Kumoco Privacy Policy

1. Introduction

This is our privacy policy. It tells you how we collect and process data received from you on our site or via third-party tools Kumoco uses.

If you have any comments on this privacy policy, please email them to [email protected].

2. Who We Are

Here are the details that the Data Protection Act 1998 says we have to give you as a ‘data controller’:

Our site address is Kumoco.com

Our company name is Kumoco Limited

Our registered address is 180 Strand London WC2R 1EA

3. What we may collect

We may collect and process the following data about you:

  • Information you put into forms or surveys on our site at any time
  • A record of any correspondence between us
  • Details of transactions you carry out through our site
  • Details of your visits to our site and the resources you use
  • Information about your computer (e.g. your IP address, browser, operating system, etc.) for system administration and to report aggregate information to our advertisers

4. Cookies

This is a list of the cookies set by the this website, and what each is used for:

Cookie: CloudFlare (there are 2 of them?)

Name: __cfduid

Purpose: The “__cfduid” cookie is set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information.


Type: Third Party

5. How we use what we collect

We use information about you to:

  • Present site content effectively to you
  • Provide information, products and services that you request, or (with your consent) which we think may interest you
  • Carry out our contracts with you
  • Allow you to use our interactive services if you want to
  • Tell you our charges
  • Tell you about other goods and services that might interest you. We will also let other people do this, and we (or they) may contact you.

If you are already our customer, we will only contact you electronically about things similar to what was previously sold to y

If you are a new customer, you will only be contacted if you agree to it

If you don’t want to be contacted for marketing purposes, please tick the relevant box that you will find on screen.

Please note: We don’t identify individuals to our advertisers, but we do give them aggregate information to help them reach their target audience, and we may use information we have collected to display advertisements to that audience.

6. Where we store your data

We may transfer your collected data to storage outside the European Economic Area (EEA). It may be processed outside the EEA to fulfil your order and deal with payment.

By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.

Payment will be encrypted. If we give you a password, you must keep it confidential. Please don’t share it. Although we try to provide protection, we cannot guarantee complete security for your data, and you take the risk that any sending of that data turns out to be not secure despite our efforts.

7. Disclosing your information

We are allowed to disclose your information in the following cases:

  • If we want to sell our business, or our company, we can disclose it to the potential buyer
  • We can disclose it to other businesses in our group
  • We can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights
  • We can exchange information with others to protect against fraud or credit risks.

8. Your rights

You can ask us not to use your data for marketing. You can do this by ticking the relevant boxes on our forms, or by contacting us at any time at [email protected].

The Data Protection Act 1998 gives you the right to see information we hold about you. We can charge you a fee (currently £100) for this service.

9. Links to other sites

Please note that our terms and conditions and our policies will not apply to other websites that you get to via a link from our site.

10. Changes

If we change our Privacy Policy, we will post the changes on this page. If we decide to, we may also email you.

11. Dispute Resolution

11.1 The Parties will use their best efforts to negotiate in good faith and settle any dispute that may arise out of or relate to this Agreement or any breach of it.

11.2 If any such dispute cannot be settled amicably through ordinary negotiations between the Parties, or either or both is or are unwilling to engage in this process, either Party may propose to the other in writing that structured negotiations be entered into with the assistance of a fully accredited mediator before resorting to litigation.

11.3 If the Parties are unable to agree upon a mediator, or if the mediator agreed upon is unable or unwilling to act and an alternative mediator cannot be agreed, any party may within 14 days of the date of knowledge of either event apply to Kumoco to appoint a mediator under the Kumoco Mediation Procedure.

11.4 Within 14 days of the appointment of the mediator (either by mutual agreement of the Parties or by Kumoco in accordance with their mediation procedure), the Parties will meet with the mediator to agree the procedure to be adopted for the mediation, unless otherwise agreed between the parties and the mediator.

11.5 All negotiations connected with the relevant dispute(s) will be conducted in confidence and without prejudice to the rights of the Parties in any further proceedings.

