KB Automation Ltd
Unit 9 Denington Court, Denington Industrial Estate, Wellingborough, NN8 2QR, United Kingdom

For privacy enquiries: privacy@kb-automation.com
General enquiries: contact@kb-automation.com

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, KB Automation Ltd is the data controller.

We may collect the following categories of personal data, depending on how you interact with us:

• Identity and contact data: name, job title, company name, email address, telephone number, and billing and delivery address.
• Account data: login details (username/email), account preferences, and order history (where an account is created).
• RFQ and enquiry data: part numbers, quantities, photos/attachments you provide, delivery requirements, and communication history.
• Order and fulfilment data: delivery details, tracking information, and returns/warranty correspondence.
• Payment and invoicing data: invoice details, VAT information, payment method, payment status, and transaction references.
  Card payments are processed by payment providers (e.g., Stripe/PayPal). We do not intentionally store full card details.
  We may also accept payment by bank transfer and invoice (where agreed).
• Technical data: IP address, device/browser information, and usage data collected via cookies and similar technologies.
• CCTV (where used): video footage of visitors to our premises (for security and safety purposes).

Sources of data: We collect most personal data directly from you (for example, when you place an order, submit an RFQ/enquiry form, email us, or contact us by phone). Where you purchase through a third-party platform (e.g., eBay), we receive relevant order and delivery details from that platform. We may also receive delivery and tracking updates from carriers/couriers and payment status or transaction references from payment providers or our banking partners. Where you visit our premises, we may collect CCTV footage (if CCTV is used).

If you provide someone else’s data: If you provide personal data about another person (for example, a delivery contact or recipient), you confirm that you are authorised to share their information with us and that you have provided them with appropriate information about this purchase or enquiry.

Whether you need to provide data: Where we request personal data for an RFQ, order processing, delivery, or invoicing, it is necessary to provide the relevant information. If you do not provide it, we may be unable to issue a quote, process your order, deliver goods, or comply with legal and accounting requirements.

We do not intentionally collect “special category” data (e.g., health or religion). Please do not send such information to us.

We process personal data only where permitted under UK GDPR. Typical purposes and lawful bases include:

A) Enquiries, RFQs and quotations
To respond to enquiries, prepare and send quotations, and follow up on requests.
Legal basis: legitimate interests and/or steps prior to entering into a contract.

B) Orders and customer accounts
To create and manage customer accounts, process orders, deliver goods, and provide customer support.
Legal basis: performance of a contract.

C) Payments, fraud prevention and protective checks
To take payments, prevent fraud and abuse, and protect our business and customers. This may include automated screening and risk checks (for example, to flag potentially unusual transactions). Where a decision would significantly affect you, we will apply appropriate safeguards, which may include human review where relevant.
Legal basis: performance of a contract and legitimate interests.

D) Invoicing, accounting and legal compliance
To issue invoices, maintain accounting records, and comply with tax and other legal obligations.
Legal basis: legal obligation.

E) Warranty, returns, disputes and legal claims
To handle returns and warranty claims, resolve disputes, and establish, exercise, or defend legal claims.
Legal basis: legitimate interests and, where relevant, legal obligation.

F) Website operation, security and improvements
To operate and secure our website and improve performance and usability.
Legal basis: legitimate interests; for non-essential cookies, we rely on consent where required.

G) Marketing and newsletters (B2B)
If you subscribe to our newsletter, we will send you updates about our products and services. You can unsubscribe at any time using the link in our emails or by contacting us.
Where permitted by applicable law, we may also send relevant B2B communications to business contacts who have requested a quote, placed an order, or otherwise engaged with us. You can object at any time and we will respect your preferences.
We respect opt-out requests and maintain suppression lists to ensure you do not receive further marketing communications.

H) Phone enquiries and call notes
To respond to enquiries made by phone and to prepare quotations or follow-ups. We may keep written notes of the conversation (and, if call recording is used in the future, we will inform you at the start of the call).
Legal basis: legitimate interests and/or steps prior to entering into a contract.

I) CCTV and premises security (where used)
To help maintain the security of our premises, deter and detect crime, and support health and safety investigations where necessary.
Legal basis: legitimate interests.

Where we rely on consent (for example, for optional cookies or newsletters), you can withdraw consent at any time.

We may share personal data with trusted third parties where necessary for the purposes above, including:

• Carriers/couriers and logistics providers (to deliver orders).
• Website hosting and IT providers.
• Email and productivity tools used for business operations (e.g., Microsoft/Google services, where applicable).
• Payment providers (e.g., Stripe and PayPal) to process card or online payments.
• Sales platforms and review services (e.g., eBay and Trustpilot) where you choose to interact with us through those services or where we link to them.
• Accounting software and professional advisers (e.g., QuickBooks, accountants, and legal advisers).

