Privacy Policy
PRIVACY POLICY
Kai Statue
Last updated: 27 May 2026
1. Introduction
This Privacy Policy explains how Kai Statue (“we”, “us”, “our”) collects, uses, shares and protects your personal data when you visit kaistatue.com (the “Website”), create an account, place an Order or otherwise interact with us.
We are committed to protecting your privacy and handling your personal data fairly, lawfully and transparently. This Policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR) where applicable, and other relevant data protection laws.
This Privacy Policy should be read together with our Terms and Conditions and our Cookie Policy.
2. Data Controller
Kai Statue is the data controller responsible for your personal data. Kai Statue is the trading name of a company registered in England and Wales. Full company and registration details, including the registered office address and company number, are set out in the Contact section at the end of this Policy.
You can contact us about anything relating to your personal data by email at privacy@kaistatue.com, or for general support at support@kaistatue.com.
3. Personal Data We Collect
We collect personal data that you provide to us directly, data generated by your interactions with the Website, and limited data from third parties (for example, fraud-prevention services or social login providers, where applicable).
The main categories of personal data we collect are summarised in the table below:
Category of Data
Examples
Source
Identity & contact
Name, email, phone number, billing and shipping address
Provided by you at registration or checkout
Account data
Username, password (stored in hashed form), account preferences
Provided by you when creating an account
Order & transaction data
Order history, items purchased, prices, dates, refunds, returns
Generated by your activity on the Website
Payment metadata
Card type, last 4 digits, payment reference, billing country. We do not store full card numbers or CVV.
Provided by you and processed by our payment providers
Communications
Support emails, chat messages, contact form submissions, reviews
Provided by you when contacting us
Marketing preferences
Newsletter subscription status, consent flags, channel preferences
Provided by you and updated through preference settings
Technical & device data
IP address, browser type and version, operating system, device identifiers, language settings
Collected automatically via cookies and server logs
Usage data
Pages viewed, items clicked, search queries, time on site, referral URL, basket activity
Collected automatically via cookies and analytics tools
Location data
Approximate location derived from IP address and shipping address
Provided by you and inferred automatically
We do not knowingly collect data falling within special categories under data protection law (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data or sexual orientation), and we ask that you do not submit such data to us.
4. Children’s Privacy
The Website is intended for adult collectors. We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe that your child has provided personal data to us, please contact us at privacy@kaistatue.com and we will take appropriate steps to delete the data.
5. How We Use Your Personal Data and Our Lawful Bases
Under UK and EU data protection law, we may only process your personal data where we have a valid lawful basis. The table below summarises the main purposes for which we process your data and the corresponding lawful bases.
Purpose
Data Used
Lawful Basis
Processing and fulfilling your Orders, including communicating with Suppliers and couriers
Identity & contact, order data, payment metadata
Performance of a contract with you
Managing your account and providing customer support
Account data, communications, order data
Performance of a contract; legitimate interests
Preventing fraud, verifying payments and protecting our business
Identity, payment metadata, technical data
Legitimate interests; legal obligation
Complying with legal, tax, accounting and regulatory obligations
Identity, order data, payment metadata
Legal obligation
Sending marketing emails about new releases, pre-orders and promotions
Identity, contact, marketing preferences, usage data
Consent (you can withdraw at any time); soft opt-in for existing customers where permitted
Improving the Website, analysing performance and personalising your experience
Technical data, usage data, location
Consent (for non-essential cookies); legitimate interests
Defending or pursuing legal claims
Any data reasonably necessary
Legitimate interests; legal obligation
Where we rely on legitimate interests, we have carried out an assessment to ensure that our interests are not overridden by your rights and freedoms. You may ask us for further information about this assessment at any time.
Where we rely on your consent (for example, for marketing emails or non-essential cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before the withdrawal.
6. Marketing Communications
We may send you marketing communications about new releases, restocks, pre-orders, promotions and similar updates relating to Kai Statue, provided that:
• you have given us your consent (for example, by subscribing to our newsletter), or
• you are an existing customer and we are sending you marketing about similar products, in line with the “soft opt-in” permitted under UK direct marketing rules, in which case you can opt out at any time.
You can opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email we send you, by updating your preferences in your account, or by contacting us at privacy@kaistatue.com. Opting out of marketing will not affect transactional communications about your Orders (such as order confirmations, dispatch notifications and customer support messages).