11.6 If the Parties agree on a resolution of the dispute at mediation, the agreement shall be reduced to writing and, once signed by the duly authorised representatives of both Parties, shall be final and binding on them

11.7 If the Parties fail to resolve the dispute(s) within 60 days (or such longer term as may be agreed between the Parties) of the mediator being appointed, or if either Party withdraws from the mediation procedure, then either Party may exercise any right to seek a remedy through arbitration by an arbitrator to be appointed by Kumoco under the Rules of the Kumoco Arbitration Scheme.

11.8 Any dispute shall not affect the Parties’ ongoing obligations under the Agreement.

Kumoco uses certain sub-processors to assist in providing Kumoco’s services. A sub-processor is a third party data processor engaged by Kumoco who agrees to receive personal data from Kumoco intended for processing activities to be carried out (i) on behalf of Kumoco customers; (ii) in accordance with customer instructions as communicated by Kumoco; and (iii) in accordance with the terms of a written contract between Kumoco and the sub-processor. Prior to onboarding sub-processors, Kumoco conducts an audit of the security and privacy practices of such sub-processors to ensure the sub-processors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Sub-processors are re-authorized upon contract renewal or on an annual basis. Kumoco’s sub-processors include:

Sub-Processor Name Sub-Processor Activity Location

Amazon Web Services Cloud service provider Dublin, Ireland

Google Cloud productivity tools Worldwide (see https://support.google.com/googlecloud/answer/6056694?hl=en )

Microsoft Cloud productivity tools UK

Zoho Customer support platform Amsterdam, Netherlands and Dublin, Ireland

In the course of providing services to our customers, Kumoco may process personal data on our customer’s behalf where such personal data is subject to EU data protection laws like GDPR. To this end, we offer a data protection addendum (DPA) as provided below.


  1. “Affiliate” means an entity that directly or indirectly controls, is controlled by or is under common control with an entity. For purposes of this definition, “control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question.
  2. “Agreement” means either the Kumoco Terms and Conditions or Kumoco Service Agreement (as applicable) and the related Order Form, which together govern the provision of the Services to Customer.
  3. “Customer Data” means any Personal Data that Kumoco processes on behalf of Customer as a Data Processor in the course of providing Services.
  4. “Data Protection Laws” means all data protection and privacy laws applicable to the processing of Personal Data by Kumoco pursuant to the Agreement, including, where applicable, EU Data Protection Law.
  5. “Data Controller” means an entity that determines the purposes and means of the processing of Personal Data.
  6. “Data Processor” means an entity that processes Personal Data on behalf of a Data Controller.
  7. “EU Data Protection Law” means (i) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (as may be amended, superseded or replaced).
  8. “EEA” means, for the purposes of this DPA, the European Economic Area, United Kingdom and Switzerland.
  9. “Personal Data” means any information relating to an identified or identifiable natural person.
  10. “Privacy Shield” means the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework self-certification program operated by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of 12 July 2016 and by the Swiss Federal Council on January 11, 2017 respectively.
  11. “Privacy Shield Principles” means the Privacy Shield Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision C(2016)4176 of 12 July 2016 (as may be amended, superseded or replaced).
  12. “Processing” has the meaning given to it in the GDPR and “process”, “processes”, and “processed” will be interpreted accordingly.
  13. “Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Data.
  14. “Services” means any product or service provided by Kumoco to Customer pursuant to the Agreement.
  15. “Sub-processor” means any Data Processor engaged by Kumoco or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA.

1. Relationship with the Agreement

  1. The parties agree that this DPA will replace any existing data protection addendum or similar agreement the parties may have previously entered into in connection with the Services.
  2. Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA will prevail to the extent of that conflict.
  3. Any claims brought under or in connection with this DPA will be subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in the Agreement.
  4. Any claims against Kumoco or its Affiliates under this DPA will be brought solely against the entity that is a party to the Agreement. Customer further agrees that any regulatory penalties or other liability incurred by Kumoco in relation to the Customer Data that arise as a result of, or in connection with, Customer’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws will count toward and reduce Kumoco’s liability under the Agreement as if it were liability to the Customer under the Agreement.
  5. No one other than a party to this DPA, its successors and permitted assignees will have any right to enforce any of its terms.
  6. This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.

