security breaches, reduce our credit risk exposure, and protect the rights and safety of Kindred and our users. We may share data with our service providers such as IT or security service providers, to ensure that our services are maintained. If we sell our business, we may need to disclose your data to the prospective buyer, and your data will form part of the assets transferred to the buyer on completion of the sale. We may also operate as a data processor on behalf of our clients. This means we process personal data strictly under their instructions and in accordance with the terms outlined in the Data Processing Agreements (DPAs) with those clients.

US State Law Privacy Notice Addendum

This US State Law Privacy Addendum (‘Addendum’) supplements the Kindred Global Privacy Notice and provides the information that certain US states require us to tell you in addition to the Kindred Global Privacy Notice (https://www.kindred.co/privacypolicy).

Each US state’s laws apply to their residents only and are available when that state’s law is effective. Different terms are used, such as ‘personally identifiable information’ or ‘personal information’. Kindred also uses the term ‘Personal Data’ in its Global Privacy Notice.

California

Definitions

Term	What this means
CCPA	California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and any regulations made under it
Personal Information	Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, and includes (a) identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers, (b) biometric information, (c) Internet or other electronic network activity information, including browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement, (d) commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies (e) geolocation data, and (f) inferences drawn from any of the information identified in this list to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes
Sensitive Personal Information	Personal Information that reveals (a) a consumer’s social security, driver’s license, state identification card, or passport number, (b) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, (c) a consumer’s precise geolocation, (d) a consumer’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership, (e) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication, (f) a consumer’s genetic data

Personal Data Collected

We collect (and during the last 12 months, have collected) the following categories of Personal Information, from the following sources, and for the following business or commercial purposes:

Categories of Personal Data (What data we collect)	Sources of Personal Data (Who do we collect data from)	Collection Purposes (What we do with your data)	Categories of Recipients (Who we share your data with)
Randomly assigned anonymous click IDs for each visit Anonymous Kindred user ID Website URL Device identifier, device name, operating system, and browser type	Collected through automated means directly from you	To administer the App, SDK, API and White labelled desktop services To personalise your experience To provide you with support	Business partners As necessary with service providers to ensure the secure and continued operations of the Kindred infrastructure Government authorities as required by law or as necessary to protect our rights
Additionally¹, when you use the Kindred CMP UI, your consent and transparency preferences and selected data from search strings	Collected through automated means directly from you	To select content and advertising using limited data To measure advertising and content performance To understand audiences through statistics or combinations of data from different sources To develop and improve services To store and/or access information on a device To create profiles for personalised advertising To use profiles to select personalised advertising and content To create profiles to personalise content	Business partners As necessary with service providers to ensure the secure and continued operations of the Kindred infrastructure Government authorities as required by law or as necessary to protect our rights

Categories of Personal Data

(What data we collect)

Sources of Personal Data

(Who do we collect data from)

Collection Purposes

(What we do with your data)

Categories of Recipients

(Who we share your data with)

Randomly assigned anonymous click IDs for each visit

Anonymous Kindred user ID

Website URL

Device identifier, device name, operating system, and browser type

Collected through automated means directly from you

To administer the App, SDK, API and White labelled desktop services

To personalise your experience

To provide you with support

Business partners

As necessary with service providers to ensure the secure and continued operations of the Kindred infrastructure

Government authorities as required by law or as necessary to protect our rights

Additionally¹, when you use the Kindred CMP UI, your consent and transparency preferences and selected data from search strings

Collected through automated means directly from you

To select content and advertising using limited data

To measure advertising and content performance

To understand audiences through statistics or combinations of data from different sources

To develop and improve services

To store and/or access information on a device

To create profiles for personalised advertising

To use profiles to select personalised advertising and content

To create profiles to personalise content

Business partners

As necessary with service providers to ensure the secure and continued operations of the Kindred infrastructure

Government authorities as required by law or as necessary to protect our rights

¹See ‘Part 2: What we collect and use’ in the Kindred Global Privacy Notice.

Kindred does not knowingly collect, sell, or share the Personal Information of those under 16 years of age.

Kindred does not collect Sensitive Personal Information.

Your Rights Under the CCPA

You can exercise your rights by making verifiable request (meaning that we need to be able to confirm that the person making the request is the person to whom the personal data pertains or someone who is legally authorised to act on that person’s behalf – this is done to protect you and us) to Kindred by contacting us at privacy@kindredteam.com.

If you are using the Kindred CMP UI, this also allows you to exercise your ‘Do Not Sell my Personal Information’ right (see ‘Right to Opt Out of Sale or Sharing of Personal Information’ in the table below).

