Kindred Privacy Notice

Last updated 14 April 2024

In this privacy notice, we describe who we are, and how we look after your data. This notice applies to you if you browse our website, use the Kindred App, Kindred SDK, as well as the Add-on for Samsung (each are identified separately below).

 You can also update your own consent preferences here. 

Part 1: Our approach    

This section introduces us, the role we play in relation to your data, and our approach to protecting your data.    

Who are we?
We are Kindred Soul Limited, a UK limited company, (‘we’, ‘us’, ‘our’, ‘Kindred’) with a registered office at PEM, Salisbury House, Station Rd, Cambridge CB1 2LA.
We are registered with the UK Information Commissioner's Office under number ZA728760.
For any queries or requests relating to your data, how we collect or process it, or anything to do with this privacy notice, please contact us at privacy@kindredteam.com
What we do
Kindred provides several products on our platform/service that displays coupon codes and offers provided by advertisers as you shop online. In addition, Kindred will plant trees/donate to charities as purchases are made using commission paid by advertisers when you purchase online.
Kindred works with advertisers to provide insights into shopping behaviour and audience curation services, while users get access to discount codes to save money at advertisers. Kindred collects commission due from validated transactions from the advertiser and consent to the collection of data necessary to run the service.
What is this notice about?
We take your rights very seriously and have built our service to collect the minimum data necessary to provide a great service to you and our advertisers. Please take the time to understand how we collect, use, and process your data.
We collect and use certain data to deliver the Kindred experience to you when you use: our websites, www.kindred.co and app.kindred.co and sdk.kindred.co (collectively the ‘Websites’), The Kindred app (from the Apple App Store or the Google Play Store), the Kindred SDK, Kindred API service and the add-on for Samsung (collectively the ‘Services’).
Our data capture technology is unique in that it has been designed to selectively capture a limited range1 of your shopping preferences. Kindred does not collect data indiscriminately and only captures data necessary to provide its services to you and to its clients and their third-party vendors. This enables Kindred to use IDs to work with approved third parties and provide insights and audience curation services. In return our users get additional benefits such as exclusive discounts and collectively contribute to environmental and charitable causes.
This website is not intended for children, and we do not knowingly collect data relating to children.

Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. If you do not agree with how we do this, please do not use our services or use this Website any further. Kindred participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Kindred’s identification number is 1245. Kindred operates the Consent Management Platform.

   

Part 2: What we collect and use  

This section describes what data we collect, when, and how and we've set this out by way of a typical user journey (though it may not happen in that sequence)

Our interaction with you

What data we collect and from whom

What we do with your data

Legal basis for processing your data

Visiting our websites

We collect information about your browser, device, and activities on our websites.

We collect this data directly from you and you interaction with our Websites.

We collect, store, and use website visit data to make our website more intuitive and easier to use and protect the security and effective functioning of our websites.

Your data is stored in the UK or the Netherlands, and we keep it for up to 2 years.

We use third parties (see Part 4 below) based in the EU and the US to help us understand how you use our websites.

It is in our legitimate interests to monitor how our website is used to help us (a) improve the layout and information available on our website and provide a better service to our website users, (b) see website usage and statistics, and (c) monitor how our website is used to detect and prevent fraud, other crimes, and the misuse of our website.

Making contact

When you contact us via the Website, email, telephone, instant chat, social media, we will collect and store the details you give us, which may include your first name and surname, email address, job title, company, and any other information you choose to provide us.

We collect this data directly from you when you contact us.

We use the data you provide us to communicate with you, answer your queries, and to respond to your requests.

Your data is stored in the UK or the Netherlands, and we keep it for up to 2 years and is not shared with any third parties, except on occasion with service providers such as IT or security, to ensure that our services are maintained.

 

Our legal basis for processing your data is legitimate interest, and we process your data to respond to you contacting us.

Signing up for our newsletter or alerts

If you sign up for our newsletters or alerts, we will collect your contact details. Depending on how you want to be contacted we will collect your name, email address and/or your phone number.

 

We collect this data directly from you.

We collect your data when you sign up for our newsletters or alerts so that we can provide you with the latest Kindred news and offers as they become available.

Your data is stored in the UK or the Netherlands, and we keep this until such times as you withdraw your consent. This data is not shared with any third parties, except on occasion with service providers such as IT or security, to ensure that our services are maintained..