1. Scope and Applicability of this DPA.

  • This DPA applies where and only to the extent that Kumoco processes Customer Data that originates from the EEA and/or that is otherwise subject to EU Data Protection Law on behalf of Customer as Data Processor in the course of providing Services pursuant to the Agreement.
  • Part A of this DPA will apply to the processing of Customer Data within the scope of this DPA beginning on the Effective Date.
  • Part B of this DPA will apply to the processing of Customer Data within the scope of the DPA beginning 25 May 2018. For the avoidance of doubt, Part B will apply in addition to, and not in substitution for, the terms in Part A.
PART A: DATA PROTECTION OBLIGATIONS. Roles and Scope of Processing.
  1. Role of the Parties.As between Kumoco and Customer, Customer is the Data Controller of Customer Data, and Kumoco will process Customer Data only as a Data Processor acting on behalf of Customer.
  2. Customer Processing of Customer Data.Customer agrees that: (i) it will comply with its obligations as a Data Controller under Data Protection Laws in respect of its processing of Customer Data and any processing instructions it issues to Kumoco; and (ii) it has provided notice and obtained (or will obtain) all consents and rights necessary under Data Protection Laws for Kumoco to process Customer Data and provide the Services pursuant to the Agreement and this DPA.
  3. Kumoco Processing of Customer DataKumoco will process Customer Data only for the purposes described in the DPA and only in accordance with Customer’s documented lawful instructions. The parties agree that this DPA and the Agreement set out the Customer’s complete and final instructions to Kumoco in relation to the processing of Customer Data and processing outside the scope of these instructions (if any) will require prior written agreement between Customer and Kumoco.
Details of Data Processing.
  1. Subject matter: The subject matter of the data processing under this DPA is the Customer Data.
  2. Duration: We will retain your information for a reasonable period or as long as the law requires..
  3. Purpose: The purpose of the data processing under this DPA is the provision of the Services to the Customer and the performance of Kumoco pursuant to the Agreement (including this DPA) or as otherwise agreed by the parties.
  4. Nature of the processing: Kumoco provides professional services, training, matching your registered details with job vacancies and other related services, as described in the Agreement.
  5. Types of Customer Data: identification and contact data (name, address, title, contact details, username, date of birth); financial information (account details, payment information); employment details (employer, job title, geographic location, area of responsibility); IT information (IP addresses, usage data, cookies data, online navigation data, location data, browser data); other (copies of your curriculum vitae, personal statements and other (information relating to your job history, qualifications, salary expectations etc.; on occasions this may also include – sensitive personal information such as details of criminal convictions and ethnic origin.
  1. Legitimate Interests. Notwithstanding anything to the contrary in the Agreement (including this DPA), Customer acknowledges that Kumoco will have a right to use and disclose data relating to the operation, support and/or use of the Services for its legitimate business purposes, such as billing, account management, technical support, product development and sales and marketing. To the extent any such data is considered Personal Data under Data Protection Laws, Kumoco is the Data Controller of such data and accordingly will process such data in accordance with the Kumoco Privacy Policy and Data Protection Laws.
  2. Tracking Technologies.Customer acknowledges that in connection with the performance of the Services, Kumoco employs the use of cookies, unique identifiers, web beacons and similar tracking technologies (“Tracking Technologies”). Customer will maintain appropriate notice, consent, opt-in and opt-out mechanisms as are required by Data Protection Laws to enable Kumoco to deploy Tracking Technologies lawfully on, and collect data from, the devices of Recipients in accordance with and as described in the Kumoco Privacy Policy
  1. Authorised Sub-processors. Customer agrees that Kumoco may engage Sub-processors to process Customer Data on Customer’s behalf.
  2. Sub-processor Obligations. Kumoco will: (i) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Customer Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Kumoco to breach any of its obligations under this DPA.

