Privacy Policy

We know. Nobody reads this. You're already scrolling to find the part that matters. Respect. Here's the short version: we don't sell your data, we don't spam you, and we treat your information the way we treat a good brief, with care and no leaks.

The long version follows. It's actually readable. We tried.

1. Who We Are (and why that matters here)

Kulture (KLTR), powered by Aktiva, is a creative agency based in Barcelona. We design strategies, produce content, and build brand experiences for companies who want to matter.

For the purposes of this policy, we are the data controller — meaning we decide how and why your personal data is processed. If you have questions, concerns, or just want to talk, reach us at: [privacy@kulture.agency] [LINK EMAIL HERE]

2. What We Collect (only what we actually need)

We collect information in three ways:

Information you give us directly:

  • Name and contact details (email, phone, company)

  • Project information submitted through our Brief Us form

  • Messages sent through the contact form

  • Account information if you create a .KLTR member account (name, email, password)

  • Any files or materials you choose to share with us

Information we collect automatically:

  • Basic analytics data (pages visited, time on site, device type)

  • IP address and browser information

  • Cookies and similar tracking technologies (more on those below — yes, there's a whole section)

Information we receive from third parties:

  • If you find us through a referral, we may receive your name and contact from the person who referred you. We promise they said nice things.

We do not collect sensitive personal data (health information, political opinions, biometric data, etc.). We are a creative agency, not the government.

3. Why We Use It (the actual reasons, no jargon)

Purpose

Legal basis

To respond to your Brief Us submission

Legitimate interest / pre-contractual steps

To answer your contact form messages

Legitimate interest

To send you project updates and proposals

Contractual necessity

To manage your .KLTR member account

Contractual necessity

To deliver exclusive content and event invitations to members

Contractual necessity / Consent

To improve our website and user experience

Legitimate interest

To comply with legal obligations

Legal obligation

To send marketing communications (only with your consent)

Consent

We will never use your data to train AI models, sell to third parties, or fill your inbox with newsletters you didn't ask for. We have enough of those ourselves.

4. Cookies (the only ones we won't offer you with coffee)

We use cookies to understand how people use our website. This helps us make it better.

The cookies we use:

  • Essential cookies: these make the site function, including keeping you logged in to your .KLTR account. Disabling them would break things. We'd rather you didn't.

  • Analytics cookies: these tell us which pages people visit and how long they stay. We use this to improve the experience. No personal profile is built from this data.

  • Preference cookies: these remember your settings (like dark mode, if applicable). Small things. Important things.

We do not use advertising cookies or sell data to ad networks. Trends die here. Surveillance capitalism can follow.

You can manage cookie preferences at any time through your browser settings. If you'd like to opt out of analytics tracking specifically, let us know at [privacy@kulture.agency]. [LINK EMAIL HERE]

5. Who We Share It With (a short list)

We work with a small number of trusted third-party services to run our website and operations. These include:

  • Website hosting providers

  • Analytics platforms (anonymised data only)

  • Email and communication tools

  • Project management software

  • Authentication providers (for .KLTR member account login security)

All third-party providers are contractually bound to handle your data in compliance with GDPR. We do not share your data with anyone outside this list without your explicit consent.

We will disclose data if required to do so by law. We will not enjoy it.

6. How Long We Keep It (we're not hoarders)

Data type

Retention period

Brief Us submissions

2 years from submission, or duration of client relationship

Contact form messages

1 year from last contact

.KLTR member account data

Duration of account + 1 year after deletion

Analytics data

13 months (standard analytics cycle)

Client project data

5 years from project completion (legal requirement)

Marketing consent records

Until you withdraw consent + 1 year

When data is no longer needed, we delete it. Not archive it. Delete it. There's a difference and we respect it.

7. Your Rights (you have more than you think)

Under GDPR, you have the right to:

  • Access the personal data we hold about you

  • Correct any inaccurate data

  • Delete your data ("the right to be forgotten" — yes, that's the real legal name)

  • Restrict how we process your data

  • Object to processing based on legitimate interest

  • Portability — receive your data in a readable format

  • Withdraw consent at any time for anything you consented to

This includes your .KLTR member account. You can request full deletion of your account and associated data at any time.

To exercise any of these rights, email us at [privacy@kulture.agency]. [LINK EMAIL HERE] We will respond within 30 days. If we take longer, something has gone very wrong and you are allowed to be annoyed.

You also have the right to lodge a complaint with your national data protection authority. In Spain, that's the AEPD (Agencia Española de Protección de Datos). We hope it never comes to that.

8. Data Security (we take this seriously)

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

In plain terms: your brief is not lying around in an unlocked folder. Your .KLTR account credentials are encrypted. Your contact details are not on a Post-it note. We use encrypted connections, access controls, and work with providers who take security as seriously as we take craft.

No system is 100% immune to breaches. If one ever occurs that affects your data, we will notify you within 72 hours as required by law. We will also feel genuinely terrible about it.

9. International Transfers (for the globally minded)

Our operations are based in the EU. Some of our third-party service providers may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

Your data doesn't go places without a reason. Or without paperwork.

10. Changes to This Policy (we'll tell you)

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top. If the changes are significant, we'll let you know directly.

We won't make the font smaller to hide things. We're not that kind of agency.

11. Contact (we're real people)

If you have any questions about this privacy policy (or anything else) reach us at:

Kulture (KLTR) / Aktiva

Barcelona, Spain

**[privacy@kulture.agency]** [LINK EMAIL HERE]

We review every message personally.

Just like the briefs.

© Kulture 2026. All rights reserved. Trends die here.