Home / Privacy Policy

Privacy Policy

Last updated:

Summary: KTech & Capital LTD is committed to protecting your personal data. This policy explains what data we collect, how we use it, the legal basis for processing, and your rights under UK GDPR. If you have questions, contact our Data Protection Officer at dpo@ktechandcapital.co.uk.

1. Who We Are

KTech & Capital LTD ("we", "us", "our") is a company registered in England and Wales (Company Number: 12345678) with our registered office at 20–22 Wenlock Road, London, N1 7GU. We are registered with the Information Commissioner's Office (ICO) as a data controller under registration number ZA123456.

For the purposes of UK GDPR and the Data Protection Act 2018, KTech & Capital LTD is the data controller for personal data collected through our websites and products.

2. Information We Collect

We collect the following categories of personal data:

2.1 Information You Provide to Us

  • Contact information: Name, email address, telephone number and postal address when you contact us, create an account or register for our services.
  • Account data: Username, password (stored as a salted hash), account preferences and profile information.
  • Payment information: Billing name, address and payment card details. Card details are processed by our PCI DSS-compliant payment provider (Stripe) and are not stored by us.
  • Communications: The content of messages you send us via the contact form, email, or live chat.
  • Survey and feedback responses: Your responses when you participate in surveys or provide feedback on our products.

2.2 Information We Collect Automatically

  • Usage data: Pages visited, features used, time spent on the platform, search queries, clicks, and interactions.
  • Device and technical data: IP address, browser type and version, operating system, screen resolution, and referring URLs.
  • Cookies and tracking technologies: See Section 9 (Cookies) for full details.

2.3 Information from Third Parties

  • Authentication providers: If you sign in using Google or Microsoft, we receive your name, email address, and profile picture from those providers.
  • Payment processors: We receive transaction confirmations and billing information from Stripe.
  • Referencing agencies: For our Property Management Suite, we may receive credit and background check results from our referencing partners (with tenant consent).

3. How We Use Your Information

We use your personal data for the following purposes:

  • To provide, maintain, and improve our products and services
  • To create and manage your account
  • To process payments and manage subscriptions
  • To respond to your inquiries and provide customer support
  • To send you service notifications (e.g., password resets, billing receipts)
  • To send you marketing communications where you have given consent or where we have a legitimate interest (see Section 4)
  • To personalize your experience on our platforms
  • To conduct analytics to understand how our products are used
  • To detect, prevent, and address fraud, security incidents, and other harmful activity
  • To comply with our legal obligations

4. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:

  • Contract (Article 6(1)(b)): Processing necessary to perform our contract with you — e.g. providing you with access to our products.
  • Legitimate interests (Article 6(1)(f)): Where processing is necessary for our legitimate business interests and those interests do not override your rights — e.g. product analytics, fraud prevention and marketing to existing customers.
  • Consent (Article 6(1)(a)): Where you have given us explicit consent — e.g. marketing communications to new subscribers, non-essential cookies.
  • Legal obligation (Article 6(1)(c)): Where processing is required to comply with a legal obligation — e.g. tax and financial reporting obligations.

Where we process special categories of personal data (Article 9 GDPR), we do so only with explicit consent or where required by law.

5. Data Sharing

We share personal data with the following categories of third parties:

  • Cloud infrastructure providers: Amazon Web Services (AWS) — for hosting and data storage. Data is stored in the EU (eu-west-2 region, London).
  • Payment processors: Stripe — for payment processing. Stripe is PCI DSS compliant.
  • Authentication providers: Auth0 — for secure user authentication.
  • Analytics providers: We use privacy-respecting analytics tools. IP addresses are anonymized.
  • Customer support tools: Intercom — for managing customer support communications.
  • Email providers: Mailgun — for transactional emails.
  • Credit referencing (Property Management Suite only): With tenant consent, we share data with Experian or Equifax for referencing purposes.
  • Legal and regulatory authorities: Where required by law, court order or regulatory requirement.

We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.

All third-party processors are subject to Data Processing Agreements (DPAs) that require them to process data only on our instructions and to maintain appropriate security measures.

6. International Transfers

Some of our service providers are based outside the UK and EEA. Where we transfer personal data to countries not recognised as providing adequate protection, we use appropriate safeguards including:

  • UK International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses approved by the ICO
  • Adequacy decisions by the UK Secretary of State

7. Data Retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations:

  • Active accounts: We retain account data for the duration of your account plus 30 days after deletion, to allow for account recovery.
  • Financial records: 7 years, as required by UK financial and tax legislation.
  • Support communications: 3 years after the last interaction.
  • Marketing consent records: For the duration of the consent plus 2 years.
  • Usage analytics: 26 months in aggregated/anonymized form.
  • Property Management data: Tenancy data is retained for 6 years after tenancy end date, as required for legal claim purposes.

After the applicable retention period, personal data is securely deleted or anonymized.

8. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access (Article 15): You can request a copy of the personal data we hold about you (a Subject Access Request or SAR).
  • Right to rectification (Article 16): You can ask us to correct inaccurate or incomplete personal data.
  • Right to erasure (Article 17): You can ask us to delete your personal data in certain circumstances.
  • Right to restrict processing (Article 18): You can ask us to pause processing of your data in certain circumstances.
  • Right to data portability (Article 20): You can request your data in a structured, commonly used, and machine-readable format.
  • Right to object (Article 21): You can object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making (Article 22): You have rights where decisions are made about you by automated means.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact our Data Protection Officer at dpo@ktechandcapital.co.uk or write to us at our registered address. We will respond within one calendar month.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or by telephone on 0303 123 1113.

9. Cookies

We use cookies and similar technologies on our websites and applications. Cookies are small text files stored on your device that help us provide and improve our services.

9.1 Types of Cookies We Use

  • Strictly necessary cookies: Required for the website to function (session management, authentication, security). These cannot be disabled.
  • Performance and analytics cookies: Help us understand how visitors use our website. We use anonymized analytics only. Require consent.
  • Functional cookies: Remember your preferences such as language, region, and display settings. Require consent.
  • Marketing cookies: We do not currently use marketing or advertising cookies.

9.2 Managing Cookies

You can manage cookie preferences through our cookie consent banner, which appears on your first visit. You can also manage cookies through your browser settings. Note that disabling strictly necessary cookies will affect the functionality of our services.

10. Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and least-privilege principles
  • Regular security assessments and penetration testing
  • Employee security training and background checks
  • Incident response procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

11. Children's Privacy

Our 11+ Preparation platform is designed for use by children aged 9–11. We take the privacy of children very seriously. Accounts for users under 13 must be created by a parent or guardian, who provides consent on the child's behalf. We collect only the minimum data necessary from child users and do not use their data for marketing purposes.

Parents and guardians may request access to, correction of, or deletion of their child's data at any time by contacting our DPO.

12. Contacting Our Data Protection Officer

If you have questions about this Privacy Policy, how we handle your data, or wish to exercise your rights, please contact our Data Protection Officer:

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email (if you have an account) and display a prominent notice on our website. The "Last updated" date at the top of this page will always reflect when the policy was last revised.

Continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy.