Kindred Privacy Notice

Last updated 12 December 2023

In this privacy notice, we describe how we look after your data, this notice applies to you if you are using the Kindred App, Kindred SDK, browsing our website, as well as the Kindred Add-on for Samsung (each are identified separately below). Let's start with a map of what this privacy notice contains. 

Part 1: Our approach    

This section introduces us, the role we play in relation to your data, and our approach to protecting your data.    

Who are we?
We are Kindred Soul Limited, a UK limited company, (‘we’, ‘us’, ‘our’, ‘Kindred’) with a registered office at PEM, Salisbury House, Station Rd, Cambridge CB1 2LA.
We are registered with the UK Information Commissioner's Office under number ZA728760.
For any queries or requests relating to your data, how we collect or process it, or anything to do with this privacy notice, please contact us at privacy@kindredteam.com
What we do
Kindred provides a browser extension and app that connects you with offers (such as discount codes and cashback) as you shop online, and lets you gift a portion of the offer to charity.
What is this notice about?
This privacy notice provides you information about how Kindred collects and processes your personal data.
We collect and use certain data to deliver the Kindred experience to you when you use:Our websites, www.kindred.co and app.kindred.co (collectively the ‘Website’), The Kindred app (browser extension) and The Kindred add-on for Samsung.
This website is not intended for children, and we do not knowingly collect data relating to children.

Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. If you do not agree with how we do this, please do not download the Kindred App or use this Website any further.    

Part 2: What we collect and use  

This section describes what data we collect, when, and how and we've set this out by way of a typical user journey (though it may not happen in that sequence)

Action What we collect How we use it              
Making contact When you contact us via the Website, email, telephone, instant chat, social media, or sign up for our newsletters or alerts, we will collect and store the details you give us.
We collect this data directly from you when you contact us.
  • To communicate with you via phone or email
  • To sign you up for our newsletters or alerts
  • To personalise the Website and App for you

Legal basis: legitimate interest

              
Using our website

Information sent to us by your computer, mobile phone, or other device, including:
•    Your IP address
•    Device identifier, device name, and operating system
•    Your browser type
•    The Website pages you access

We collect this data directly from you.

This does not apply to Samsung Add-on users, as there is no account creation or sign-up for these users.
  • To personalise our Website using cookies (see our Cookie Notice for more)
  • To monitor and analyse trends, usage, and activity to improve the Website
  • To detect and prevent fraud, other crimes, and the misuse of our Website
  • To administer and troubleshoot the Website
  • To measure the effectiveness of the content we serve, and analyse surveys and data
  • To keep the Website safe and secure

    Legal basis: legitimate interest 
Signing up

When you create an account, we will collect and store the account details you give us.

We collect this data directly from you.

This does not apply to Samsung Add-on users, as there is no account creation or sign-up for these users.
  • To identify you as a user and your access rights
  • To administer your account and payment of cashback
  • To administer and provide services and customer support per your request

Legal basis: legitimate interest and contract

If you opt into marketing:

  • To communicate with you about products, promotions, events and other news we think will be of interest to you.

Legal basis: consent and legitimate interest

              
Using the Kindred app and desktop extension

Information sent to us by your computer, mobile phone, or other device, including:

  • Randomly assigned anonymous click IDs for each visit
  • Anonymous Kindred user ID
  • Website URL
  • Android ID, and/or Apple IFDA
  • Your device identifier, device name, operating system
  • Your browser type and the App pages you access
We collect this data directly from you.


This does not apply to Kindred Add-on users for Samsung Internet.
  • To administer the App
  • To personalise the App and your experience
  • To provide you with support

Legal basis: legitimate interest and contract

              
Using the Kindred Add-on for Samsung Internet

Information sent to us by your computer, mobile phone or other device, including:

  • Website URL

  • Randomly assigned anonymous click IDs for each visit

    We collect this data directly from you.

     
  • To administer the Add-on
  • To personalise the Add-on and your experience
  • To provide you with support

Legal basis: legitimate interest

              
Using the Kindred SDK, API or a white labelled desktop extension for partners

Information sent to us by your computer, mobile phone or other device, including:

  • Randomly assigned anonymous click IDs for each visit.
  • Anonymous Kindred user ID
  • Website URL
  • Android ID, and/or Apple IFDA (where implemented)
  • Your device identifier, device name, and operating system
  • Your browser type and the App pages you access

We collect this data directly from you.

