KAT digital logo
Back to home

Privacy Policy.

KAT Creativ Ltd t/a KAT Marketing (KAT)

Last updated: 27 May 2026

This Privacy Policy is provided by KAT Creativ Ltd trading as KAT Marketing (“KAT”, “we”, “us”). It explains how we collect, use, store, and protect personal data when you use the KAT Digital Pass website, organiser dashboard, attendee experiences, and related services (together, the “Platform”).

This policy is written to inform you how we handle your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The Platform is not intended for children and we do not knowingly collect data relating to children.

What personal data do we collect?

We collect personal data through different methods, including:

Direct contact

When you fill in a form, book a demo, sign up for an account, correspond with us by email or phone, enter a survey or competition, or subscribe to marketing communications.

Platform and account use

  • Name, email address, and contact details
  • Organiser or attendee account credentials and role information
  • Event, membership, loyalty, and wallet pass activity
  • Communications you send through the Platform (e.g. email campaigns, wallet messages)

Website and cookies

Our website may use cookies and similar technologies. See the Cookies section below. We may collect usage data when you interact with our site, sign up to a newsletter, or use contact forms.

Social media connections (organisers)

If you connect a social media account (such as YouTube, Facebook, Instagram, or LinkedIn) through the organiser dashboard, we receive and store data needed to publish or schedule content on your behalf, including account identifiers, channel or page names, profile images, and OAuth tokens (stored in encrypted form). We only access data required for the features you use.

Third parties

We may receive data from service providers that help us operate the Platform (for example hosting, email delivery, analytics, or payment processing), and from clients where we process data on their instructions as a data processor.

How do we use your information?

We use personal data where the law allows us to, including:

  • To perform a contract with you or to take steps at your request before entering a contract
  • Where necessary for our legitimate interests (or those of a third party) and your rights do not override those interests
  • Where we need to comply with a legal or regulatory obligation
  • With your consent, where required (for example optional marketing or non-essential cookies)

Typical uses include:

  • Providing and improving the Platform and customer support
  • Managing digital passes, events, loyalty, and related organiser tools
  • Sending service-related messages and, if you have opted in, marketing communications
  • Processing transactions and preventing fraud or misuse
  • Connecting and operating social publishing features you enable
  • Protecting our business, users, and systems

Google, YouTube, and other platform APIs

When you choose to connect Google or YouTube to the Platform, you are asked to sign in with Google and grant specific permissions (scopes). We use those permissions only to provide the connected features—for example listing your YouTube channel, uploading or scheduling videos, and showing channel analytics in the dashboard.

We do not sell your Google or YouTube data. Access tokens are stored securely and can be removed by disconnecting the channel in the dashboard. Google's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Similar principles apply to other integrations (such as Meta/Facebook, Instagram, or LinkedIn) where you explicitly connect an account: we only use data needed for the features you use.

How do we protect your information?

We put in place appropriate technical and organisational measures to reduce the risk of loss, unauthorised access, or misuse of personal data. Measures may include:

  • Encryption in transit (SSL/TLS) and encryption of sensitive credentials at rest
  • Access controls limiting staff and systems to what they need for their role
  • Secure hosting and regular review of security practices
  • Malware scanning and monitoring where appropriate

How long do we store your information?

We keep personal data only for as long as needed for the purposes described in this policy, including legal, accounting, or reporting requirements. When data is no longer required, we delete or anonymise it where possible.

If you disconnect a social media account, we stop using new data from that provider; stored tokens and related records are removed or retained only where needed for audit or legal compliance.

Your rights and opting out

You may contact us to request details of personal information we hold about you, to correct inaccurate data, or to request erasure where applicable under Article 17 of the UK GDPR. These requests are usually free of charge.

You can change or withdraw consent for marketing or optional processing where consent is the lawful basis. You may also object to certain processing or ask us to restrict processing in some circumstances.

To exercise your rights, contact our Data Protection Officer (see Contact below).

Do we use cookies?

Yes, where you agree to cookies on our website. Cookies are small files stored on your device. We may use them to remember preferences, keep you signed in, measure site traffic, and improve user experience.

You can control cookies through your browser settings. If you disable cookies, some parts of the website may not work as intended.

We may use analytics tools (such as Google Analytics) only where permitted and configured in line with applicable law.

Third-party disclosure

We do not sell, trade, or rent your personal data to third parties for their marketing. We may share data with trusted providers who help us operate the Platform (hosting, email, analytics, social APIs, payment processors) under contracts that require them to protect the data and use it only for the services they provide to us.

We may also disclose information where required by law, to enforce our terms, or to protect the rights, property, or safety of KAT, our users, or others.

Third-party links

Our website or Platform may link to third-party sites. Those sites have their own privacy policies. We are not responsible for their content or practices. We encourage you to read their policies before providing personal data to them.

Do Not Track

Where supported, we honour Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.

Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Continued use of the Platform after changes constitutes acceptance of the updated policy where permitted by law.

Contact

Data Protection Officer: Katie Skingle
Email: info@katmarketing.co.uk

Head office:
Chapel Lane, Boxted, Colchester, Essex, CO4 5RP
Telephone: 01206 765 544

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed: ico.org.uk.