7. Cookies and Similar Technologies
The Website uses cookies and similar technologies (such as pixels, local storage and SDKs) to operate properly, remember your preferences, analyse Website traffic and support marketing where you have consented to such use.
Detailed information about the cookies we use, their purposes and how you can manage your preferences is set out in our Cookie Policy. You can change your cookie preferences at any time through the cookie settings link on the Website.
8. Who We Share Your Personal Data With
We do not sell your personal data. We share it only with carefully selected recipients who help us run our business and deliver your Orders, or where we are required or permitted to do so by law.
Recipient Type
Purpose
Typical Location
Payment service providers
Securely processing your payments and refunds, fraud screening
UK, EU, USA
Suppliers and manufacturers
Producing, packing and dispatching your Order
Primarily China; also Japan, Hong Kong and other countries
Couriers and logistics providers
Delivering your Order, tracking and customs clearance
Worldwide
E-commerce and hosting platforms
Operating the Website, hosting infrastructure, storing data
UK, EU, USA
Email and communication providers
Sending order confirmations, support emails and (with consent) marketing
UK, EU, USA
Analytics and advertising providers
Understanding Website usage and (with consent) measuring advertising
UK, EU, USA
Customer service and chat tools
Managing tickets, live chat and helpdesk communications
UK, EU, USA
Professional advisers
Accountants, auditors, lawyers and insurers, where strictly necessary
UK, EU
Authorities and regulators
Where required by law, court order or to respond to lawful requests
UK and other jurisdictions
All third parties acting as our processors are required to handle your personal data in accordance with our instructions, this Privacy Policy and applicable data protection law, and to implement appropriate security measures.
We may also disclose your personal data to a successor entity in connection with a corporate transaction (such as a merger, acquisition, restructuring or sale of business assets), subject to appropriate confidentiality and data protection safeguards.
9. International Data Transfers
Because we operate internationally and rely on Suppliers and service providers in different countries, your personal data may be transferred to, stored in or accessed from countries outside the United Kingdom and the European Economic Area, including China, Hong Kong, Japan and the United States.
Where personal data is transferred to a country that is not the subject of a UK or EU “adequacy decision”, we put in place appropriate safeguards to protect your data, which may include:
• Standard Contractual Clauses approved by the European Commission and/or the UK International Data Transfer Agreement / UK Addendum issued by the Information Commissioner’s Office;
• supplementary technical and organisational measures (such as encryption in transit and access controls);
• ensuring that only the minimum data necessary is transferred, especially in the case of order fulfilment by overseas Suppliers (typically name, shipping address, phone number and order details).
You can request a copy of the safeguards we use by contacting us at privacy@kaistatue.com.
10. How Long We Keep Your Personal Data
We keep personal data only for as long as necessary for the purposes for which it was collected, including to comply with legal, accounting and reporting requirements. The retention periods below are indicative.
Data
Retention Period
Reason
Order, invoice and transaction records
6 years after the end of the tax year in which the transaction occurred
UK tax and accounting obligations
Account data
For as long as your account is active; deleted on request or after a prolonged period of inactivity (typically 3 years)
Service provision and account management
Customer support communications
Up to 3 years from last contact
Service continuity and dispute handling
Marketing data
Until you withdraw consent or unsubscribe, plus a short suppression record thereafter
Honouring opt-out and consent records
Website analytics and cookie data
Generally up to 26 months from collection
Trend analysis and Website improvement
Server and security logs
Up to 12 months
Security monitoring and incident investigation
Once personal data is no longer required, it is either securely deleted, anonymised so that it can no longer be associated with you, or retained in a strictly limited form where necessary to comply with legal obligations or defend legal claims.
11. How We Protect Your Personal Data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include:
• encryption of data in transit (using HTTPS/TLS) and, where appropriate, at rest;
• restricted access controls based on the principle of least privilege;
• use of reputable payment service providers that are PCI-DSS compliant;
• regular review of our security practices and providers;
• policies and training for personnel handling personal data.
While we take all reasonable precautions, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security but we work to maintain a high standard of protection. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant authority and, where required, affected individuals, in line with applicable law.