To process your data in this way, we ask for your consent at the time you sign up for the newsletter or alert.

You can withdraw your consent at any time, and if you do so we will be unable to continue to provide you with our newsletters of alerts.

Signing up

If you create an account, we will collect and store the account details you give us and your Email address

We collect this data directly from you.

We collect your data when you sign up for our services.

Your data is stored in the UK or the Netherlands, and we keep this until you close your account, and then for a further 180 days.

This data is not shared with any third parties except on occasion with service providers such as IT or security, to ensure that our services are maintained.

It is in our legitimate interest to process your data when you sign up for an account, so that we can manage your account and communicate with you.

When you use our Websites or Services (i.e., The Kindred App, Kindred SDK and Kindred API services) and have not used our CMP & TCF UI to manage your preferences

This is the default for all Kindred users

Information sent to us by your computer, mobile phone, or other device, including:

  • Randomly assigned anonymous click IDs for each visit
  • Anonymous Kindred user ID
  • Website URL
  • Your device identifier, device name, operating system, & browser type

We collect this data directly from you.

We use your data to:

  • To administer the App, SDK, API and White labelled desktop services
  • To personalise your experience
  • To provide you with support

 We use third parties (see also Part 4 below) based in the EU and the US to help us understand how you use our websites.

We use legitimate interest to process your data to provide our Services and Websites, to administer and to provide you with support for these

When you use our Websites or Services (i.e., The Kindred App, Kindred SDK, Add-on for Samsung, and Kindred API services) and have used our CMP & TCF UI to manage your preferences

When you use our services, we process information sent to us by your device (e.g., computer, mobile phone) where you have installed and activated including:

  • Device identifier, device name, operating system, and browser type, geolocation data
  • IP address
  • Your consent and transparency preferences
  • Selected data from your search strings
  • Website URL

We collect this data directly from you.

We may also collect third party IDs where these have been made available to us by our partners.

We refer to the above as ‘App Data’.

We process your data for the following purposes, specifically where you allow us:

• To select advertising using limited data

• To measure advertising performance

• To measure content performance

• To understand audiences through statistics or combinations of data from different sources

• To develop and improve services

• To select content using limited data

‘App data’ is stored in the UK or the Netherlands for up to 180 days or less if you withdraw your consent before 180 days.

We share ‘App data’ with our partners according to the relationship we have with them, e.g., service providers, business customers (see also Part 4 below).

 

We use legitimate interest to process your data to provide our services, and in doing so we may collect, sell, share, and disclose App Data to our partners.

Kindred provide you control over our processing under legitimate interest using the Kindred TCF CMP UI (a popup available on all our Websites and Services).

 

When you use our Websites or Services (i.e., The Kindred App, Kindred SDK, Add-on for Samsung, and Kindred API services) and have used our CMP & TCF UI to manage your preferences

When you use our services, we process information sent to us by your device (e.g., computer, mobile phone) where you have installed and activated including:

  • Device identifier, device name, operating system, and browser type, geolocation data
  • IP address
  • Your consent and transparency preferences
  • Selected data from your search strings
  • Website URL

We collect this data directly from you.

We may also collect third party IDs where these have been made available to us by our partners.

We refer to the above as ‘App Data’.

We also process your data for the following purposes, only with your consent:

  • To store and/or access information on a device
  • To create profiles for personalised advertising
  • To use profiles to select personalised advertising
  • To create profiles to personalise content
  • To use profiles to select personalised content

‘App data’ is stored in the UK or the Netherlands for up to 180 days or less if you withdraw your consent before 180 days.

We share ‘App data’ with our partners according to the relationship we have with them, e.g., service providers, business customers (see also Part 4 below).

We ask for your explicit consent to process your data for these purposes.

We manage your explicit consent for each of these purposes, using the Kindred TCF & CMP UI (a popup available on all our Websites and Services).

This gives you control over your consent and allows you to opt-in and opt-out to each of these purposes at any time.

 

 

When you use the Add-on for Samsung Internet and have not used our CMP & TCF UI to manage your preferences

This is the default for all Kindred users

When you use the Add-on for Samsung Internet, we process information sent to us by your computer, mobile phone, or other device, including:

  • Website URL
  • IP Address
  • Randomly assigned anonymous click IDs for each visit

We collect this data directly from you.