Data processors and independent controllers: Many of our service providers act on our instructions as data processors (for example, hosting, IT support, certain email tools, and couriers/logistics for delivery). Some organisations process personal data as independent controllers for their own purposes. For example, payment providers (such as Stripe and PayPal) and marketplaces (such as eBay) typically process personal data under their own privacy notices for purposes like payment processing, fraud prevention, platform security, and account administration.

Helpful links (third-party privacy notices): Stripe Privacy Policy | PayPal Privacy Statement | eBay Privacy Policy

We do not sell your personal data.

Selling via third-party marketplaces (e.g., eBay): Where you purchase through a marketplace, the marketplace processes your personal data for its own purposes under its own privacy notice. We use the buyer and order details we receive from the marketplace only as necessary to fulfil the order, provide support, handle returns and warranty, comply with legal and accounting requirements, and establish, exercise, or defend legal claims.

EU fulfilment/invoicing (where applicable): For some EU transactions, we may share necessary order and invoicing data with our Poland-based EU entity to support EU invoicing and intra-EU shipping. In such cases, that entity may act as a separate controller for its own processing activities. We share data only as necessary for invoicing, compliance, and fulfilment.

Some service providers may process data outside the UK and/or the EEA. Where we make such transfers, we use appropriate safeguards recognised under data protection law (such as the UK IDTA or the UK Addendum to the EU SCCs, where applicable) and take steps to ensure your data remains protected. Where required, we also carry out a transfer risk assessment (TRA) or an equivalent assessment as part of our transfer safeguards.

We keep personal data no longer than necessary for the purposes described in this policy, including legal, accounting, and reporting requirements.

Typical retention periods:

• Orders, invoices, VAT and accounting records: at least 6 years (or longer where legally required).
• Quotes, RFQs and business correspondence: typically up to 24 months from last contact, unless a longer period is required for contract performance or disputes.
• Customer accounts: for as long as the account remains active; limited records may be retained after closure for legal and accounting purposes.
• Marketing preferences: until you unsubscribe/opt out, or until the data is no longer current.
• CCTV (where used): typically up to 30 days, unless footage is required for an investigation, incident, or legal claim (in which case it may be retained for longer as necessary).

We may retain certain information for longer where necessary to establish, exercise, or defend legal claims.

Depending on your circumstances and applicable law, you may have rights including access, rectification, erasure, restriction, objection, and data portability.

We generally respond free of charge. We may charge a reasonable fee or refuse to act on a request only in limited cases (e.g., if a request is manifestly unfounded or excessive), in accordance with applicable law.

We aim to respond within one month of receiving your request. This may be extended by up to two further months for complex requests, in line with applicable law. We may ask for information to verify your identity where necessary.

You also have the right to complain to the UK regulator, the Information Commissioner’s Office (ICO). The ICO’s contact details are available on its website.

To exercise your rights: privacy@kb-automation.com

We use cookies and similar technologies to operate our website.

• Strictly necessary cookies are required for core functionality (e.g., security, network management, accessibility, and shopping basket/session features) and do not require consent.
• Analytics/performance cookies help us understand how the website is used and improve it. Where required, these are used only after you provide consent through our cookie controls.
• Marketing cookies (if enabled in the future) would be used only with consent where required.

Future tools: We may use analytics or marketing tools in the future (for example, Google Analytics or similar services). If and when enabled, we will present appropriate choices in our cookie banner, and you can change your preferences at any time.

You can update your choices at any time using our cookie controls (cookie icon) and/or your browser settings. Disabling strictly necessary cookies may affect website functionality.

We take appropriate technical and organisational measures to protect personal data. Examples include:

• Access controls: limiting access to personal data on a need-to-know basis and using authentication measures (such as strong passwords and, where available, multi-factor authentication).
• Secure handling and transmission: using secure systems and protective measures (such as encryption in transit where appropriate) to reduce the risk of unauthorised access or disclosure.

However, no website or internet transmission is completely secure, and we cannot guarantee absolute security.

Our website and services are not directed at children, and we do not knowingly collect personal data from children.

Our website may include links to third-party websites and services (e.g., eBay, Trustpilot, and LinkedIn). We are not responsible for the privacy practices of those third parties. Please review their privacy policies separately.

We may use limited automated processing to support fraud prevention, platform security, and protection of our business (for example, automated checks that flag potentially unusual or high-risk transactions).

We do not intend to carry out solely automated decision-making that produces legal or similarly significant effects on you without appropriate safeguards. Where such processing would apply, we will ensure the safeguards required by applicable law, which may include the ability to request human review, to express your point of view, and to contest a decision where relevant.

Please note that some third parties we use (such as payment providers and marketplaces) may also use automated processing under their own privacy notices for fraud prevention and security purposes.

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The latest version will be published on this page.