12. Your Rights
Subject to the limitations and exceptions set out in applicable data protection law, you have the following rights in respect of your personal data:
• Right of access — to obtain confirmation of whether we process your personal data, and to request a copy.
• Right to rectification — to ask us to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) — to ask us to delete data in certain circumstances, for example where it is no longer needed for the purposes it was collected.
• Right to restriction of processing — to ask us to limit how we use your data in certain situations.
• Right to data portability — to receive certain data in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.
• Right to object — to object to processing based on legitimate interests, and to object to direct marketing at any time.
• Rights related to automated decision-making — we do not currently make decisions producing legal or similarly significant effects based solely on automated processing.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at privacy@kaistatue.com. We may need to verify your identity before responding to your request. We will respond within one month, although this may be extended by up to a further two months in complex cases. There is normally no fee, although we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.
13. Complaints
If you are unhappy with how we have handled your personal data, we encourage you to contact us first so that we can try to resolve the matter. You also have the right to lodge a complaint with a data protection supervisory authority.
In the United Kingdom, the supervisory authority is the Information Commissioner’s Office (ICO):
• Website: ico.org.uk
• Helpline: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you are located in the European Economic Area, you may also contact the supervisory authority in your country of residence, place of work or where the alleged infringement took place.
14. Third-Party Websites
The Website may contain links to third-party websites, plug-ins and applications (for example, social media platforms, courier tracking pages and payment providers). We are not responsible for the privacy practices of these third parties. When you leave our Website, we encourage you to read the privacy notice of each website you visit.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. The most current version will always be available on the Website with the “Last updated” date at the top. Where we make material changes, we will provide a more prominent notice (for example, by email or via a banner on the Website).
Your continued use of the Website or our services after any update constitutes acknowledgement of the revised Privacy Policy.
16. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
• Privacy enquiries: privacy@kaistatue.com
• General support: support@kaistatue.com
• Website: kaistatue.com
For formal correspondence and legal notices, the Website is operated by Nexus Sentry Ltd, a company registered in England and Wales under company number 14957041, with its registered office at 124 City Road, London, England, EC1V 2NX, United Kingdom. This entity is the data controller for the purposes of UK and EU data protection law.
Kai Statue
Last updated: 27 May 2026
1. Introduction
This Privacy Policy explains how Kai Statue (“we”, “us”, “our”) collects, uses, shares and protects your personal data when you visit kaistatue.com (the “Website”), create an account, place an Order or otherwise interact with us.
We are committed to protecting your privacy and handling your personal data fairly, lawfully and transparently. This Policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR) where applicable, and other relevant data protection laws.
This Privacy Policy should be read together with our Terms and Conditions and our Cookie Policy.
2. Data Controller
Kai Statue is the data controller responsible for your personal data. Kai Statue is the trading name of a company registered in England and Wales. Full company and registration details, including the registered office address and company number, are set out in the Contact section at the end of this Policy.
You can contact us about anything relating to your personal data by email at privacy@kaistatue.com, or for general support at support@kaistatue.com.
3. Personal Data We Collect
We collect personal data that you provide to us directly, data generated by your interactions with the Website, and limited data from third parties (for example, fraud-prevention services or social login providers, where applicable).
The main categories of personal data we collect are summarised in the table below:
Category of Data
Examples
Source
Identity & contact
Name, email, phone number, billing and shipping address
Provided by you at registration or checkout
Account data
Username, password (stored in hashed form), account preferences
Provided by you when creating an account
Order & transaction data
Order history, items purchased, prices, dates, refunds, returns
Generated by your activity on the Website
Payment metadata
Card type, last 4 digits, payment reference, billing country. We do not store full card numbers or CVV.
Provided by you and processed by our payment providers
Communications
Support emails, chat messages, contact form submissions, reviews
Provided by you when contacting us
Marketing preferences
Newsletter subscription status, consent flags, channel preferences
Provided by you and updated through preference settings
Technical & device data
IP address, browser type and version, operating system, device identifiers, language settings
Collected automatically via cookies and server logs
Usage data
Pages viewed, items clicked, search queries, time on site, referral URL, basket activity
Collected automatically via cookies and analytics tools
Location data
Approximate location derived from IP address and shipping address
Provided by you and inferred automatically
We do not knowingly collect data falling within special categories under data protection law (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data or sexual orientation), and we ask that you do not submit such data to us.