This does not apply to Kindred Add-on users for Samsung Internet.
  • To administer the SDK, API and White labelled desktop services
  • To personalise the Add-on and your experience
  • To provide you with support

Legal basis: legitimate interest and contract

              

 

Legal basis: what it means

Data protection law requires that we only process your personal data when we have identified a valid legal basis to do so. There are six available legal bases for processing. No single basis is ‘better’ or more important than the others and depending on the relationship we have with you will determine which basis is most appropriate.

You’ll have seen one or more of the following identified as a legal basis (under ‘How we use it’ above):

Consent

Consent, as a lawful basis for us to process your personal data, means that we have asked you for your explicit consent to process your data. This also means that we can only process data under this basis if (a) we have been clear about the purposes for which we are processing your data, (b) we have clear about exactly what you are consenting to, (c) that you have given your consent freely, and (d) we have made before you consent, that you can withdraw your consent at any time. In short, we will ask you to actively opt in. We don’t use pre-ticked boxes, opt-out boxes, or other default settings to get your consent.

Contract

Contract, as a lawful basis for us to process your personal data, means that (a) we have a contract with you, and we need to process your personal data to comply with our obligations under the contract, or (b) that we don’t yet have a contract with you, but you have asked us to do something as a first step (e.g. provide a quote) and we need to process your personal data to do what you ask. This applies even if you don’t go on to enter into a contract with us, as long as the processing was in the context of a potential contract with you.

Legitimate interest

Legitimate interest, as a lawful basis for us (or a third party), to process your personal data, means this can be done for our own interests and this can include our commercial interests, or broader societal benefits, for example contributing to charities. This also means that we must provide you the details of the processing as well as what our legitimate interests are. Importantly, we are also required to ensure that our interests do not override your rights.

It is important to Kindred that you know and understand your rights regarding Kindred’s processing of your personal data, so we ask you to read ‘Part 3: Responsibilities and Rights’ carefully.

Part 3: Rights, responsibilities

This section describes our responsibilities and your rights with regard to your data.    

Our responsibilities

Data Protection law requires that we process your personal data in accordance with established data protection principles
Principle What it means

Lawfulness, fairness, and transparency

We must only process your personal data lawfully, fairly and in a transparent manner.

Purpose limitation

We collect your personal data only for specified, explicit and legitimate purposes.

Data minimisation

We ensure that your personal data is adequate, relevant, and limited to what is necessary in relation to the services that we are providing you.

Accuracy

We ensure that your personal data is accurate and where necessary, kept up to date.

Storage limitation

We ensure that your personal data is not kept in a form which allows for you to be identified for longer than is necessary.

Integrity and confidentiality

We process your personal data in a manner that ensures its security using appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
Your rights

You have several rights under data protection law, that Kindred is required to uphold. It is important to recognise that not all rights apply all the time, which means some rights are dependent on our relationship and interactions with you.
Your right What it means

Access

You have the right to ask us for copies of your personal data.

This right always applies, however there may be some exemptions, which means you may not always receive all the personal data we process.

Rectification

You have the right to ask us to rectify any of your personal data that you think is inaccurate or incomplete.

This right always applies.

Erasure

You have the right to ask us to erase your personal data:

  • Where it is no longer required for purpose for which it was collected, or
  • Where you withdraw your prior consent to us processing it and we have no other legal ground for processing it, or
  • Where it is being processed unlawfully, or
  • When it must be erased to comply with a legal obligation, or
  • Where it is being used for direct marketing purposes where we have no legitimate grounds for us doing so.

Restriction

You have the right to ask us to restrict the processing of your personal data:

  • Where it is inaccurate (allowing us to verify the accuracy), or
  • Where it is being processed unlawfully (and you want us to stop processing rather than erasing it), or
  • Where you have objected to us processing it while we’re verifying whether we have legitimate grounds for processing, or
  • Where it is no longer required for purpose for which it was collected, and you want us to keep it for the establishment, exercise or defence of legal claims.

