KEW DATA
Privacy Policy
Company: KEW DATA CONSULTANTS LTD (trading as KEWData / kewdata.ai)
Company No.: 15188400
Registered office: 60 Garden Road, Richmond, England, TW9 4NR
Contact: privacy@kewdata.ai
Last updated: 17 October 2025
1. Who we are
KEW DATA CONSULTANTS LTD (“KEWData”, “we”, “us”) provides cybersecurity and data privacy consulting and related software and services via kewdata.ai
2. How to contact us
Data Protection Lead: KEWData
Email: privacy@kewdata.ai
Postal: 60 Garden Road, Richmond, England, TW9 4NR
You can also complain to the UK Information Commissioner’s Office (ICO) if you are
unhappy with how we have used your data
3. What personal data we collect
- Account and contact data: name, email, company, role, phone.
- Website and device data: IP address, cookie identifiers, pages viewed, referral information, browser type and version, time zone.
- Enquiries and support: form or calendar booking details, messages, meeting metadata.
- Marketing preferences: subscriptions, consent records, optouts.
- Payments (if applicable): processed by Stripe; we receive limited billing metadata (e.g. last 4 digits, expiry month/year, billing postcode, transaction ID).
- AI features (if applicable): prompts/inputs you submit and the outputs we return. We do not use your data to train our models unless you explicitly opt in.
4. Purposes and lawful bases
| Purpose | Examples | Lawful basis |
|---|---|---|
| Provide website/services and respond to enquiries |
Contact forms, demo bookings, support |
Contract / steps to enter a contract |
| Security and performance | Fraud prevention, uptime, logs |
Legitimate interests |
| Analytics (non–essential) | Understand usage | Consent (via cookie banner) |
| Marketing | Newsletters and updates | Consent; or legitimate interests (soft opt–in for existing B2B customers)with opt-out |
| Compliance | Tax, accounting, defence of legal claims |
Legal obligation / legitimate interests |
| AI features (optional) | Process your inputs; improve features only if you opt in |
Contract and/or consent |
5. Sharing of personal data
We share data with service providers (hosting, email, CRM/marketing, analytics, payments, security), professional advisers, and where required by law or to protect our rights. We do not sell personal data.
6. International transfers
We prefer UK/EU hosting. Where data is transferred outside the UK/EU, we use lawful safeguards such as the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs), together with appropriate technical and organisational measures.
7. Retention
- Enquiries and sales leads: up to 24 months from last contact.
- Contracts and finance: 6 years from end of contract.
- Support tickets/logs: 12–24 months.
- Marketing consents: until you unsubscribe or after 24 months of inactivity.
- Access logs (security): around 12 months
8. Your rights
You may have rights to access, rectify, erase, restrict or object to processing, and to data portability. Where we rely on consent, you can withdraw it at any time. To exercise your rights, email privacy@kewdata.ai. You also have the right to complain to the ICO.
9. Cookies
See our Cookie Policy at kewdata.ai/cookie-policy. Nonessential cookies load only with your consent. You can change your choices at any time via “Cookie settings” in the site footer.
10. Security
We use encryption in transit and at rest, access controls (including MFA), logging/monitoring, supplier due diligence, and an incident response process.
12. Changes to this policy
We do not make decisions with legal or similarly significant effects solely by automated means
11. Automated decisionmaking
We may update this policy from time to time. Material changes will be highlighted on this page.
