KultraLab Privacy Notice
Last updated: 12th April 2023
This notice tells you how we look after your personal data when you visit our website at https://KultraLab.com/ (Website) or when you access and use the Kultra application (Application) (together, the Service).
It sets out what information we collect about you, what we use it for and who we share it with. It also explains your rights and what to do if you have any concerns.
We may sometimes need to update this notice, to reflect any changes to the way the Service is provided or to comply with new legal requirements. We will notify you of any important changes before they take effect.
1. Who we are and other important information
We are KultraLab Limited, registered in England and Wales with company number 12068832 whose registered address is 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT (KultraLab, we, us or our).
For all visitors to our Website, KultraLab is the controller for your information (which means we decide what information we collect and how it is used). We are registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection matters, under number ZB058580.
If you work for an organisation which is our Client (the Client) and they give you access to our Application, our Client is the controller and we are their processor (which means we must follow the instructions they give us). This means that for most queries you have about how your data is collected and used when you access our Application, you should contact the organisation you work for. However, we would like to provide you with some general information, as the processor, to help you understand our Application.
2. Contact Details
If you have any questions about this privacy notice or the way that we use information, please get in touch using the following details:
FAO: Data Protection Officer
Email address: dpo@KultraLab.com
Postal address: 3rd Floor, 1 Ashley Road, Altrincham, Cheshire WA14 2DT
3. The information we collect about you
Personal data means any information which does (or could be used to, identify a living person. We have grouped together the types of personal data that we may collect and where we receive it from below:
|Type of personal data||Received from|
|Identity Data – name, date of birth, job title, gender||
|Contact Data – email address, telephone numbers, home address, social media profile||
|Feedback – information and responses you provide when completing surveys and questionnaires||
|Photo and Image Data – profile picture, any images, videos and audio uploaded by you to the Service||
|Profile Data – username, password, interests, preferences (including language), work experience, education, chat logs. You may also choose to sync your contacts or calendars with our Service, in which case we will collect your address book and calendar meeting information||
|Technical Data – internet protocol (IP) address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices you use to access our Website or Application||
|Usage Data – information about your visit to our Website including the clickstream to, through and from our site, reports, information you viewed or searched on our Service, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and methods used to browse away from the page)||
|Marketing Data – information you submit to confirm whether you wish to receive marketing from us and which method you prefer to be contacted by (e.g. text, email)||
We may anonymise the personal data we collect (so it can no longer identify you as an individual) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users responded to a specific survey). Data protection law does not govern the use of anonymous data and the various rights described below do not apply to it.
4. How we use your information
KultraLab is required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:
- pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy);
- comply with a legal obligation that we have; and
- do something that you have given your consent for.
The table below sets out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not listed in the table, we will update our privacy notice and notify you.
|Taking steps to enter into the contract with our Client||Legitimate interests (necessary to conclude our contract with such organisation and obtain contact details for key contracts)|
|Providing our service to our Client||Legitimate interests (necessary to fulfil our service contract with our Client)|
|Asking you to participate in surveys and other types of feedback||Where the survey is compulsory: legitimate interests (necessary to fulfil our service contract with our Client)
Where the survey is optional: consent
|Publishing content uploaded by Application users (e.g. profile pictures, video clips, shared calendars etc)||Consent|
|Sending you marketing communications||Consent
Legitimate interests (where your email address belongs to an organisation which is a corporate body)
|Taking steps to enter into the contract with our Client||Legitimate interests (necessary to conclude our contract with such organisation and obtain contact details for key contracts)|
|Providing insight on how our products and services are being used||Legitimate interest (necessary to improve and optimise our products and services)
Legitimate interests (to provide our Clients an overview of their users’ engagement with the service)
|Administering and protecting products, services and systems||Legitimate interests (necessary to provide our products and services, monitor and improve network security and prevent fraud)|
|Handling requests for technical support and other queries||Legitimate interests (necessary to fulfil our service contract with our Client and ensure the proper functioning of our Application)|
|Notifying you about changes to our privacy notice||Legal obligation (necessary to comply with our obligations under data protection law)|
Our marketing messages always include a link so that you can unsubscribe at any time.
