PosKit

Privacy Policy

Last updated: 7 April 2025

PosKit UK Ltd ("PosKit", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at poskit.app and use our platform and services (collectively, the "Service").

We are a company registered in England and Wales (company number 17076936), with our registered office at Butler House 3rd Floor, 177-178 Tottenham Court Road, London, W1T 7NY. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, PosKit UK Ltd is the data controller. Where we process personal data on behalf of our customers through the Service, we act as a data processor.

1. Information We Collect

1.1 Information You Provide to Us

  • Account Information: When you register for the Service, we collect your name, email address, company name, job title, phone number, and billing information.
  • Payment Information: We collect payment details (credit/debit card numbers, billing address) through our third-party payment processors. We do not store full card numbers on our servers.
  • Communications: When you contact us via email, support tickets, or forms, we collect the content of your messages and any attachments.
  • Survey and Feedback Data: If you participate in surveys, provide feedback, or respond to questionnaires, we collect your responses.

1.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with the Service, including pages visited, features used, actions taken, time spent, and access timestamps.
  • Device and Browser Information: We collect your IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activity. See Section 8 for details.
  • Log Data: Our servers automatically record information including your IP address, access times, pages viewed, referring URLs, and other standard log information.

1.3 Information from Third Parties

  • POS System Data: When you connect your POS systems to the Service, we collect device telemetry, health metrics, configuration data, and operational data from those systems as necessary to provide our monitoring and management services.
  • Single Sign-On Providers: If you authenticate using a third-party SSO provider (e.g., Microsoft Entra ID, Google Workspace, Okta), we receive your name, email address, and profile information as provided by that service.
  • Business Partners: We may receive contact information from business partners or resellers when they refer you to our Service.

2. Legal Bases for Processing

Under the UK GDPR and, where applicable, the EU GDPR, we rely on the following legal bases to process your personal data:

  • Performance of a Contract (Article 6(1)(b)): Processing necessary to provide the Service, manage your Account, process payments, and fulfil our contractual obligations to you.
  • Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including improving and securing the Service, analytics, fraud prevention, and direct marketing to existing customers, provided these interests are not overridden by your rights and freedoms.
  • Consent (Article 6(1)(a)): Where you have given us specific consent, such as for marketing communications or the use of non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation (Article 6(1)(c)): Processing necessary to comply with our legal obligations, including tax and accounting requirements, regulatory requests, and fraud prevention.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including POS monitoring, alerting, and management features.
  • Process transactions and send related information, including invoices and payment confirmations.
  • Create and manage your Account and authenticate your identity.
  • Provide customer support and respond to your enquiries.
  • Send administrative communications, including service updates, security alerts, and maintenance notices.
  • Send marketing and promotional communications where we have your consent or a legitimate interest to do so (you can opt out at any time).
  • Analyse usage patterns to improve, personalise, and develop new features for the Service.
  • Detect, prevent, and address technical issues, fraud, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.
  • Generate aggregated, anonymised, or de-identified data for analytics, benchmarking, and research purposes.

4. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

  • Service Providers: We share information with trusted third-party providers who assist us in operating the Service, including cloud hosting (e.g., AWS, Azure), payment processing, email delivery, analytics, and customer support tools. These providers are contractually obligated to protect your data and may only use it for the purposes we specify.
  • Professional Advisers: We may share information with our lawyers, auditors, accountants, and insurers where necessary for professional advice or compliance.
  • Business Transfers: In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your data.
  • Legal Requirements: We may disclose your information where required by law, court order, or governmental authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

5. International Data Transfers

PosKit operates globally and your personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area (EEA), including countries that may not provide the same level of data protection.

Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Adequacy Decisions: Transfers to countries recognised by the UK Secretary of State or the European Commission as providing an adequate level of data protection.
  • Standard Contractual Clauses (SCCs): We use UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses, as applicable, with our service providers and partners.
  • Supplementary Measures: Where necessary, we implement additional technical and organisational measures to ensure your data is adequately protected during transfer.

You may request a copy of the safeguards we use for international transfers by contacting us at privacy@poskit.app.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

  • Account Data: Retained for the duration of your Subscription and for 90 days thereafter to allow data export, then deleted unless retention is required by law.
  • Billing and Transaction Records: Retained for a minimum of 6 years in accordance with UK tax and accounting regulations (HMRC requirements).
  • Audit Logs: Retained for up to 365 days as part of our security and compliance monitoring.
  • Marketing Data: Retained until you unsubscribe or withdraw consent, plus a suppression record to ensure we honour your opt-out preference.
  • Support Communications: Retained for up to 3 years after the last interaction to provide continuity of support and resolve recurring issues.

7. Your Rights

Under the UK GDPR (and EU GDPR where applicable), you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure: You may request that we delete your personal data, subject to certain exceptions (e.g., where retention is required by law).
  • Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format, and have it transferred to another controller.
  • Right to Object: You may object to the processing of your personal data where we rely on legitimate interests as the legal basis, including for direct marketing purposes.
  • Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on you.
  • Right to Withdraw Consent: Where we process data based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@poskit.app. We will respond to your request within one month, as required by law. In complex cases, we may extend this by a further two months, in which case we will inform you within the initial one-month period.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk or by phone at 0303 123 1113.

8. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Strictly Necessary Cookies: Essential for the Service to function. These include session cookies, authentication tokens, and security cookies. They cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how visitors use our website by collecting anonymous usage statistics. We use these to improve the Service.
  • Functional Cookies: Enable enhanced functionality and personalisation, such as remembering your preferences, language, or region.
  • Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These are only set with your consent.

You can manage your cookie preferences through your browser settings or through our cookie consent banner when you first visit our website. Please note that disabling certain cookies may affect the functionality of the Service.

For more information about the specific cookies we use, please refer to our Cookie Policy (available via the cookie consent banner).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit using TLS 1.3 and at rest using AES-256.
  • Regular penetration testing and security audits by independent third parties.
  • Role-based access controls and multi-factor authentication for all internal systems.
  • Intrusion detection and monitoring systems operating 24/7.
  • Employee security training and background checks.
  • Incident response procedures with defined escalation paths.

While we take all reasonable steps to protect your data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at privacy@poskit.app and we will take steps to delete such information.

11. Additional Rights for Specific Jurisdictions

11.1 European Economic Area (EEA)

If you are located in the EEA, you have the same rights described in Section 7 under the EU GDPR. Our lead supervisory authority is the UK Information Commissioner's Office (ICO). You may also lodge a complaint with your local data protection authority.

11.2 California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights, including:

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale or sharing of your personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.
  • The right to correct inaccurate personal information.
  • The right to limit the use and disclosure of sensitive personal information.

To exercise these rights, contact us at privacy@poskit.app.

11.3 Australia

If you are located in Australia, we handle your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

11.4 Canada

If you are located in Canada, we process your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. You have the right to access and correct your personal information and to withdraw consent for non-essential processing.

12. Third-Party Links

The Service may contain links to third-party websites and services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will notify you of any material changes by email or by posting a prominent notice on our website at least 30 days before the changes take effect. The "Last updated" date at the top of this policy indicates when it was last revised.

14. Data Protection Officer

If you have any questions or concerns about how we handle your personal data, or if you wish to exercise your rights, you can contact our Data Protection Officer:

  • Email: dpo@poskit.app
  • Postal Address: Data Protection Officer, PosKit UK Ltd, Butler House 3rd Floor, 177-178 Tottenham Court Road, London, W1T 7NY

15. Contact Us

For general privacy enquiries or to exercise your data protection rights:

For complaints about our data practices, you can contact the Information Commissioner's Office (ICO):