KOTY MART LogoKOTY MART
HomeHomeschool KitsProductsPartnersAboutContact
View Products

EU Privacy Notice (GDPR)

Last Updated: January 28, 2026

EU Privacy Notice (GDPR)

Notice for EU Residents

This EU Privacy Notice supplements our main Privacy Policy and applies specifically to individuals located in the European Economic Area (EEA), United Kingdom, and Switzerland. It describes how KOTY MART LLC processes personal data in compliance with the General Data Protection Regulation (GDPR) and related data protection laws.

Data Controller

KOTY MART LLC 7901 4th St N Ste 300 St. Petersburg, FL 33702 United States

Email: [email protected] Phone: +1 786-382-2000

Personal Data We Collect

We collect and process the following categories of personal data:

Identity Data

  • Name
  • Email address
  • Phone number
  • Postal address
  • Account credentials

Financial Data

  • Payment card information (processed by third-party payment processors)
  • Billing address
  • Transaction history

Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Cookie data
  • Usage data

Profile Data

  • Homeschooling preferences
  • Educational background
  • Communication preferences
  • Service interests

Usage Data

  • Information about how you use our website and services
  • Pages visited
  • Time spent on pages
  • Links clicked

Marketing and Communications Data

  • Your preferences for receiving marketing communications
  • Communication history

Legal Basis for Processing

We process personal data under the following legal bases:

1. Contractual Necessity

We process data necessary to:

  • Provide homeschool coaching services you've purchased
  • Process payments
  • Deliver educational materials and resources
  • Communicate about your services

2. Consent

We process data based on your consent for:

  • Marketing communications
  • Non-essential cookies
  • Newsletter subscriptions

You may withdraw consent at any time by contacting us or using unsubscribe links.

3. Legitimate Interests

We process data where we have legitimate interests to:

  • Improve our services and develop new offerings
  • Analyze website usage and performance
  • Detect and prevent fraud
  • Ensure network and information security
  • Manage our business operations

We balance our legitimate interests against your rights and freedoms.

4. Legal Obligations

We process data to comply with:

  • Tax and accounting requirements
  • Legal and regulatory obligations
  • Court orders and legal processes

Your GDPR Rights

Under the GDPR, you have the following rights:

1. Right of Access (Article 15)

You have the right to obtain:

  • Confirmation of whether we process your personal data
  • Access to your personal data
  • Information about the processing (purposes, categories, recipients, retention periods)

2. Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Legal obligations require erasure

Exceptions: We may retain data when required for legal obligations, legal claims, or public interest.

4. Right to Restriction of Processing (Article 18)

You have the right to restrict processing when:

  • You contest the accuracy of the data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

5. Right to Data Portability (Article 20)

You have the right to:

  • Receive personal data you provided in a structured, commonly used, machine-readable format
  • Transmit that data to another controller

This applies to data processed based on consent or contract and processed by automated means.

6. Right to Object (Article 21)

You have the right to object to processing based on:

  • Legitimate interests
  • Direct marketing (including profiling)
  • Processing for scientific, historical research, or statistical purposes

7. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.

Note: We do not currently engage in automated decision-making or profiling with legal or significant effects.

8. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in your EU member state of residence, workplace, or where an alleged infringement occurred.

How to Exercise Your Rights

To exercise your GDPR rights:

Primary Contact:

  • Email: [email protected]
  • Phone: +1 786-382-2000
  • Mail: KOTY MART, Attn: GDPR Rights Request, 7901 4th St N Ste 300, St. Petersburg, FL 33702

Verification: We will verify your identity before processing requests to protect your personal data.

Response Time: We will respond within one month of receipt. This may be extended by two additional months for complex requests.

Free of Charge: Exercising your rights is generally free. We may charge a reasonable fee for manifestly unfounded or excessive requests.

International Data Transfers

KOTY MART is based in the United States. When you use our services from the EU, your personal data is transferred to and processed in the United States.

Safeguards for Transfers

We implement appropriate safeguards for international transfers:

  1. Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for transfers to third countries.

  2. Adequacy Decisions: Where applicable, we rely on European Commission adequacy decisions.

  3. Additional Measures: We implement supplementary measures to ensure data protection, including:

    • Technical measures (encryption, pseudonymization)
    • Organizational measures (access controls, data minimization)
    • Contractual commitments with service providers

Third-Party Processors

We use third-party service providers that may process data outside the EU:

  • Payment processors (Stripe, PayPal)
  • Cloud hosting providers
  • Email service providers
  • Analytics services

We ensure all processors provide adequate safeguards and sign data processing agreements.

