Privacy Policy

Last Updated: 30 November 2025 Website: www.kastt.co.uk Contact: support@kastt.co.uk


1. Introduction

Welcome to the privacy policy of Kastt ("We", "Us", "Our"). We respect your privacy and are committed to protecting your personal data. This policy explains how we look after your personal data when you visit our website, buy from us, or sell a device to us, and tells you about your privacy rights and how the law protects you.

We are the Data Controller of your personal data.


2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together follows:

  • Identity Data: First name, last name, username.

  • Contact Data: Billing address, delivery address, email address, and telephone number.

  • Financial Data: Payment card details (processed securely by our payment providers; we do not store full card numbers), bank account details (collected only if you sell a device to us so we can pay you).

  • Transaction Data: Details about payments to and from you and other details of products you have purchased or sold.

  • Device Data (Trade-Ins): IMEI numbers, serial numbers, and model details of devices you sell to us.

  • Technical Data: IP address, browser type and version, time zone setting, and operating system.

Special Note on Trade-In Data

When you sell a device to us, it is your responsibility to back up and wipe all personal data (photos, messages, contacts) before sending it.

  • Our Process: Upon receipt, we use industry-standard software to permanently erase all data on the device.

  • Liability: While we take every precaution to wipe devices, we process this data solely for the purpose of deletion. We do not access, read, or store data left on devices.

 

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  1. Performance of Contract: To process your order, deliver your phone, or pay you for a trade-in.

  2. Legitimate Interest: To manage our business, prevent fraud (e.g., checking if a phone is stolen), and improve our services.

  3. Legal Obligation: To keep records for HMRC (tax purposes).

 

4. Disclosures of Your Personal Data

We may have to share your personal data with the parties set out below for the purposes set out in Section 3:

  • Service Providers: Shopify (our e-commerce platform), Royal Mail (for delivery), and Klaviyo (for email updates).

  • Payment & Credit Providers: Klarna, Clearpay, and Stripe. These providers may perform their own identity and credit checks.

  • Fraud Prevention Agencies: We share IMEI numbers with CheckMEND and police databases to ensure devices sold to us are not reported stolen. If you sell us a stolen device, we are legally required to share your details with law enforcement.

  • Review Platforms: Trustpilot or Google Reviews (to send you a review invitation).

 

5. International Transfers

Our store is hosted on Shopify Inc. Your data may be stored through Shopify’s data storage, databases, and the general Shopify application. They store your data on a secure server behind a firewall.

  • Some of our external third parties (like Shopify) are based outside the UK/EEA (mainly in Canada and the USA).

  • Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government.


6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

  • Trade-Ins: All devices received are quarantined until data is wiped.

  • Payments: All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council.


7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Tax Law: By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for 6 years after they cease being customers for HMRC tax purposes.


8. Your Legal Rights

Under the UK GDPR, you have rights in relation to your personal data, including the right to:

  • Request access to your personal data.

  • Request correction of your personal data.

  • Request erasure of your personal data (The "Right to be Forgotten").

  • Object to processing of your personal data.

  • Request restriction of processing your personal data.

If you wish to exercise any of the rights set out above, please contact us at support@kastt.co.uk.

 

9. Contact Details

Kastt Email: support@kastt.co.uk Website: www.kastt.co.uk