We process your data:

  • To administer the Add-on
  • To personalise the Add-on and your experience
  • To provide you with support

Your contact details are stored in the UK or the Netherlands for the period you have the Add-on for Samsung Internet installed, and thereafter for 180 days.

We share ‘App data’ with our partners according to the relationship we have with them, e.g., service providers, business customers (see also Part 4 below).

We use legitimate interest to process your data to provide our services, to administer the add-on, and to provide you with support.

 

Legal basis: what it means

Data protection law requires that we only process your personal data when we have identified a valid legal basis to do so. There are six available legal bases for processing. No single basis is ‘better’ or more important than the others and depending on the relationship we have with you will determine which basis is most appropriate.

You’ll have seen one or more of the following identified as a legal basis (under ‘How we use it’ above):

Consent

Consent, as a lawful basis for us to process your personal data, means that we have asked you for your explicit consent to process your data. Pre-ticked boxes are not allowed to collect your consent and you can withdraw your consent at any time.

This also means that we can only process data under this basis if (a) we have been clear and unambiguous about the purposes for which we are processing your data, (b) that you have given your consent freely, and (c) we provide a means for you to withdraw your consent as easily as it was for you to give us your consent.

We must ask you for your permission (your ‘consent’) to process your data under the legal basis of consent before we process your data. If you have given your consent, you can withdraw it, which can be done by using the Kindred TCF CMP UI (a popup available on all our Websites and Services), deactivating the browser extension, uninstalling the app, or emailing us at the address below.

Legitimate interest

Legitimate interest allows us to process your personal data for our own interests and this can include our commercial interests, or broader societal benefits, for example contributing to charities.

This also means that we must provide you the details of the processing as well as what our legitimate interests are. Importantly, we are also required to ensure that our interests do not override your rights.

We do not need to ask permission to process your data under legitimate interest, however you can object to this, which can be done by using the Kindred TCF CMP UI (a popup available on all our Websites and Services), deactivating the browser extension, uninstalling the app, or emailing us at the address below.

It is important to Kindred that you know and understand your rights regarding Kindred’s processing of your personal data, so we ask you to read ‘Part 3: Responsibilities and Rights’ carefully.

Part 3: Rights, responsibilities

This section describes our responsibilities and your rights with regard to your data.    

Our responsibilities

Data Protection law requires that we process your personal data in accordance with established data protection principles
Principle What it means

Lawfulness, fairness, and transparency

We must only process your personal data lawfully, fairly and in a transparent manner.

Purpose limitation

We collect your personal data only for specified, explicit and legitimate purposes.

Data minimisation

We ensure that your personal data is adequate, relevant, and limited to what is necessary in relation to the services that we are providing you.

Accuracy

We ensure that your personal data is accurate and where necessary, kept up to date.

Storage limitation

We ensure that your personal data is not kept in a form which allows for you to be identified for longer than is necessary.

Integrity and confidentiality

We process your personal data in a manner that ensures its security using appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
Your rights

You have several rights under data protection law, that Kindred is required to uphold. It is important to recognise that not all rights apply all the time, which means some rights are dependent on our relationship and interactions with you.
Your right What it means

Access

You have the right to ask us for copies of your personal data.

This right always applies, however there may be some exemptions, which means you may not always receive all the personal data we process.

Rectification

You have the right to ask us to rectify any of your personal data that you think is inaccurate or incomplete.

This right always applies.

Erasure

You have the right to ask us to erase your personal data:

·       Where it is no longer required for purpose for which it was collected, or

·       Where you withdraw your prior consent to us processing it and we have no other legal ground for processing it, or

·       Where it is being processed unlawfully, or

·       When it must be erased to comply with a legal obligation, or

·       Where it is being used for direct marketing purposes where we have no legitimate grounds for us doing so.

Restriction

You have the right to ask us to restrict the processing of your personal data:

·       Where it is inaccurate (allowing us to verify the accuracy), or

·       Where it is being processed unlawfully (and you want us to stop processing rather than erasing it), or

·       Where you have objected to us processing it while we’re verifying whether we have legitimate grounds for processing, or

·       Where it is no longer required for purpose for which it was collected, and you want us to keep it for the establishment, exercise, or defence of legal claims.

Portability

You have the right to ask us to transfer the information you provided us from one organisation to another or give it to you.