2. Security.

  1. Security Policy.Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Kumoco will implement and maintain appropriate technical and organisational security measures to protect Customer Data from Security Incidents and to preserve the security and confidentiality of the Customer Data, in accordance with Kumoco’s security standards (“Security Policy”).
  2. Updates to Security Measures.Customer is responsible for reviewing the information made available by Kumoco relating to data security and making an independent determination as to whether the Services meet Customer’s requirements and legal obligations under Data Protection Laws. Customer acknowledges that the Security Policy is subject to technical progress and development and that Kumoco may update or modify the Security Policy from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Customer.
  3. Customer Responsibilities.Notwithstanding the above, Customer agrees that except to the extent expressly provided in this DPA, Customer is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Customer Data when in transit to and from the Services and taking any appropriate steps to securely encrypt or backup any Customer Data uploaded to the Services.
International Transfers.
  1. Processing Locations.Kumoco may transfer and process Customer Data anywhere in the world where Kumoco, its Affiliates or its Sub-processors maintain data processing operations. Kumoco will at all times provide an adequate level of protection for the Customer Data processed, in accordance with the requirements of Data Protection Laws.
  2. Privacy Shield.To the extent that Kumoco processes any Customer Data protected by EU Data Protection Law under the Agreement and/or that originates from the EEA, in a country that has not been designated by the European Commission or Swiss Federal Data Protection Authority (as applicable) as providing an adequate level of protection for Personal Data, the parties acknowledge that Kumoco will be deemed to provide adequate protection (within the meaning of EU Data Protection Law) for any such Customer Data by virtue of having self-certified its compliance with Privacy Shield. Kumoco agrees to protect such Personal Data in accordance with the requirements of the Privacy Shield Principles. If Kumoco is unable to comply with this requirement, Kumoco will inform Customer.
  3. Alternative Transfer Mechanism.The parties agree that the data export solution identified above will not apply if and to the extent Kumoco adopts an alternative data export solution for the lawful transfer of Personal Data (as recognized under EU Data Protection Laws) outside of the EEA (“Alternative Transfer Mechanism”), in which event, the Alternative Transfer Mechanism will apply instead (but only to the extent such Alternative Transfer Mechanism extends to the territories to which Personal Data is transferred).
PART B: GDPR OBLIGATIONS: Additional Security.
  1. Confidentiality of Processing. Kumoco will ensure that any person who is authorised by Kumoco to process Customer Data (including its staff, agents and subcontractors) will be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).
  2. Security Incident Response.Upon becoming aware of a Security Incident, Kumoco will notify Customer without undue delay and will provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

2. Changes to Sub-processors.

  1. Kumoco will provide an up-to-date list of the Sub-processors it has appointed upon written request from Customer.

3. Return or Deletion of Data.Upon termination or expiration of the Agreement, Kumoco will (at Customer’s election) delete or return to Customer all Customer Data (including copies) in its possession or control, save that this requirement will not apply to the extent Kumoco is required by applicable law to retain some or all of the Customer Data, or to Customer Data it has archived on back-up systems, which Customer Data Kumoco will securely isolate and protect from any further processing, except to the extent required by applicable law.

4. Cooperation.

  1. Data Subject RequestsThe Services provide Customer with a number of controls that Customer may use to retrieve, correct, delete, or restrict Customer Data, which Customer may use to assist it in connection with its obligations under the GDPR including, for example, its obligations relating to responding to requests from data subjects or applicable data protection authorities. To the extent Customer is unable to independently access the relevant Customer Data within the Services, Kumoco will provide reasonable cooperation to assist Customer to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement. In the event any such request is made directly to Kumoco, Kumoco will not respond to such communication directly without Customer’s prior authorization, unless legally compelled to do so. If Kumoco is required to respond to such a request, Kumoco will promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.
  2. Records of Processing.Upon request from Customer, Kumoco will make available in a timely manner such information as is required by Customer to demonstrate Kumoco’s compliance with its obligations under EU Data Protection Law and under this DPA.
  3. Government RequestsIf a law enforcement agency sends Kumoco a demand for Customer Data (for example, through a subpoena or court order), Kumoco will attempt to redirect the law enforcement agency to request that data directly from Customer. As part of this effort, Kumoco may provide Customer’s basic contact information to the law enforcement agency. If compelled to disclose Customer Data to a law enforcement agency, then Kumoco will give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless Kumoco is legally prohibited from doing so.
  4. Data Protection Impact Assessments. To the extent Kumoco is required under EU Data Protection Law, Kumoco will (at Customer’s expense to the extent legally permitted) provide reasonably requested information regarding the Services to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.

