Krank
Krank - Privacy Policy

Privacy Policy

How Krank processes the personal data we collect from you, the legal bases we rely on, and the choices and rights you have over your data.

Last updatedJune, 2026
Inspeq
Heavy Kit

This privacy policy (“Policy”) explains how Krank Limited or any of its affiliates or subsidiaries (hereby collectively referred to as (“Krank”, “Inspeq”, “Heavy Kit” “We”, “Us”, “Our”) Processes Personal Data collected from You.

Capitalised terms not explicitly defined herein shall have the same meaning as ascribed to them in the "Terms of Service" can be found here.

01

Definitions

  • “Controller” means the natural or legal person, public authority, agency, or other body which alone or jointly with others, determines the purposes and means of the processing of Personal Data.
  • “End-User” means any person or entity with whom the Subscriber interacts using the Service(s).
  • “Personal Data”means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, voice notes, videos, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Process”means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Service(s)” shall have the meaning ascribed to it in the Terms of Service.
  • “Subscriber”means the natural or legal person that has subscribed to the Service(s) by agreeing to the Terms & Conditions.
  • “Websites, Mobile Apps or Platforms” means the websites, mobile apps or platforms that We operate, including the websites at www.krank.com, www.heavykit.com, https://getinspeq.com and via the Inspeq App
  • “You” and “Your” means an identified or identifiable natural person whose Personal Data We Process as a Controller.
03

Data Sharing

To perform the contract with you and to process your application to register for membership, We share your Personal Data with Our business partners, suppliers and subcontractors who are involved in such process, such as payment providers, credit reference agencies (who we use to assess fraud, credit and/or security risks). We do this to fulfil legal obligations to which we are subject.

We share Personal Data with Our third-party service providers that host and maintain Our Websites, Mobile Apps, Platforms, applications, backup, storage, payment processing, analytics, and other service(s). These third-party service providers may have access to or Process Your Personal Data for the purpose of providing these service(s) to Us. Details of our sub-processors can be found here.

Payment Transaction Information (Only for Inspeq)

If you purchase a subscription to access the Service(s), payment and transaction information is collected and processed by third party PCI DSS compliant payment service providers. This may include information such as payment card details or bank related information, which is provided directly to the payment service provider.

Inspeq does not directly collect, process, or store full payment card or bank account information. All payment transaction information is processed and stored exclusively by third party PCI DSS compliant payment service providers, in accordance with their own terms of service and privacy policies, for the purpose of processing subscription fees and related transactions on behalf of Inspeq.

The information made available to Inspeq is limited to partial payment details and basic transaction information, such as payment status, subscription type, and billing history, which is required for account administration, customer support, accounting, and financial record keeping.

We may share Your Personal Data with third-party service providers who assist Us in marketing and promotions in compliance with applicable laws (e.g. sales and marketing intelligence providers).

We may be required to disclose Your Personal Data in response to:

  • lawful requests by public authorities, including to meet national security or law enforcement requirements and/or
  • subpoenas, court orders, or legal process, or to establish or exercise Our legal rights or defend against legal claims.

We may also share Personal Data with credit reference agencies and fraud prevention agencies to assist investigation and prevention of illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Our Terms of Service, or as otherwise required by law. Note: Disclosures will be limited to what is necessary and proportionate, in line with data minimization principles.

Please note, we do not and will not sell your Personal Data to any third party for marketing purposes.

We may share your Personal Data with prospective buyers or partners of Our business.

04

International Transfer

We mainly Process Personal Data in UK. However, we may transfer Personal Data outside the UK for the purposes referred to in Section 3. We will ensure that the recipient of your Personal Data offers an adequate level of protection that is at least comparable to that which is provided under applicable data protection laws. You can contact Us used the contact details in Clause 10.

05

Data Retention

Where you are a registered user of Krank, we will retain your Personal Data for as long as the account is active and you have not asked us to delete it, to ensure that we are able to assist you should you have any questions, feedback or issues in connection with your account or if any legal issues arise.

We retain the Personal Data collected where an ongoing legitimate business requires retention of such Personal Data – e.g. where required to comply with Our legal, accounting or regulatory requirements.

In the absence of a need to retain Personal Data under Section 5.2. above, we will either delete it, or isolate it from any further Processing until deletion is possible, in line with our data retention policy, details of which are available on request.

