Effective from 22/07/2020 (View previous versions)
Kama values your trust, particularly when it comes to your personal data/personal information.
Our business is to guide you towards your full orgasmic potential; not to make money out of your personal data. We don’t market or sell your personal data and we never will. That’s a promise.
This policy explains what data, including personal data, we collect from and about you when you visit the Kama website at kama.co (Website) and when you use the Kama mobile app (App).
We appreciate there’s a lot of detail in this policy, but it’s important that you read this policy to ensure you’re fully informed about how we use your personal data and your rights.
We may need to make changes to this policy occasionally, to reflect any changes to our services or legal requirements. We’ll notify you of any important changes on our Website or by email before they take effect.
If you’ve got any questions about this policy, please email us at hi@kama.co.
Who we are
Kama is the trading name of Project 3000 Limited, a limited company registered in England and Wales under company number 12133721. As required by UK data protection law, we’re registered as a ‘controller’ with the Information Commissioner’s Office (ICO) under number ZA762749.
Use of our Website and App by children
Given the mature nature of the content, we don’t direct our Website or App towards children, nor do we knowingly collect personal data about children. For this purpose, a ‘child’ means anyone under the age of 18 or the age of majority in the place where our Website or App are being accessed.
We’ve assigned an age rating of 17+ to our App in the Apple® App Store®. This is equivalent to an ESRB ‘Mature’ rating and PEGI 16+ rating. To find out more about how to set parental controls on your child’s Apple device, please visit the Apple website.
If you hold parental responsibility for a child under the age of 18 and are concerned that we’ve collected personal data about your child, please contact us at hi@kama.co.
The personal data we collect
When we talk about ‘personal data’, we mean any data that identifies or can be used to identify you. This doesn’t include data where your identity has been removed (anonymous data). The types of personal data collected by and about you through our Website and App include:
Biographic data: You’ll provide us with your first and last name, month and year of birth, gender, profile image (optional) and email address when you first use the App
Contact data: We ask you for your name and email address when signing up to receive our newsletter
Questionnaire data: When you first use the App and on other occasions, you may be asked a series of questions, some of which are of a personal nature about your relationships, sex life and sexual health and are classified as ‘special category personal data’ under UK and EU data protection law and ‘sensitive personal data’ under the laws of other countries
Communications data: This includes any emails that you send to us and any interactions we may have with you through our social media channels
Transactions data: We don’t store or have any access to your credit or debit card details when you subscribe for any paid content or features, however we can see details of your transactions
Technical data: Our Website and App both use cookies (see below) which collect the IP address assigned to you or someone who provides you with Internet access (although this is anonymised at the earliest possible opportunity), information about your device (including type, operating system, browser, resolution and time zone setting) and information about how you arrived at our Website and which country you’re based in, how you navigated our Website (which pages you visited, how long you spent on them) and how you interacted with the content on our App (which videos you viewed, how long you spent watching them)
Where we get your personal data from
As long as you are visiting our Website or using our App, we will only collect your personal data from you.
What we use your personal data for
This section is really important as it explains what we’ll use your personal data for, and the legal grounds relied on by us for those purposes.
Under UK and EU data protection law there are six legal grounds that we may rely upon, the most relevant being where:
- you’ve given your consent to us using your personal data for specific purposes
- use of your personal data is necessary for us to enter into and perform our contract with you
- use of your personal data is necessary to comply with any legal obligation on us
- use of your personal data is necessary to pursue our legitimate interests and those interests are not outweighed by your fundamental rights and interests
| Purpose | Types of personal data | Legal ground |
|---|---|---|
| Providing you with access to content via the App | Biographic | Contract (creating your account and providing our content to you) |
| Understanding the sexual experiences of our users to ensure that we provide appropriate content | Questionnaire (optional) | Explicit consent (you can withdraw this consent at any time and ask us to delete your responses to the questionnaire) |
| Responding to your emails and messages by email or direct message on social media channels | Contact, communications | Contract (where questions relate to your subscription); legitimate interests (our interests in responding to questions and comments by our community) |
| Improving the content and user experience of our Website and App | Technical data | Consent (to storing analytical cookies on your device); legitimate interests (our interests in understanding the needs of our community and improving the App for the benefit of its members) |
| Fixing technical issues relating to the Website and App | Technical data | Legitimate interests (our interests in ensuring that our Website and App provide the best user experience) |
| Sending you our email newsletter and member-only invites | Technical data | Consent (to receive our email newsletter); contract (sending you invites to member-only sessions as part of your subscription) |
We may use your personal data for purposes which are closely related to any of the above purposes. If we want to use your personal data for any unrelated purposes, we’ll let you know about this in advance.