Portability

You have the right to ask us to transfer the information you provided us from one organisation to another or give it to you.

This only applies if we are processing personal data based on your consent or as part of a contract, or in talks with you about entering into a contract and the processing is automated.

This only applies to personal data you have given us.

Objection

You have the right to object to processing your personal data if:

  • We are using legitimate interests as our lawful basis for processing, or
  • It is being used for direct marketing.

Withdraw consent

You have the right to withdraw your consent that you have previously given to us for one or more specified purposes to process your personal data.

This will not affect the lawfulness of any processing carried out before you withdraw your consent.

It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
Our other obligations

We are also required to tell you about a few other things
Your right What it means

Complaints

You have the right to complain to a Supervisory Authority, in the UK that is the Information Commissioner’s Office.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please consider contacting us first.

Opting out of marketing emails

You can opt out of any marketing at any time by emailing us at privacy@kindredteam.com or by clicking the opt-out or unsubscribe button found in the footer of promotional emails.

Automated decision-making and profiling

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, including profiling, unless you have given us your consent to do so, or it is necessary for entering into or the performance of a contract.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at privacy@kindredteam.com.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosure of your data

Kindred shares your data to support its relationship and interactions with you, with those identified in ‘Part 4: Other Processors’

Breaches

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Dealing with your requests

We will deal with your requests as soon as possible but may take up to 1 month (possibly extended to 3 months where the law permits). Normally there is no charge, however we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Third-party sites

Our Website may provide links to the websites of third parties, for example, the brands and merchants that we're connecting you with. They have their own privacy notices, policies, procedures, and activities which we do not control. Please check their policies before you submit any information via those websites.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, destroyed, or accessed without authorisation.

While no data transmission or storage can be guaranteed to be secure, we implement a range of commercially reasonable physical, technical, and procedural measures to help protect personal data. These measures include policies, confidentiality agreements with third parties, secure development practices, security due diligence of service providers, products, services that may be used.

We have also put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

Part 4: Other processors

This section lists our service providers and other entities, who may have access to your data when you use the Website or App.

As with most technology businesses, we use third parties to host our Website and App and manage certain processes and business operations. This means sharing your data. We do it only when strictly necessary and we make sure there are safeguards in place. If it requires transferring data outside of the United Kingdom or the European Economic Area, we make sure that it's done under available lawful mechanisms.

Provider Purpose and use Who does it apply to? Where More details
Azure

Cloud storage provider which hosts the App, stores Kindred data you provide and provides disaster recovery    

This applies to Kindred Add-on users for Samsung Internet    

 

All users and partners.

EU   

https://azure.microsoft.com/en-us/overview/trusted-cloud/privacy/ 
Hubspot

Customer relationship management information    

SDK partners - B2B contact details only.

UK

https://www.hubspot.com/data-privacy/gdpr 
Freshdesk

Customer relationship management information    

Kindred app only - help desk

EU    

 https://freshdesk.com/gdpr 
CustomerIO

Customer relationship management information    

Kindred app only

EU   

 https://www.customer.io/docs/privacy/ 
Advertisers and advertising networks    

Store your personal data to select and serve relevant adverts to you, unless you have opted out of personalised adverts    

Kindred app and website only

EU, US

 

 
Segment    

Data analytics to assist us in improving and optimising the Website and App    

Kindred app only

EU   

https://www.twilio.com/legal/privacy 
Mixpanel

Data analytics to assist us in improving and optimising the Website and App    

Kindred app only

EU   

https://mixpanel.com/legal/privacy-policy/ 
Google Analytics    

Data analytics to assist us in improving and optimising the Website and App    

Kindred app only

EU, US

https://safety.google/ 

Other disclosures

We will share your information with law enforcement agencies, public authorities and other organisations if legally required to do so, or if it's reasonably necessary to comply with the law, investigate and enforce any breaches of our terms of use, detect and prevent fraud or security breaches, reduce our credit risk exposure, and protect the rights and safety of Kindred and our users. If we sell our business, we may need to disclose your data to the prospective buyer, and your data will form part of the assets transferred to the buyer on completion of the sale.

Well done for reaching the end!

We'd love you to be comfortable with how we collect and use your data. If you have any questions or suggestions, please email privacy@kindredteam.com