This only applies if we are processing personal data based on your consent or as part of a contract, or in talks with you about entering into a contract and the processing is automated.

This only applies to personal data you have given us.

Objection

You have the right to object to processing your personal data if:

·       We are using legitimate interests as our lawful basis for processing, or

·       It is being used for direct marketing.

Withdraw consent

You have the right to withdraw your consent that you have previously given to us for one or more specified purposes to process your personal data.

This will not affect the lawfulness of any processing carried out before you withdraw your consent.

It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
Our other obligations

We are also required to tell you about a few other things
Your right What it means

Complaints

You have the right to complain to a Supervisory Authority, in the UK that is the Information Commissioner’s Office.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please consider contacting us first.

Opting out of marketing emails

You can opt out of any marketing at any time by emailing us at privacy@kindredteam.com or by clicking the opt-out or unsubscribe button found in the footer of promotional emails.

Automated decision-making and profiling

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless you have given us your consent to do so, or it is necessary for entering into or the performance of a contract.

Change of purpose

We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at privacy@kindredteam.com.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosure of your data

Kindred shares your data to support its relationship and interactions with you, with those identified in ‘Part 4: Other Processors’

Breaches

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Dealing with your requests

We will deal with your requests as soon as possible which may take up to 1 (one) month and if this is likely to take longer, we will contact you and explain the situation (possibly extended to 3 months where the law permits). Normally there is no charge, however we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Third-party sites

Our Website may provide links to the websites of third parties, for example, the brands and merchants that we're connecting you with. They have their own privacy notices, policies, procedures, and activities which we do not control. Please check their policies before you submit any information via those websites.

Security

Kindred is ISO27001 certified, and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, destroyed, or accessed without authorisation. This includes consideration of security during the design and development of our services and products.

While no data transmission or storage can be guaranteed to be secure, we implement a range of commercially reasonable physical, technical, and procedural measures to help protect personal data. These measures include policies, confidentiality agreements with third parties, secure development practices, security due diligence of service providers, products, services that may be used.

Part 4: Other processors

This section lists our service providers and other entities, who may have access to your data when you use the Website or App.

As with most technology businesses, we use third parties to host our Website and App and manage certain processes and business operations. This means sharing your data. We do it only when strictly necessary and we make sure there are safeguards in place. If it requires transferring data outside of the United Kingdom or the European Economic Area, we make sure that it's done under available lawful mechanisms.

Provider Purpose and use Who does it apply to? Where More details
Azure

Cloud storage provider which hosts the App, stores Kindred data you provide and provides disaster recovery

All users and partners.

EU   

https://azure.microsoft.com/en-us/overview/trusted-cloud/privacy/ 
Hubspot

Customer relationship management information    

SDK partners - B2B contact details only.

UK

https://www.hubspot.com/data-privacy/gdpr 
Freshdesk

Customer relationship management information    

Kindred app only - help desk

EU    

 https://freshdesk.com/gdpr 
CustomerIO

Customer relationship management information    

Kindred app only

EU   

 https://www.customer.io/docs/privacy/ 
Advertisers and advertising networks    

Store your personal data to select and serve relevant adverts to you, unless you have opted out of personalised adverts    

Kindred app and website only

EU, US

 

 
Segment    

Data analytics to assist us in improving and optimising the Website and App    

Kindred app only

EU   

https://www.twilio.com/legal/privacy 
Mixpanel

Data analytics to assist us in improving and optimising the Website and App    

Kindred app only

EU   

https://mixpanel.com/legal/privacy-policy/ 
Google Analytics    

Data analytics to assist us in improving and optimising the Website and App    

Kindred app only

EU, US

https://safety.google/ 

Other disclosures

We will share your information with law enforcement agencies, public authorities and other organisations if legally required to do so, or if it's reasonably necessary to comply with the law, investigate and enforce any breaches of our terms of use, detect and prevent fraud or security breaches, reduce our credit risk exposure, and protect the rights and safety of Kindred and our users. We may share data with our service providers such as IT or security service providers, to ensure that our services are maintained. If we sell our business, we may need to disclose your data to the prospective buyer, and your data will form part of the assets transferred to the buyer on completion of the sale.

Well done for reaching the end!

We'd love you to be comfortable with how we collect and use your data. If you have any questions or suggestions, please email privacy@kindredteam.com