1) Who we are (Data Controller)

KB Automation Ltd
Unit 9 Denington Court, Denington Industrial Estate, Wellingborough, NN8 2QR, United Kingdom

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, KB Automation Ltd is the data controller.

2) The personal data we collect

We may collect the following categories of personal data (depending on how you interact with us):

• Identity & contact data: name, job title, company name, email address, telephone number, billing and delivery address.
• Account data: login details (username/email), account preferences and order history (where an account is created).
• RFQ / enquiry data: part numbers, quantities, photos/attachments you provide, delivery requirements, and communications history.
• Order & fulfilment data: delivery details, tracking information, returns/warranty correspondence.
• Payment & invoicing data: invoice details, VAT information, payment method, payment status, transaction references.
  Card payments are processed by payment providers (e.g., Stripe / PayPal). We do not intentionally store full card details.
  We may also accept payment by bank transfer and invoice (where agreed).
• Technical data: IP address, device/browser information, and usage data collected via cookies and similar technologies.

We do not intentionally collect “special category” data (e.g., health, religion). Please do not send such information to us.

3) How we use your data and our legal bases

We process personal data only where permitted under UK GDPR. Typical purposes and lawful bases include:

A) Enquiries / RFQs and quotes
To respond to enquiries, prepare and send quotes, and follow up on quote requests.
Legal basis: legitimate interests and/or steps prior to entering into a contract.

B) Orders and customer accounts
To create/manage customer accounts, process orders, deliver goods, and provide customer support.
Legal basis: performance of a contract.

C) Payments and fraud prevention
To take payments and prevent fraud/abuse.
Legal basis: performance of a contract and legitimate interests.

D) Invoicing, accounting and legal compliance
To issue invoices, keep accounting records, and comply with tax and other legal obligations.
Legal basis: legal obligation.

E) Warranty, returns, disputes and legal claims
To handle returns/warranty claims, resolve disputes, and establish/exercise/defend legal claims.
Legal basis: legitimate interests and, where relevant, legal obligation.

F) Website operation, security and improvements
To operate and secure our website and improve performance and usability.
Legal basis: legitimate interests; for non-essential cookies, we rely on consent where required.

G) Marketing and newsletters (B2B)
If you subscribe to our newsletter, we will send you updates about our products and services. You can unsubscribe at any time using the link in our emails or by contacting us.
Where permitted by applicable law, we may also send relevant B2B communications to business contacts who have requested a quote, placed an order, or otherwise engaged with us. You can object at any time and we will respect your preferences.

Where we rely on consent (for example, for optional cookies or newsletters), you can withdraw consent at any time.

4) Who we share your data with

We may share personal data with trusted third parties where necessary for the purposes above, including:

• Carriers/couriers and logistics providers (to deliver orders).
• Website hosting and IT providers.
• Email and productivity tools used for business operations (e.g., Microsoft/Google services, where applicable).
• Payment providers (e.g., Stripe, PayPal) to process card/online payments.
• Sales platforms and review services (e.g., eBay, Trustpilot) where you choose to interact with us through those services or where we link to them.
• Accounting software and professional advisers (e.g., QuickBooks, accountants, legal advisers).

We do not sell your personal data.

EU fulfilment/invoicing (where applicable): for some EU transactions, we may share necessary order/invoicing data with our Poland-based EU entity to support EU invoicing and intra-EU shipping. In such cases, that entity may act as a separate controller for its own processing activities. We share data only as necessary for invoicing, compliance and fulfilment.

5) International transfers

Some service providers may process data outside the UK and/or EEA. Where we make such transfers, we use appropriate safeguards recognised under data protection law (such as the UK IDTA or the UK Addendum to EU SCCs, where applicable) and take steps to ensure your data remains protected.

6) How long we keep your data (Retention)

We keep personal data no longer than necessary for the purposes described in this policy, including legal, accounting, and reporting requirements.

Typical retention periods:

• Orders, invoices, VAT and accounting records: at least 6 years (or longer where legally required).
• Quotes/RFQs and business correspondence: typically up to 24 months from last contact, unless required longer for contract performance or disputes.
• Customer accounts: for as long as the account remains active; limited records may be retained after closure for legal/accounting purposes.
• Marketing preferences: until you unsubscribe/opt out, or until the data is no longer current.

We may retain certain information for longer where necessary to establish, exercise or defend legal claims.

7) Your rights

Depending on your circumstances and applicable law, you may have rights including: access, rectification, erasure, restriction, objection, and data portability.

We generally respond free of charge. We may charge a reasonable fee or refuse to act on a request only in limited cases (e.g., if a request is manifestly unfounded or excessive), in accordance with applicable law.

You also have the right to complain to the UK regulator, the Information Commissioner’s Office (ICO).

To exercise your rights: privacy@kb-automation.com

8) Cookies and similar technologies

We use cookies and similar technologies to operate our website.

• Strictly necessary cookies are required for core functionality (e.g., security, network management, accessibility, shopping basket/session features) and do not require consent.
• Analytics/performance cookies help us understand how the website is used and improve it. Where required, these are used only after you provide consent through our cookie controls.
• Marketing cookies (if enabled in the future) would be used only with consent where required.

Future tools: We may use analytics or marketing tools in the future (for example, Google Analytics or similar services). If/when enabled, we will present appropriate choices in our cookie banner, and you can change your preferences at any time.

You can update your choices at any time using our cookie controls (cookie icon) and/or your browser settings. Disabling strictly necessary cookies may affect website functionality.

9) Security

We take appropriate technical and organisational measures to protect personal data. However, no website or internet transmission is completely secure, and we cannot guarantee absolute security.

10) Children

Our website and services are not directed at children, and we do not knowingly collect personal data from children.

11) Links to other websites

Our website may include links to third-party websites and services (e.g., eBay, Trustpilot, LinkedIn). We are not responsible for the privacy practices of those third parties. Please review their privacy policies separately.

12) Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

13) Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical or operational changes. The latest version will be published on this page.