Who we share your personal data with
We don’t sell your personal data for marketing purposes and we never will.
The only people that will have access to your personal data include:
- our staff, which includes our sex experts (who are either employed by us or engaged by us under contracts which include strict confidentiality and data protection obligations on them)
- our technical service providers, such as our developers, hosting providers, email marketing tools and analytics providers (all of which will only have the access they need to make our Website and App work and provide their services to us and will have entered into contacts which include strict confidentiality and data protection obligations on them)
- any regulatory authorities such as HM Revenue & Customs (the UK tax authority)
- any actual or potential buyer of our business
In the very rare situation where we’re asked to disclose personal data in response to any legal request or court order, we’ll take legal advice before making any disclosure to ensure that your rights and interests are considered before responding to such requests.
Where your personal data are stored
Most of our sex experts and technical service providers are based outside the UK and the European Economic Area, which means that your personal data will be transferred outside the UK and the EEA. Whenever we transfer your personal data outside the UK or the EEA, we ensure that a similar degree of protection applies to your personal data in one or more of the following ways:
- ensuring that the country to which your personal data is transferred is deemed by the European Commission to provide a similar degree of protection for your personal data
- entering into a specific contract that has been approved by the European Commission as providing a similar degree of protection for your personal data
- where any service provider is based in the US, checking that they’ve self-certified under the EU-US Privacy Shield Framework which requires them to provide a similar degree of protection for your personal data to that in the UK and EEA
How we keep your personal data secure
We’ve put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We also limit access to your personal data to those of our staff and technical service providers that have a need to access it (based on the principle of ‘least privilege’). They’ll only use your personal data based on our instructions and are required to keep your personal data confidential.
We’ve put in place procedures to deal with any suspected personal data breach and will notify you and the UK Information Commissioner’s Office or any other relevant regulator where we’re legally required to do so.
How long we keep your data for
We’ll only keep your personal data for as long as necessary in connection with the purposes we collected it for and to comply with any legal, accounting or reporting requirements. To determine how long we keep your personal data for, we consider the amount, nature and sensitivity of the personal data, the purposes for which it was collected and the potential risk of harm from us continuing to keep it.
We’ll retain any personal data linked to your account for as long as you’re a member and for 12 months after you’ve ended your subscription (in case you decide to re-activate it within that time).
We’ll retain personal data relating to email marketing until you unsubscribe, or your email address has become permanently unavailable.
We’ll retain any analytical data collected about your use of our App and Website which identifies you for a period of 12 months.
We may retain any data that does not identify you indefinitely.
Cookies
Our Website and App use small text files, called cookies, which are stored on your device when you access and use our Website and App. Apart from those cookies which are strictly necessary for us to provide you with access to our Website or any features of the App that you’ve requested, we’ll only store cookies on your device if you’ve consented to this when you first access our website and every 90 days thereafter.
As cookies are unique, we can use them to distinguish you from other users for the purposes described above, however we’ve configured our analytical cookies so that your IP address is anonymised. To find out more about cookies, how to refuse them and how to change your device’s cookie settings, you should visit the ICO Cookie Guidance.