Data Retention

We retain personal data only for as long as necessary:

Data CategoryRetention PeriodBasis
Account InformationDuration of account + 7 yearsLegal obligations, legitimate interests
Transaction Records7 yearsTax and accounting requirements
Marketing DataUntil consent withdrawn or 2 years of inactivityConsent
Website Analytics26 monthsLegitimate interests
Support Communications3 years from last contactLegitimate interests

After retention periods expire, we securely delete or anonymize personal data.

Data Security

We implement appropriate technical and organizational measures to protect personal data:

Technical Measures

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Secure authentication systems
  • Regular security testing and monitoring
  • Firewall protection

Organizational Measures

  • Access controls and authorization procedures
  • Staff training on data protection
  • Confidentiality agreements with staff and processors
  • Data breach response procedures
  • Regular security audits

Data Breach Notification

In case of a personal data breach likely to result in high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach.

Children's Data

We do not knowingly process personal data of children under 16 without parental consent. Our services are designed for parents and guardians.

If you believe we have collected data from a child without appropriate consent, please contact us at [email protected].

Cookies and Tracking

We use cookies and similar tracking technologies. For detailed information, see our Cookie Policy.

Cookie Consent

We obtain consent before placing non-essential cookies. You can manage cookie preferences through:

  • Cookie consent banner on first visit
  • Browser settings
  • Cookie preference center (if available)

Automated Decision-Making and Profiling

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects concerning you.

If our practices change, we will:

  • Inform you about the automated decision-making
  • Provide information about the logic involved
  • Explain the significance and envisaged consequences
  • Obtain consent where required

EU Representative

If required under GDPR Article 27, we will appoint an EU representative. Contact details will be provided here when applicable.

Currently, based on our business operations and customer base, we have determined that appointing an EU representative is not required, but we remain committed to GDPR compliance.

Supervisory Authorities

You have the right to lodge a complaint with a supervisory authority. You may contact:

Your Local Supervisory Authority

Find your local data protection authority at: European Data Protection Board - Supervisory Authorities

Common EU Supervisory Authorities

Ireland (for many US tech companies): Data Protection Commission 21 Fitzwilliam Square South, Dublin 2, Ireland Phone: +353 (0)761 104 800 Email: [email protected] Website: www.dataprotection.ie

Germany: Federal Commissioner for Data Protection and Freedom of Information (BfDI) Graurheindorfer Str. 153, 53117 Bonn, Germany Phone: +49 (0)228 997799-0 Email: [email protected] Website: www.bfdi.bund.de

France: Commission Nationale de l'Informatique et des Libertés (CNIL) 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France Phone: +33 1 53 73 22 22 Website: www.cnil.fr

United Kingdom (post-Brexit): Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK Phone: +44 (0)303 123 1113 Website: www.ico.org.uk

Data Protection Officer

While we are not currently required to appoint a Data Protection Officer (DPO) under GDPR Article 37, we have designated a privacy contact for GDPR matters:

Privacy Contact: Email: [email protected] Phone: +1 786-382-2000

Changes to This Notice

We may update this EU Privacy Notice from time to time. We will notify you of material changes by:

  • Posting the updated notice on our website
  • Updating the "Last Updated" date
  • Sending email notification for significant changes
  • Obtaining renewed consent where required

Additional Information

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites. Please review their privacy policies.

Service Providers

We share data with trusted service providers who process data on our behalf under strict contractual obligations compliant with GDPR Article 28.

Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred. We will notify you and ensure the recipient complies with GDPR.

Contact for GDPR Matters

For questions about GDPR compliance or to exercise your rights:

GDPR Inquiries: Email: [email protected] Phone: +1 786-382-2000

Postal Address: KOTY MART LLC - GDPR Compliance 7901 4th St N Ste 300 St. Petersburg, FL 33702 United States

Response Commitment: We will respond to all GDPR-related inquiries within one month.

Additional Resources

Legal Framework

This notice is based on:

  • Regulation (EU) 2016/679 (General Data Protection Regulation)
  • UK GDPR (as incorporated into UK law)
  • Swiss Federal Act on Data Protection (FADP)
  • National implementations of GDPR in EU member states