Kita Privacy Policy

We respect your privacy and are committed to protecting your personal data. The purpose of this Privacy Policy is to explain how we collect information about you, why we collect personal data and how we may use it, and to inform you about the policies and procedures that we have in place to respect your privacy.

Please read this privacy policy carefully to understand how we use your data and the rights available to you under relevant data protection laws.

1. Who we are and what we do

Kita Earth Limited (“Kita”, “we”, “our” or “us”) is an Insurance Distributor who distributes insurance products to commercial customers. We are registered in England and Wales under company number 13782654 with our Registered Office at Britannia Court, 5 Moor Street, Worcester, Worcestershire, WR1 3DB.

We can be found on the Information Commissioner’s Register of Data Controllers under reference number ZB305778. We are also authorised and regulated by the Financial Conduct Authority under firm reference number 981700.

When we use personal data, we are regulated by the Information Commissioner under the Retained Regulation EU 2016/679 (“UK GDPR”) and the UK Data Protection Act 2018 (together, “Data Protection Legislation”). We are accountable as Controller of that personal data for the purposes of Data Protection Legislation.

2. The data we may collect about you

We may collect, retain and process personally identifiable data about you. Predominantly this information is used to arrange and manage your company’s insurance policy.

We may collect, use, store and transfer different kinds of personal data about you while arranging insurance cover for your company or managing a claim. We have grouped this data together as follows:

·       Identity Data includes name, title, job title, and employer details.

·       Contact Data includes address, email address and telephone numbers.

·       Financial Data includes bank account details and sanctions checks.

·       Risk Data includes information about your company which we and other market participants need to collect to assess the risk to be insured and provide a quote.

·       Claims Data includes information about your company's previous and current claims (including other unrelated insurances), which may include personal data.

·       Usage Data includes information about how you use our website, products and services.

·       Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We do not collect any information about criminal convictions and offences.

3. If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

4. How we may collect information about you

We use different methods to collect data from and about you including through:

  • when you, as a company representative, visit our website (www.kita.earth), make an enquiry, request a quotation or register with us. This information may consist of basic information such as your name and contact details, for the purpose of responding to any query raised;

  • directly from you or from someone you have authorised to incept a policy on your behalf, such as an insurance broker;

  • when you, as a company representative, obtain a quote, incept, renew or amend a policy or make a claim. This information may consist of the following personal information:

    • your contact details (name, professional email address, phone numbers, etc)

    • your job information (title, place of work); and

    • any other personal data required for facilitating the electronic signature of documents; and

  • from insurers, brokers, other insurance market participants, witnesses, third parties, solicitors (e.g. for details relating to an event that is the cause of a claim)

If you provide us with information on behalf of a third party, you confirm that the third party has appointed you to act on their behalf and/or that you are able to process their personal data in accordance with relevant data protection laws.

Please be aware that this website may include links to third-party websites, plug-ins and applications. If you click on these links or enable those connections, third parties may collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

5. Why we collect personal data

We are required by Data Protection Legislation to have a legitimate reason to process and use your personal data. We may use your personal information for the following lawful purposes under the UK GDPR:

  • for the performance of a contract (Article 6(1)b), including the inception, renewal, administration and maintenance of your company’s insurance policy;

  • where we have a legitimate interest (Article 6(1)f), including where we assist you with enquiries, where we gather market intelligence in order to develop and improve our products, services and pricing model, or where we gather data for training, quality, and compliance monitoring purposes; and

  • to comply with our legal or regulatory obligations (Article 6(1)c), where we are required by our regulator to complete identity and verification checks for the prevention of money-laundering, fraud and other illegal activities.

We do not generally rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

6. How we use your data

We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

 We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

 As we are based in the UK, we may transfer your personal data from the EU or US to the UK. Additionally, some of our external third parties are based outside the UK  so their processing of your personal data will involve a transfer of data outside the UK. For example, our website is hosted by Squarespace, which stores data outside of the UK.

 Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or

  • where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

7. Disclosure to authorised third parties

As set out below, if you obtain a quote or purchase an insurance product or service, your personal data may be shared with the underwriters of your policy.

It may be necessary to share your data with the following categories of third parties, including:

  • our Principal (Gateway Platform Services Limited, which is authorised and regulated by the Financial Conduct Authority (No. 790558)), your insurance broker (where applicable), service providers, sub-contractors and agents in order to administer your account and the products and services provided to you by us now or in the future, including but not limited to our payment processors and electronic documentation providers; and

  • our distribution partners, which includes any company that distributes, advertises or recommends insurance policies on our behalf.