06

Data Security

We employ robust technical and organizational measures to protect the Personal Data we collect and process. As an ISO 27001 certified business, we adhere to strict policies and industry best practices to ensure the highest standards of security, providing a level of protection appropriate to the risks associated with processing your Personal Data. You may visit https://krank.com/security to view our security page for more details. In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours, in accordance with Article 33 of the GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also inform you without undue delay, as required by Article 34 of the GDPR. If you have any questions or concerns about the security of your Personal Data, please contact us using the contact details listed in clause 10.

07

Your rights

You are entitled to the following rights:

You can contact Us to:

  • access Your Personal Data (also known as a "subject access request")
  • correct incomplete or inaccurate data We hold about You
  • request erasure of Your Personal Data;

You can object to the Processing of Your Personal Data, ask Us to restrict processing of Your Personal Data or request portability (also known as a "transfer") of Your Personal Data.

You have the right to opt-out of marketing communications We send You at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails We send You. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact Us using the details listed in clause 10.

Similarly, if We have collected and processed Your Personal Data with Your consent, then You can withdraw your consent at any time. Withdrawing Your consent will not affect the lawfulness of any processing We have conducted prior to Your withdrawal, nor will it affect processing of Your Personal Data conducted in reliance on lawful processing grounds other than consent.

You have the right to lodge a complaint with Us or the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales. If You are based in the EU you can find your relevant supervisory authority here.

If You seek access to, or wish to correct, update, modify or delete Your Personal Data that We process, please contact Us at the details provided in clause We respond to all requests We receive from individuals wishing to exercise thdata protection rights within a reasonable timeframe in accordance with applicable data protection laws.

08

Privacy of children

We recognize the importance of children’s safety and privacy. We do not request, or knowingly collect, any Personal Data from children under the age of 18. If a parent or guardian becomes aware that his or her child has provided Us with Personal Data, they should write to us at the email address provided in clause 10.

09

Notice to end-user and other exclusions

Our Service(s) are intended for use by enterprises. Where the Service(s) are made available to an End-User through a Subscriber, that enterprise is the Controller of the End-User’s Personal Data. In such a case, the End-User’s data privacy questions and requests should be submitted to the Subscriber in its capacity as the End-User’s Controller. If the End-User is an individual who interacts with a Subscriber using Our Service(s), the End-User will be directed to contact Our Subscriber for assistance with any requests or questions relating to their Personal Data. We are not responsible for Subscribers’ privacy or security practices which may be different from this notice. Subscribers to Our Service(s) are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations, relating to the collection of Personal Data in connection with the use of Our Service(s) by End-Users.

Our Websites or Mobile Apps contain links to other websites. Our Policy applies only to our Websites and Mobile Apps, so if You click on a link to another website, You should read their privacy policy. We encourage You to review the privacy statements of any such other websites to understand their Personal Data practices.

10

Contact Information

We are “Krank Limited” a private limited company (registered with number 10154742), You may contact us if You have any enquiries or feedback on Our personal data protection policies and procedures, or if You wish to make any request, in the following manner:

Kind Attention: Privacy Team

Email Address: privacy@krank.com

Address: Krank Ltd, Milton Hall, Cambridge, England, Post Code - CB24 6WZ

11

Data Protection Complaints

If you have concerns about how we collect, use, store, or otherwise process your personal data, we encourage you to contact us first so that we can investigate and address the issue.

You may submit a data protection complaint by emailing privacy@krank.com with the subject line "Data Protection Complaint".

Upon receipt of a complaint, we will:

  • Acknowledge receipt within 30 calendar days.
  • Investigate the matter fairly and impartially.
  • Request additional information where necessary.
  • Provide a written response explaining our findings and any actions taken.

If you remain dissatisfied after receiving our response, you may have the right to raise your concerns with the Information Commissioner's Office (ICO) or another relevant supervisory authority.

Complaints are handled by Krank's Privacy Team in accordance with applicable data protection laws and our internal complaints handling procedures.

12

Changes to the policy

We keep this Policy under regular review and may update this webpage at any time. This Policy may be amended at any time, and You shall be notified only if there are material changes to this Policy.

Version History

VersionLogDate
V.1Policy has been createdJan, 2026
V.2Data Protection Complaints has been added as point number 11Jun, 2026