6. Who we share your information with
We share (or may share) your personal data with:
- Our personnel: KultraLab employees (or other types of workers) who have contracts containing confidentiality and data protection obligations.
- Our Clients: we have a service contract and data processing agreement in place with all our Clients which sets out what information we provide to them as part of our services. We always act in accordance with their instructions when we are processing data on their behalf.
- Our supply chain: other organisations help us provide our services (Google Firebase who host our Website and Application and Google Analytics who provide analytics services). We ensure these organisations only have access to the information required to provide the support we use them and have a contract with them that contains confidentiality and data protection obligations.
- Regulatory authorities: such as HM Revenue & Customs, the UK tax authority.
- Our professional advisers such as our accountants or legal advisors where we require specialist advice to help us conduct our business.
- Any actual or potential buyer of our business.
If KultraLab were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.
7. Where your information is located or transferred to
We will only transfer information outside of the UK where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located, e.g. by using contracts approved by the European Commission or UK Secretary of State).
If you use our Service because you have been registered by an organisation (e.g. your employer) or access our Service whilst abroad then your personal data may be stored on services located in the same country that the organisation or you are.
8. How we keep your information safe
We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:
- access controls and user authentication
- internal IT and network security
- regular testing and review of our security measures
- staff policies and training
- incident and breach reporting processes
- business continuity and disaster recovery processes
If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor for the affected personal data, we notify the controller and support them with investigating and responding to the incident.
If you notice any unusual activity on your Application account (or believe your account has been otherwise compromised) please let us know by emailing us at privacy@KultraLab.com.
9. How long we keep your information
Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
To decide how long to keep personal data (also known as its retention period), KultraLab considers the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records for HM Revenue & Customs).
We may keep Identity Data, Contact Data and certain Marketing and Communications Data (specifically, any exchanges between us by email or any other means) for up to six years after the end of our contractual relationship with you or your organisation to help us bring or defend any legal proceedings.
If you are not a Client and you browse our Website, we keep personal data collected through our analytics tools for two years from the date of your last visit.
If you are not a Client and you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you or three years where you have not interacted with our marketing communications.
10. Your legal rights
You have specific legal rights in relation to your personal data.
It is usually free for you to exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).
We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. If this happens we will always inform you in writing.
We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive.
We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.
|Your Legal Rights|
|Access: Legitimate interests (necessary to conclude our contract with such organisation and obtain contact details for key contracts)|
|Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.|
|Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continue holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.|
|Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g. whilst you check that the personal data we hold for you is correct).|
|Objection: You can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing communications but in other cases, we decide whether we will continue. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.|
|Portability: You can ask us to send you or another organisation an electronic copy of your personal data.|
|Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the ICO or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. Please contact us at privacy@KultraLab.com.|
If you wish to make any of the rights requests listed above, you can reach us at privacy@KultraLab.com.
What are cookies?
Cookies are small text files that are downloaded to your device. Cookies contain a uniquely generated references which are used to distinguish you from other users. They allow information gathered on one webpage to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience (like remembering your favourites) and a website owner with statistics about how you interact with their (and sometimes third party) webpages.
Cookies are not harmful to your devices (like a virus or malicious code) but some individuals prefer not to share their information (for example, to avoid targeted advertising).
As well as GDPR, cookie use is governed by specific law (in the UK, the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended). This says that a website, or an app, can only place a cookie on an end user’s device if it is strictly necessary for the site or service to function, or if the user consents to receive the cookie (and “consent” here means “consent” as defined in the GDPR – i.e. a freely given, specific, informed and unambiguous indication of wishes by which the user, by a statement or by a clear affirmative action, signifies agreement).