In circumstances where it is necessary to share your personal data with a third party, we will always ensure that the information will only be used for the specific purpose for which it has been provided to them, and that they are subject to privacy and security obligations consistent with this Privacy Policy and applicable laws.

We are also legally required to have certain processes in place with regards to anti-bribery and corruption, money laundering and fraud. If any criminal offence is detected or suspected, we may share data with financial and regulatory organisations (e.g. the Financial Conduct Authority, the Information Commissioner’s Office) or law enforcement agencies (e.g. fraud prevention agencies, anti-money laundering agencies and courts) to assist them with enquiries, investigations or proceedings.

  • Purpose/Activity:

    • Establishing a client relationship

    • To evaluate, process and complete your requests and/or applications for our products and services

    • For security and verification of your identity

    • Performing credit or money laundering checks or other checks required by law

    Type of data:

    • Identity

    • Contact

    • Financial

    • Risk

    • Claims

    Lawful basis for processing including basis of legitimate interest:

    • Performance of a contract with you

    • Complying with a legal obligation

    • Legitimate interest (to confirm client is within risk profile)

    • Substantial public interest (insurance purposes, prevention of crime)

    Possible third party disclosures:

    • Regulators

    • Anti-fraud databases, sanctions lists, court judgments and other databases

    • Credit reference agencies

    • Insurance intermediaries

    • Insurers/Reinsurers

    • Electronic documentation providers

    • Our Principal

  • Purpose/Activity:

    • General servicing of the client account, including communication with you and sending you updates

    • To update our records and maintain your policies with us

    • Collection and payment of premiums

    Type of data:

    • Identity

    • Contact

    • Financial

    • Marketing and Communication

    Lawful basis for processing including basis of legitimate interest:

    • Performance of a contract with you

    • Necessary for our legitimate interests (to recover debts due to us and to keep our records updated)

    Possible third-party disclosures:

    • Banks

    • Insurance intermediaries

    • Debt recovery providers

    • Premium finance providers

    • Our payment processors

    • Electronic documentation providers

    • Our Principal

  • Purpose/Activity:

    • Notifying you about changes to our terms or privacy policy

    • Asking you to leave a review or take a survey

    Type of data:

    • Identity

    • Contact

    • Marketing and Communication

    Lawful basis for processing including basis of legitimate interest:

    • Performance of a contract with you

    • Necessary to comply with a legal obligation

    • Necessary for our legitimate interests (to study how customers use our products/services)

    Possible third party disclosures:

    • Electronic documentation providers

  • Purpose/Activity:

    • Managing insurance claims

    • Defending or prosecuting legal claims

    • Investigating and prosecuting fraud

    Type of data:

    • Identity

    • Contact

    • Financial

    • Risk

    • Claims

    Lawful basis for processing including basis of legitimate interest:

    • Performance of a contract with you

    • Necessary for our legitimate interests (to establish, prosecute, and defend legal claims, to assist client in assessing and making claims, and to assist with the detection and prevention of fraud)

    Possible third party disclosures:

    • Claims handlers

    • Insurers/Reinsurers

    • Loss adjusters

    • Lawyers

    • Experts

    • Our payment processors

    • Third party administrators

    • Law enforcement agencies

    • Anti-fraud agencies

    • Other parties involved in investigations or prosecutions

    • Electronic documentation providers

    • Our Principal

  • Purpose/Activity

    • Contacting our clients to renew the insurance policy

    • To evaluate the risks to be covered and premium calculation

    Type of data:

    • Identity

    • Contact

    • Financial

    • Risk

    • Claims

    • Usage

    Lawful basis for processing including basis of legitimate interest:

    • Performance of a contract with you

    • Legitimate interest (to assist client in assessing and making claims, and to assist with the detection and prevention of fraud)

    Possible third party disclosures:

    • Insurers/Reinsurers

    • Insurance intermediaries

    • Our Principal

  • Purpose/Activity:

    • Risk modelling

    • Complying with our regulatory and legal obligations

    • Reviewing claims

    • Investigating fraud and preventing financial crime

    • Transferring books of business, company sales & reorganisations

    Type of data:

    • Identity

    • Contact

    • Financial

    • Risk

    • Claim

    • Usage

    Lawful basis for processing including basis of legitimate interest:

    • Performance of a contract with you

    • Legitimate interest (to assist with the detection and prevention of fraud)

    Possible third party disclosures:

    • Insurers/Reinsurers

    • Courts and lawyers

    • Auditors

    • Regulators

    • Legal enforcement agencies

    • Our Principal

  • Purpose/Activity:

    • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

    Type of data:

    • Identity

    • Contact

    Lawful basis for processing including basis of legitimate interest:

    • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

    • Necessary to comply with a legal obligation

    Possible third party disclosures:

    • IT service providers

    Purpose/Activity:

    • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

    Type of data:

    • Identity

    • Contact

    • Usage

    • Marketing and Communications

    Lawful basis for processing including basis of legitimate interest:

    • Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

    Possible third party disclosures:

    • IT service providers

    • Third party contractors involved in marketing/market research for us.

    Purpose/Activity:

    • To develop and improve our products, services and pricing model.

    Type of data:

    • Usage

    Lawful basis for processing including basis of legitimate interest:

    • Necessary for our legitimate interests (to deliver our services in a safe and user-friendly manner)

    Possible third-party disclosures:

    • IT service providers

    • Third party contractors involved in marketing/market research for us.

8. Keeping your personal data secure

We are committed to ensuring that your information is secure. All personal data provided to us is stored on secure servers and only accessed and used in line with our data protection policies and procedures. Your personal data will be accessed by our employees or authorised third parties who require the information for their business purposes.

 It is important that we keep your personal data accurate and up to date and so we ask you to provide accurate information and inform us of any changes.

9. Retention of information

We will only keep your personal data for as long as is reasonably necessary for the relevant purposes set out in this privacy policy or when we are obliged to do so in order to comply with legal or regulatory requirements.

The amount of time we retain your data for depends on the nature of the personal data and what we require it for. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

The retention periods for different personal data are available in our retention policy. You can request our retention policy by contacting us.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

When your personal data is no longer required, we will ensure it is securely deleted.

10. Direct Marketing

We may contact you by email for our legitimate marketing purposes including to let you know about other products and services. With your consent, we may from time to time contact you by email with details of products and services offered by third parties.

If you would like to opt-out of receiving marketing correspondence of any kind, you can let us know at any time by emailing admin@kita.earth.

11. Your rights

You have a number of rights relating to the personal data about you that we hold:

  • Rectification You have the right to require us to update any of your data which is out of date or incorrect. 

  • To be forgotten (also known as erasure) – You have the right to require us to delete personal data in certain situations. If you haven’t bought a policy with us, you can ask us to delete your information. However, we need to keep some information in certain circumstances for the prevention and detection of fraud, to check the accuracy of any information we’ve provided or in case of any future disputes.

  • Restriction of processing – You have the right to require us to restrict processing of your personal data on certain grounds. This means you can limit the way we use your data and is an alternative to requesting the erasure of your data. For example, where you contest the accuracy of the personal data and want us to restrict processing of your personal data while we verify its accuracy; we (as controller) no longer need the data for the purposes of the processing, but you have told us you require us to retain that personal data for you to establish, exercise or defend legal claims; or you have objected to us processing your personal data on grounds of legitimate interests and want us to restrict processing of your personal data while we consider your objection.  

  • Data portability – You have the right to be provided with a copy of the personal data we hold about you, in a structured, commonly used and standard portable format. If you have any trouble understanding the data, let us know and we will help.

  • To withdraw consent – You have the right to withdraw consent as a legal basis for processing, at any time.

If you wish to exercise any of the rights set out above, please contact us at admin@kita.earth. When contacting us please provide enough information to identify yourself (e.g. your full name, address and customer reference number) and let us know which right(s) you want to exercise and the information to which your request relates.

 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

12. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

We will ask for your permission to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested. Cookies that are essential are known as “strictly necessary cookies” and can only be changed in your browser settings.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

We use the following cookies:

Strictly necessary cookies: These are cookies that are required for the operation of our website.

Analytical or performance cookies: These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

You can find more information about the individual cookies we use and the purposes for which we use them below:

Cookie Name: ss_cvr

Purpose: Identifies unique visitors and tracks a visitor’s sessions on a site

Duration: Two years

Cookie Name: ss_cvt

Purpose: Identifies unique visitors and tracks a visitor’s sessions on a site

Duration: 30 minutes

13. Changes to this Privacy Policy

We keep our Privacy Policy under regular review and any changes we make to it will be posted on this page. This version was last updated on 23/02/2023.

14. How to contact us

If you have any questions regarding privacy, how we use personal data, or wish to exercise any of your rights, please contact us via email at admin@kita.earth.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.