Privacy Policy — Kiko Agency
Legal

Privacy Policy

Kiko Agency  ·  Last updated: 28 March 2026  ·  Effective: 28 March 2026

Contents
  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Legal Basis
  5. Cookies
  6. Third Parties
  7. Data Retention
  8. Your Rights
  9. Data Security
  10. Children
  11. Changes
  12. Contact Us

This policy explains how Kiko Agency collects and uses your personal data in compliance with the UK GDPR and the Data Protection Act 2018. We only collect what we need, we never sell your data, and you are always in control.

01 Who We Are

Kiko Agency ("we", "us", "our") is an AI automation and web design agency based in London, United Kingdom. We provide digital services to local businesses, including website design, AI chatbot setup, and marketing automation.

We are the data controller for personal data collected through this website and our services.

02 Data We Collect

We may collect the following categories of personal data:

  • Contact information — name, email address, phone number
  • Business information — business name, type of business, location
  • Communication data — messages sent via our contact forms, email, or Instagram DMs
  • Technical data — IP address, browser type, pages visited, time on site
  • Cookie data — preferences and session identifiers (see Section 5)

We do not collect sensitive personal data such as health information, racial or ethnic origin, or financial account details through this website.

03 How We Use Your Data

We use your personal data to:

  • Respond to enquiries and book free demo calls
  • Deliver and manage our services to you
  • Send relevant updates, proposals, and follow-up communications
  • Improve the performance and content of our website
  • Comply with our legal and regulatory obligations

We will never sell, rent, or trade your personal data to any third party for their own marketing purposes.

04 Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Legitimate interests — responding to enquiries and improving our services
  • Contract performance — delivering services you have engaged us for
  • Consent — for marketing emails (you can withdraw consent at any time)
  • Legal obligation — where we are required by law to process data

05 Cookies

Our website uses cookies — small text files stored on your device. We use:

  • Essential cookies — required for the website to function correctly
  • Analytics cookies — to understand how visitors use our site
  • Functional cookies — to remember your preferences

When you first visit our site, you will be asked to accept or decline non-essential cookies via our cookie consent banner. You can update your preferences at any time by clearing your browser cookies and revisiting the site.

We do not use advertising or tracking cookies that profile you across other websites.

06 Third Parties & Data Sharing

We use a small number of trusted third-party tools to operate our business. These may process your data on our behalf as data processors:

  • Google Workspace — email and business communications
  • Meta (Instagram) — if you contact us via Instagram DM
  • Twilio — SMS delivery for appointment reminders (where applicable)
  • CRM & automation software — to manage enquiries, bookings, and client workflows

All third parties are required to handle your data in compliance with applicable data protection law. We do not transfer your data outside of the UK/EEA unless appropriate safeguards are in place.

07 Data Retention

We retain your personal data only for as long as necessary for the purposes it was collected:

  • Enquiry data — up to 12 months if no contract is entered into
  • Client data — for the duration of the contract plus 3 years
  • Financial records — 6 years as required by UK tax law
  • Marketing data — until you withdraw consent or opt out

After the relevant retention period, your data is securely deleted or anonymised.

08 Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — ask us to delete your data ("right to be forgotten")
  • Right to restriction — ask us to limit how we use your data
  • Right to portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — for any processing based on your consent

To exercise any of these rights, please email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

09 Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • HTTPS encryption on all website communications
  • Secure access controls and password management
  • Regular review of data handling practices
  • Limiting access to personal data to those who need it

In the event of a data breach likely to affect your rights, we will notify the ICO within 72 hours and inform you without undue delay where required.

10 Children's Privacy

Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the "Last updated" date at the top of this page. Significant changes will be communicated to existing clients directly via email.

12 Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please get in touch:

We aim to respond to all data-related requests within 30 days. For urgent matters, please mark your email "Data Request — Urgent".