4. Children’s Privacy
The Website is intended for adult collectors. We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe that your child has provided personal data to us, please contact us at privacy@kaistatue.com and we will take appropriate steps to delete the data.
5. How We Use Your Personal Data and Our Lawful Bases
Under UK and EU data protection law, we may only process your personal data where we have a valid lawful basis. The table below summarises the main purposes for which we process your data and the corresponding lawful bases.
Purpose
Data Used
Lawful Basis
Processing and fulfilling your Orders, including communicating with Suppliers and couriers
Identity & contact, order data, payment metadata
Performance of a contract with you
Managing your account and providing customer support
Account data, communications, order data
Performance of a contract; legitimate interests
Preventing fraud, verifying payments and protecting our business
Identity, payment metadata, technical data
Legitimate interests; legal obligation
Complying with legal, tax, accounting and regulatory obligations
Identity, order data, payment metadata
Legal obligation
Sending marketing emails about new releases, pre-orders and promotions
Identity, contact, marketing preferences, usage data
Consent (you can withdraw at any time); soft opt-in for existing customers where permitted
Improving the Website, analysing performance and personalising your experience
Technical data, usage data, location
Consent (for non-essential cookies); legitimate interests
Defending or pursuing legal claims
Any data reasonably necessary
Legitimate interests; legal obligation
Where we rely on legitimate interests, we have carried out an assessment to ensure that our interests are not overridden by your rights and freedoms. You may ask us for further information about this assessment at any time.
Where we rely on your consent (for example, for marketing emails or non-essential cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before the withdrawal.
6. Marketing Communications
We may send you marketing communications about new releases, restocks, pre-orders, promotions and similar updates relating to Kai Statue, provided that:
• you have given us your consent (for example, by subscribing to our newsletter), or
• you are an existing customer and we are sending you marketing about similar products, in line with the “soft opt-in” permitted under UK direct marketing rules, in which case you can opt out at any time.
You can opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email we send you, by updating your preferences in your account, or by contacting us at privacy@kaistatue.com. Opting out of marketing will not affect transactional communications about your Orders (such as order confirmations, dispatch notifications and customer support messages).
7. Cookies and Similar Technologies
The Website uses cookies and similar technologies (such as pixels, local storage and SDKs) to operate properly, remember your preferences, analyse Website traffic and support marketing where you have consented to such use.
Detailed information about the cookies we use, their purposes and how you can manage your preferences is set out in our Cookie Policy. You can change your cookie preferences at any time through the cookie settings link on the Website.
8. Who We Share Your Personal Data With
We do not sell your personal data. We share it only with carefully selected recipients who help us run our business and deliver your Orders, or where we are required or permitted to do so by law.
Recipient Type
Purpose
Typical Location
Payment service providers
Securely processing your payments and refunds, fraud screening
UK, EU, USA
Suppliers and manufacturers
Producing, packing and dispatching your Order
Primarily China; also Japan, Hong Kong and other countries
Couriers and logistics providers
Delivering your Order, tracking and customs clearance
Worldwide
E-commerce and hosting platforms
Operating the Website, hosting infrastructure, storing data
UK, EU, USA
Email and communication providers
Sending order confirmations, support emails and (with consent) marketing
UK, EU, USA
Analytics and advertising providers
Understanding Website usage and (with consent) measuring advertising
UK, EU, USA
Customer service and chat tools
Managing tickets, live chat and helpdesk communications
UK, EU, USA
Professional advisers
Accountants, auditors, lawyers and insurers, where strictly necessary
UK, EU
Authorities and regulators
Where required by law, court order or to respond to lawful requests
UK and other jurisdictions
All third parties acting as our processors are required to handle your personal data in accordance with our instructions, this Privacy Policy and applicable data protection law, and to implement appropriate security measures.
We may also disclose your personal data to a successor entity in connection with a corporate transaction (such as a merger, acquisition, restructuring or sale of business assets), subject to appropriate confidentiality and data protection safeguards.
9. International Data Transfers
Because we operate internationally and rely on Suppliers and service providers in different countries, your personal data may be transferred to, stored in or accessed from countries outside the United Kingdom and the European Economic Area, including China, Hong Kong, Japan and the United States.