Our Website and App use the following types of cookies:
- Strictly necessary cookies: these cookies are required for the operation of our Website or App (we don’t need your consent for these cookies – but if you delete them, the Website or App my not function as it should)
- Analytical cookies: these cookies allow us to recognise new and returning visitors to our Website and see how users engage with our Website or App
- Functionality cookies: these cookies are used to remember your preferences or customise your experience
- Advertising cookies: these cookies are used by advertising networks to customise the advertising you see online based on your interests (you can agree to analytics cookies without agreeing to these cookies
The cookies we use are as follows:
| Cookies | Type | Duration | Domain | Further info |
|---|---|---|---|---|
| Google Analytics (_ga) | Analytics | 2 years | .kama.co | See Google Analytics Cookie Usage and the Google Privacy Policy |
| Google Ads (1P_JAR, _Secure-3PAPSIID, _Secure-3PSID, _Secure-3PSIDCC, Secure-APISID, _Secure-HSID, _Secure-SSID), AID, ANID, APISID, CGIC, COMPASS, CONSENT, DV, HSID, NID, OTZ, PAIDCONTENT, SAPISID, SID, SIDCC, SSID) | Advertising | 1-2 years, except the ‘CONSENT’ cookie which is for 18 years | .google.com | See How AdSense Uses Cookies and the Google Privacy Notice |
As required by the laws of the State of California, our Website doesn’t currently respond to Do Not Track (DNT) signals.
Marketing
We use Mailchimp to manage our email marketing campaigns. Mailchimp uses tiny invisible images called ‘pixels’ that are contained within emails to enable us to see:
- whether you opened an email
- where in the world the device used to open the email was located (based on your device’s IP address)
- whether you marked the email as spam
- your overall level of engagement with our email marketing campaigns
Your rights
Under UK and EU data protection laws, you have the following rights in relation to your personal data:
Access: You’ve the right to be informed if your personal data is being used and the right to request a copy of the personal data held about you together with certain information about the processing of such personal data to check that are holding it lawfully
Correction: You’ve the right to ask us to correct any inaccurate or incomplete personal data held about you
Deletion: You’ve the right to ask us to delete or remove any personal data held about you where there is no good reason for us to continue holding it or where you have exercised your right to object
Restriction: You’ve the right to ask us to restrict how we hold your personal data, for example, to confirm its accuracy or our reasons for holding it
Objection: You’ve the right to object to our holding of any personal data about you which is based on our legitimate interests or those of a third party based on your particular circumstances. You’ve also the right to object to our holding your personal data for direct marketing purposes
Portability: You’ve the right to receive or request that we transfer a copy of the personal data we hold about you in an electronic format where the basis of our holding such information is your consent or the performance of a contract and the information is processed by automated means
Complaints: You’ve the right to complain to the UK Information Commissioner’s Office (ICO) or any other EU supervisory authority in relation to how we collect and use your personal data
You won’t have to pay any fee to exercise any of the above rights, although we may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, we’ll let you know.
To protect the confidentiality of your personal data and other members of our community, we may need to ask you to verify your identity before fulfilling any request in relation to your personal data.
California Consumer Privacy Act (CCPA)
This section of the policy applies if you reside in the State of California.
Definitions: Any references in this policy to personal data include references to personal information as defined under the CCPA.
Rights of access and deletion: The right of access described in the previous section is limited to the personal data we’ve collected from and about you over the past 12 months. The rights of access and deletion described in the previous section will be subject to the exceptions set out under the CCPA.
Right to opt-out of the sale of personal information: Although you’ve the right to opt-out of the sale of your personal information, this isn’t something we do.
Right to non-discrimination: You’ve the right not to be discriminated against for having exercised your rights under the CCPA. This means that we won’t deny you access to our Website or App; charge you a different price for any content available within the App; deny you any benefits or charge you any penalties; or provide you with a different user experience to any other users.
Sale of personal information within the past 12 months: We haven’t sold any personal data in the past 12 months.
Disclosure of personal information within the past 12 months: The CCPA describes many of the activities we routinely undertake in relation to personal information as disclosures to third parties for a ‘business purpose’. We enter into contracts with such third parties which require them to keep your personal information confidential and not use it for any purpose other than to provide their services to us. In the past 12 months, we’ve disclosed all of the categories of personal information listed earlier in this policy to our technical service providers for the purposes of auditing the use of our App, detecting and protecting against security incidents, debugging to identify and repair errors and undertaking internal research for developing the App. We’ve also disclosed ‘Questionnaire data’ to our sex experts for the purposes of enabling them to provide their advisory services to us and undertaking internal research for developing the App.
Exercising your rights under the CCPA: To exercise any of your rights under the CCPA you, or another person registered with the California Secretary of State that has been authorised by you, should email hi@kama.co.
Questions or comments
If you’ve got any questions or comments regarding this policy, please email us at hi@kama.co.