Different types of cookies
cookies have a limited lifespan. Cookies which only last a short time or end when you close your browser are called session cookies. Cookies which remain on your device for longer are called persistent cookies (these are the type of cookies that allow websites to remember your details when you log back onto them).
First party vs third party cookies: cookies placed on your device by the website owner are called first party cookies. When the website owner uses other businesses’ technology to help them manage and monitor their website (for example, they use Google Analytics to see how many visitors their website has), the cookies added by the other business are called third party cookies.
Categories of cookies: cookies can be grouped by what they help the website or website owner do:
- Necessary cookies are cookies which help the website to run properly (when they are strictly necessary cookies it means their only function is to help the website work).
- Performance cookies help a website owner understand and analyse how website visitors use their website.
- Marketing cookies tailor online adverts to reflect the content you have previously browsed and help inform companies about your interests so they can show you relevant adverts.
- to track how visitors use our Website or users use our Application
- to record whether you have seen specific messages we display on our Website or Application
- to record the conversation thread when you use our webchat or Application communicator function
- to record your answers to surveys and questionnaires on our Application while you complete them
- to keep you signed into our Application
The cookies we use are:
|Set by||Purpose||Technical Info||What it does|
|Google LLC (on KultraLab.com)||Analytics||__ga||Identifies and remembers website visitors, how they arrived at our Website, which pages they viewed and how long they stayed on. We use this information to improve user experience.|
|Google LLC (on KultraLab.com)||Analytics||_ga_2EYLYB76GJ||Identifies and remembers website visitors, how they arrived at our Website, which pages they viewed and how long they stayed on. We use this information to improve user experience.|
|Google LLC (on KultraLab.com)||Analytics||_ga_XBMHW02RW5||This cookie is installed by Google Analytics.|
|Google LLC (on KultraLab.com)||Analytics||_gcl_au||Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.|
|GDPR Cookie Consent plugin (on KultraLab.com)||Necessary||cookielawinfo-checkbox-necessary||This cookie is used to record the user consent for the cookies in the “Necessary” category.|
|GDPR Cookie Consent plugin (on KultraLab.com)||Necessary||cookielawinfo-checkbox-functional||This cookie is used to record the user consent for the cookies in the category “Functional”.|
|GDPR Cookie Consent plugin (on KultraLab.com)||Necessary||cookielawinfo-checkbox-performance||This cookie is used to store the user consent for cookies in the category “Performance”.|
|GDPR Cookie Consent plugin (on KultraLab.com)||Necessary||cookielawinfo-checkbox-analytics||This cookie is used to record the user consent for the cookies in the “Analytics” category.|
|GDPR Cookie Consent plugin (on KultraLab.com)||Necessary||cookielawinfo-checkbox-advertisement||This cookie is used to record the user consent for the cookies in the “Advertisement” category.|
|GDPR Cookie Consent plugin (on KultraLab.com)||Necessary||cookielawinfo-checkbox-others||This cookie is used to store the user consent for cookies in the category “Others”.|
|HubSpot Inc (on KultraLab.com)||Necessary||__hs_do_not_track||This cookie can be set to prevent the tracking code from sending any information to HubSpot|
|HubSpot Inc (on KultraLab.com)||Necessary||__hs_initial_opt_in||This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode.|
|HubSpot Inc (on KultraLab.com)||Necessary||__hs_cookie_cat_pref||This cookie is used to record the categorised a visitor consented to.|
|HubSpot Inc (on KultraLab.com)||Analytics||__hstc||The main cookie for tracking visitors.|
|HubSpot Inc (on KultraLab.com)||Analytics||__hssc||This cookie keeps track of sessions.|
|HubSpot Inc (on KultraLab.com)||Analytics||__hssrc||Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.|
How to delete cookies
You can choose to decline cookies but if you turn off necessary cookies some pages and functions on our Website and Application may not work properly.
You can also manage cookies through your browser settings or device settings (your user manual should contain additional information).
You can also delete cookies directly with the relevant third parties (for example, you can disable Google Analytics on their website).