Privacy Policy

Updated 24th May 2022

Katikati is a product from Lark Social Impact, a limited company based in England. We run this website and here you can find out how we handle data for visitors to our websites, for potential and existing clients as well as how we handle and how we expect our clients to handle data from conversations in Katikati. This page was last updated on 24th May 2022.

This website

We do not collect any information in the background nor set any cookies ourselves on this website. 

However we use a contact form supplied by a third party service (Hubspot) through which you can share your details if you’d like us to get in touch with you. They will set cookies in your browser to inform us of form views and submissions. If you’d like to avoid that, you can contact us instead by emailing Arnav at

We also use a few other third party services which may add their own cookies, as described below.

Third-party services for the website

We use third-party services to host and deliver website content. You can find out more about each of these services below:

  • Website Host: Webflow. No cookies are set by them. Find out more in their cookie policy.
  • Video Host: YouTube. We host our demonstration video on YouTube because its infrastructure is better suited to delivering video content than building our own. They may add their own cookies. Find out more in their data privacy statement.
  • ‘Contact us’ form: HubSpot. We host the Contact us form on HubSpot which allows us to get in touch with visitors who request to do so. Visiting the form will open a separate webpage, which will set some cookies in your browser, and will track when someone visits the page and submits it. Find out more in their terms of service. If you fill in and submit the form, you will share with us only the data that you choose to fill in which may include: email, organisation, website and name. We will not sell, share or use this data with anyone outside of Lark Social Impact and use this purely for the purposes of getting in touch with you.

Potential and existing clients

What data we collect

We may collect the following information about our potential and existing clients:

  • Name
  • Company
  • Email address
  • Phone number
  • Job title
  • Company address
  • Potential use for our products and services

Why we collect this data

We use this information to create and manage client relationships.

How long we keep this data

We remove the ‘Contact us’ form information after 1 year and we will delete all correspondence upon request subject to any legal obligations.

Where data about potential and existing clients is processed

We use the following services to store and process this data:

Data from Conversations on Katikati

Lark Social Impact connects organisations with the people they care about. Our communication technology involves the transmission, processing and storage of data which may place the personal data of counterparts and possibly themselves at risk. We take this risk seriously and thus alongside upholding our Data Protection Commitments we require organisations to mitigate any such risk through upholding our Code of Conduct.

Lark Social Impact’s commitment to data protection begins with our compliance with the EU General Data Protection Regulation (2018) and the UK The Data Protection Act (2018). LSI also works with organisations to enact their own policies on our platform with the expectation that they too meet legal requirements placed on them, as well as to meet our Code of Conduct to do the right thing with their counterparts’ data.

If you are interested to understand more about our approach, our Data Protection Policy takes the form of two sections: 

  1. LSI’s Data Protection Commitments: the legal obligations LSI discharges, and the promises Katikati makes to the organisations we work with and to the people those organisations communicate with (herein referred to as the counterparts of an organisation).
  2. Our Client's Code of Conduct: the requirements to which all organisations must agree in order to use Katikati. This Code of Conduct includes requiring informed consent from the counterparts for the exchanges of information taking place via Katikati, and respectful engagement with them from the organisations using the platform. LSI reserves the right to monitor the communications that take place on our platform and in accordance with our Compliance Procedure to issue warnings and ultimately to withdraw the provision of the platform to organisations that fail to meet the standards outlined in the Code of Conduct.

Things we don’t do

Lark Social Impact doesn’t participate in the following data processing activities:

  • Entering into data sharing agreements with third-party organisations without our client’s consent
  • Buying or selling marketing lists
  • Telephone marketing
  • Postal marketing

Keeping data secure

We carefully choose our services and tools at LSI. It’s important that they follow good security practices, like HTTPS, two-factor authentication and the ability to set a strong password. We’ve reviewed the privacy policies and security practices of everything we use. When a new team member joins LSI, we explain best practices for keeping their devices secure, maintaining the security of their online accounts and data protection.

We run Katikati on third-party infrastructure and only buy services from high-tier providers. We take our responsibility to choose, design and manage this infrastructure seriously and do this with both a team understanding of data risks and technical mechanisms, like access control to the projects.

Data breaches

In the event of a data breach, we are required to notify the UK Information Commissioner’s Office. We will do so following their guidance. In the event of discovering a vulnerability in components of our infrastructure, we would take part in responsible disclosure practices as outlined here: coordinated vulnerability disclosure

Data originating in or transferred outside the EEA

We have reviewed the privacy policies of core third party services we use. They provide adequate protections when information is received in or shared outside of the European Economic Area. For other third party service providers located outside of the EEA that we use on an ad hoc basis for client engagements, we commit to reviewing their privacy policies to satisfy ourselves that they have adequate protections to uphold our obligations.


There are exemptions to data protection regulations that may require us to share data about you, including requests by law enforcement. A full list of exemptions are listed on the ICO website – this also applies to data held about you by third party services we use.

Reviewing how we use data

Every six months, we conduct a privacy and security review internally and review the documentation of third party services we use. This helps us continuously improve our processes and hold ourselves to account. We will update this document as necessary.

Your rights and getting in touch

The General Data Protection Regulation gives EU citizens the following rights:

To exercise any of these rights, please contact us at You can find information specific to the services we use or our activities in the relevant sections of this document. We will respond to all requests within 28 days of receiving them.

If you aren’t satisfied by our response, you can contact the Information Commissioner’s Office.