Training Terms and Conditions

Booking for workshops, training and other events run by Kumoco implies acceptance of these terms and conditions.

These terms shall prevail over any terms put forward by you, unless we expressly agree to them in writing. No conduct by us, our employees or our associates shall be deemed to constitute acceptance of any terms put forward by you. Terms and conditions may be updated from time to time and will apply from the date of publication on the website. Any variations for specific events will be specified in the web materials publicising the events.

Bookings and Payment

Acceptance of bookings is subject to availability, suitability for the programme and other conditions that Kumoco may set for any specific event. Registered bookings are confirmed subject to payment in advance, either by credit card or by the date specified on the invoice. Bookings for which payment is not received by the due date may be subject to cancellation by Kumoco.


Discount policy will differ between events and will be as described on our web or printed material for each eve

Discounts cannot be applied following a purchase.

No more than one discount may be applied per order.


If for some reason, we have to cancel the course, participants will get a full refund. We need a minimum amount of people to make it feasible. We will not be liable for any travel costs incurred by participants if a course is cancelled. Please wait until 1 week before the course to book travel, or contact us to find out the status of a course.

If a participant wishes to cancel a place, they may do so and receive a full refund minus any transaction fees up until 30 days before the course. We are able to offer a 50% refund up until 2 weeks before the course. After this period we are unable to offer a refund as we will have committed to costs for the participant’s place.

If however a participant finds someone else to take their place then we would offer a refund at any time, minus any costs incurred with the transaction.


The programmes for our workshops, training and other events are correct at the time of publication. We reserve the right to change programmes without notice.

On occasion we may have to change the venue to a different location to the one advertised. We reserve the right to change this and will inform participants via email.


If a course has pre-requisites, it is the participant’s responsibility to ensure they are suitably qualified to attend the course. Refunds will not be made if the participant cannot complete the course due to finding it too difficult, or if the course leader thinks they cannot stay on due to not achieving the required pre-requisites.

Contact Details

Contact details for participants and ticket buyers will be kept strictly private and will be shared only with the course trainer and Kumoco

Photography and Video

Certain sessions during some of our events are filmed and recorded. If you do not wish to be included in any footage or photography, please contact us and we will ensure that you are not included. If you do not contact the team, you consent to being filmed and recorded and (hence maybe) included in this and subsequent versions in any and all media, worldwide, without limitation of time. The team can be contacted at: [email protected]

Intellectual property rights and copyright

All intellectual property rights and know-how in or relating to the course designs, training materials, consultancy methods and the software used by us, whether subsisting prior to the event or generated or arising in the course of the event shall (with the sole exception of any intellectual property rights or know-how belonging to you prior to the event) remain or vest with us and our suppliers.

Limitation of liability

If we breach the terms of an agreement, or you seek compensation and damages for any claim or claims arising out of any contract between us for whatever reason, your remedy will be limited to damages. Our liability will not exceed the cost of the registration fee received (if any), except in the case of injury or death or any person.

With the exception of the above paragraph, we shall not be liable to you, regardless of the form of action, whether in contract, tort (including negligence and breach of statutory duty), strict liability, or otherwise whatsoever:

  • for any loss of profit, business, contracts or revenues
  • for failure to achieve anticipated savings in costs
  • for any special, indirect or consequential damage of any nature whatsoever arising directly or indirectly out of the services we offer, or of any error or defect caused by us, UNLESS you inform us in writing before you book a place on each event, of any particular circumstances covered above.

Each of the foregoing points is to be construed as a separate limitation (applying and surviving even if for any reason one or other of these points is held inapplicable or unreasonable in any circumstances) and shall remain in force notwithstanding termination of any contract between us.


The following terminology has been used in this document and is to be understood as follows:

Participants – those booking on and/or attending any events run by Kumoco

Other conditions

No other statements on this web site or email correspondence may be taken to imply any contractual obligation by Kumoco.

Nothing in this agreement or any other correspondence between us shall confer or purport to confer on any third party any benefit or any right to enforce any terms of this agreement.

The contract between us is to be governed by and construed in accordance with English law and the parties agree to submit to the exclusive jurisdiction of the English Courts.