Where personal data is transferred to a country that is not the subject of a UK or EU “adequacy decision”, we put in place appropriate safeguards to protect your data, which may include:
• Standard Contractual Clauses approved by the European Commission and/or the UK International Data Transfer Agreement / UK Addendum issued by the Information Commissioner’s Office;
• supplementary technical and organisational measures (such as encryption in transit and access controls);
• ensuring that only the minimum data necessary is transferred, especially in the case of order fulfilment by overseas Suppliers (typically name, shipping address, phone number and order details).
You can request a copy of the safeguards we use by contacting us at privacy@kaistatue.com.
10. How Long We Keep Your Personal Data
We keep personal data only for as long as necessary for the purposes for which it was collected, including to comply with legal, accounting and reporting requirements. The retention periods below are indicative.
Data
Retention Period
Reason
Order, invoice and transaction records
6 years after the end of the tax year in which the transaction occurred
UK tax and accounting obligations
Account data
For as long as your account is active; deleted on request or after a prolonged period of inactivity (typically 3 years)
Service provision and account management
Customer support communications
Up to 3 years from last contact
Service continuity and dispute handling
Marketing data
Until you withdraw consent or unsubscribe, plus a short suppression record thereafter
Honouring opt-out and consent records
Website analytics and cookie data
Generally up to 26 months from collection
Trend analysis and Website improvement
Server and security logs
Up to 12 months
Security monitoring and incident investigation
Once personal data is no longer required, it is either securely deleted, anonymised so that it can no longer be associated with you, or retained in a strictly limited form where necessary to comply with legal obligations or defend legal claims.
11. How We Protect Your Personal Data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include:
• encryption of data in transit (using HTTPS/TLS) and, where appropriate, at rest;
• restricted access controls based on the principle of least privilege;
• use of reputable payment service providers that are PCI-DSS compliant;
• regular review of our security practices and providers;
• policies and training for personnel handling personal data.
While we take all reasonable precautions, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security but we work to maintain a high standard of protection. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant authority and, where required, affected individuals, in line with applicable law.
12. Your Rights
Subject to the limitations and exceptions set out in applicable data protection law, you have the following rights in respect of your personal data:
• Right of access — to obtain confirmation of whether we process your personal data, and to request a copy.
• Right to rectification — to ask us to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) — to ask us to delete data in certain circumstances, for example where it is no longer needed for the purposes it was collected.
• Right to restriction of processing — to ask us to limit how we use your data in certain situations.
• Right to data portability — to receive certain data in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.
• Right to object — to object to processing based on legitimate interests, and to object to direct marketing at any time.
• Rights related to automated decision-making — we do not currently make decisions producing legal or similarly significant effects based solely on automated processing.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at privacy@kaistatue.com. We may need to verify your identity before responding to your request. We will respond within one month, although this may be extended by up to a further two months in complex cases. There is normally no fee, although we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.
13. Complaints
If you are unhappy with how we have handled your personal data, we encourage you to contact us first so that we can try to resolve the matter. You also have the right to lodge a complaint with a data protection supervisory authority.
In the United Kingdom, the supervisory authority is the Information Commissioner’s Office (ICO):
• Website: ico.org.uk
• Helpline: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you are located in the European Economic Area, you may also contact the supervisory authority in your country of residence, place of work or where the alleged infringement took place.
14. Third-Party Websites
The Website may contain links to third-party websites, plug-ins and applications (for example, social media platforms, courier tracking pages and payment providers). We are not responsible for the privacy practices of these third parties. When you leave our Website, we encourage you to read the privacy notice of each website you visit.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. The most current version will always be available on the Website with the “Last updated” date at the top. Where we make material changes, we will provide a more prominent notice (for example, by email or via a banner on the Website).
Your continued use of the Website or our services after any update constitutes acknowledgement of the revised Privacy Policy.
16. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
• Privacy enquiries: privacy@kaistatue.com
• General support: support@kaistatue.com
• Website: kaistatue.com
For formal correspondence and legal notices, the Website is operated by Nexus Sentry Ltd, a company registered in England and Wales under company number 14957041, with its registered office at 124 City Road, London, England, EC1V 2NX, United Kingdom. This entity is the data controller for the purposes of UK and EU data protection law.