Your Rights under the CCPA	What this means
Right to Delete Personal Information	You have the right to ask us to delete any personal information about you which we have collected from you
Right to Correct Inaccurate Personal Information	You have the right to ask us to correct inaccurate personal information relating to you that we have collected
Right to Know What Personal Information is Being Collected. Right to Access Personal Information	You have the right to ask us to tell you about the personal data relating to you that we have collected. Please also see Section ‘Personal Data Collected’ in this Addendum.
Right to Know What Personal Information is Sold or Shared and to Whom	You have the right to ask us to tell you about your personal data that we sell, share, or disclose for a business purpose. Please also see Section ‘Personal Data Collected’ in this Addendum.
Right to Opt Out of Sale or Sharing of Personal Information (aka ‘Do not Sell my Personal Information’)	You have the right to ask us not to sell or share your personal information
Right to Limit Use and Disclosure of Sensitive Personal Information	Kindred does not collect sensitive personal information
Right of No Retaliation Following Opt Out or Exercise of Other Rights	Kindred will not discriminate against you for exercising any of your rights mentioned in this Addendum

Kindred will respond to your requests within 45 calendar days and if the request is complex, we may notify you of a 45-day extension (potentially totalling 90 days).

Other US states

If your state is not listed in the following table, please see the Kindred Global Privacy Notice above for a description of your rights.

Definitions

Term	What this means
State Privacy Laws	The relevant privacy and data protection laws as they become effective including the Colorado Privacy Act, the Connecticut Data Privacy Act (2022), Delaware Personal Data Privacy Act (2023), Indiana Consumer Data Protection Act (2023), Iowa Consumer Data Protection Act (2023), Kentucky Consumer Data Protection Act (2024), Maryland Online Data Privacy Act (2024), Minnesota Consumer Data Privacy Act (2024), Montana Consumer Data Privacy Act (2023), Nebraska Data Privacy Act (2024), Oregon Consumer Privacy Act (2023), Rhode Island Data Transparency and Privacy Protection Act (2024), Tennessee Information Protection Act (2023), Texas Data Privacy and Security Act (2023), Utah Consumer Privacy Act (2022) and Virginia Consumer Data Protection Act (2021) in each case as amended and including any regulations made under each.

Term

What this means

State Privacy Laws

The relevant privacy and data protection laws as they become effective including the Colorado Privacy Act, the Connecticut Data Privacy Act (2022), Delaware Personal Data Privacy Act (2023), Indiana Consumer Data Protection Act (2023), Iowa Consumer Data Protection Act (2023), Kentucky Consumer Data Protection Act (2024), Maryland Online Data Privacy Act (2024), Minnesota Consumer Data Privacy Act (2024), Montana Consumer Data Privacy Act (2023), Nebraska Data Privacy Act (2024), Oregon Consumer Privacy Act (2023), Rhode Island Data Transparency and Privacy Protection Act (2024), Tennessee Information Protection Act (2023), Texas Data Privacy and Security Act (2023), Utah Consumer Privacy Act (2022) and Virginia Consumer Data Protection Act (2021) in each case as amended and including any regulations made under each.

Your Rights Under Other States’ Privacy Laws

While US state privacy law is undergoing change and currently with no comprehensive federal privacy law (e.g., like the UK and EU General Data Protection Regulation (GDPR)) the following table provides an overview of the categories of rights available to data subjects.

Your Rights under other States’ law	What this means
Right to access	You have the right to ask us for the information or categories of information or categories of information we collect, process, and share with third parties, or the specific third parties or categories of third parties to which the information was shared
Right to correct	You have the right to request that we correct, but not delete, incorrect or outdated personal information
Right to delete	You have the right to request deletion of your personal information about the consumer under certain condition
Right to opt out of certain processing	You have the right to restrict our ability to process your personal information
Right to portability	You have the right to request personal information be disclosed in a common file format
Right to opt out of sales	You have the right to opt out of the sale of personal information to third parties
Right to opt in for sensitive data processing	You have the right to opt in before we can process your sensitive data
Right against automated decision-making	You have the right to ask and stop us from making decisions about you based solely on an automated process without human input

Please be aware that not every state supports each the above privacy rights, for example the Iowa Consumer Data Protection Act (2023) and the Utah Consumer Privacy Act (2022).

Kindred will respond to your requests within one month of receipt of the request according to the Kindred Global Privacy Notice, unless specified differently in your state’s privacy law.

Personal Data Collected

Please see section ‘Personal Data Collected’ under California in this Addendum.

Kindred does not knowingly collect, sell, or share the Personal Information of those under 16 years of age.

Kindred does not collect Sensitive Personal Information.

Addendum Update

This US State Law Privacy Notice Addendum was last updated on 22/08/2024.

Kindred

Kindred Global Privacy Notices

Last updated 05 September 2024

Part 1: Our approach

This section introduces us, the role we play in relation to your data, and our approach to protecting your data.

Part 2: What we collect and use

This section describes what data we collect, when, and how and we've set this out by way of a typical user journey (though it may not happen in that sequence)

Legal basis: what it means

Consent

Legitimate interest

Part 3: Rights, responsibilities

This section describes our responsibilities and your rights with regard to your data.

Part 4: Other processors

This section lists our service providers and other entities, who may have access to your data when you use the Website or App.

Azure

Hubspot

Freshdesk

CustomerIO

Advertisers and advertising networks

Segment

Mixpanel

Google Analytics

Optable

Other disclosures

Well done for reaching the end!

US State Law Privacy Notice Addendum

California

Definitions

Personal Data Collected

Your Rights Under the CCPA

Other US states

Definitions

Your Rights Under Other States’ Privacy Laws

Personal Data Collected

Addendum Update