KDBL
  • Services
  • Capabilities
  • Start a conversation
Legal

Privacy Policy

This policy explains how KDBL Ltd collects, uses, shares, and protects your personal data, and the rights you have under UK data protection law.

Version 1.0 Last updated 24 June 2026 Applies to kdbl.co.uk and our services

On this page

  1. 1. Who we are
  2. 2. Scope of this policy
  3. 3. Data we collect
  4. 4. How we use your data
  5. 5. Lawful bases
  6. 6. Who we share data with
  7. 7. International transfers
  8. 8. How long we keep data
  9. 9. How we protect data
  10. 10. Cookies & tracking
  11. 11. Your rights
  12. 12. Children's data
  13. 13. Changes to this policy
  14. 14. Contact & complaints
In short

We are a UK-based enterprise AI consultancy. We collect only the personal data we need — primarily the details you submit through our contact form and limited technical data when you visit our website. We never sell your data, and you have the right to access, correct, or delete the information we hold about you.

1. Who we are

KDBL Ltd ("KDBL", "we", "us", or "our") is a company registered in England and Wales. We are the data controller responsible for your personal data in respect of this website and our consultancy services.

CompanyKDBL Ltd, registered in England and Wales
Company number15430964
Registered officeBartle House, Oxford Court, City Centre, Manchester, M2 3WQ
Data Protection Officerdpo@kdbl.co.uk
ICO registrationICO:00014552113

We have appointed a Data Protection Officer (DPO) who can be contacted at dpo@kdbl.co.uk, and we are registered with the UK Information Commissioner's Office (ICO) as a data controller under reference ICO:00014552113. If you have any questions about this policy or how we handle your data, please contact us using the details in section 14.

2. Scope of this policy

This policy applies to personal data we process as a controller — for example, when you browse our website, contact us, or enter into a consultancy or licensing relationship with us.

Where we process personal data on behalf of a customer (for example, data processed within software we license or operate for that customer), we act as a data processor. In those cases, the customer is the controller and their own privacy notice applies; our processing is governed by our customer agreement and a separate Data Processing Agreement. See our Terms of Use for more detail.

3. Data we collect

Information you give us

  • Contact and enquiry data — your name, email address, company name, and the contents of any message you submit through our contact form or send to us by email.
  • Business relationship data — information exchanged when scoping, contracting, or delivering a project, including the details of named contacts at customer organisations.

Information we collect automatically

  • Technical data — your IP address, browser type and version, device information, and the pages you visit, collected through standard server logs and any analytics we use.
  • Usage data — limited information about how you interact with our website, used to keep it secure and to improve it.

We do not intentionally collect special category data (such as health, racial or ethnic origin, or political opinions) through this website, and we ask that you do not include such information in messages to us unless strictly necessary.

4. How we use your data

  • To respond to your enquiries and provide the information or services you request.
  • To negotiate, enter into, and perform contracts for our consultancy and software services.
  • To manage our relationship with you, including administration, invoicing, and support.
  • To operate, secure, and improve our website and services.
  • To send you relevant business communications where you have asked us to or where we are lawfully permitted to do so.
  • To comply with our legal, regulatory, and accounting obligations.

5. Lawful bases for processing

Under the UK GDPR, we rely on the following lawful bases:

Responding to enquiriesOur legitimate interests (to answer prospective and existing clients) and, where applicable, steps taken at your request before entering a contract.
Delivering our servicesPerformance of a contract with you or your organisation.
Website security & improvementOur legitimate interests in running a secure, effective website.
Marketing communicationsYour consent, or our legitimate interests in business-to-business marketing (you can opt out at any time).
Legal & regulatory complianceCompliance with a legal obligation to which we are subject.

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You may object to this processing — see section 11.

6. Who we share data with

We do not sell your personal data. We share it only where necessary, with:

  • Service providers and processors who help us run our business — for example, our form-handling provider (Web3Forms), email and productivity providers, hosting and infrastructure providers, and analytics providers. These parties act on our instructions under appropriate contractual safeguards.
  • Professional advisers such as accountants, auditors, and lawyers, where reasonably required.
  • Authorities and regulators where we are required to disclose data by law.
  • Successors in the event of a merger, acquisition, or sale of our business, subject to appropriate confidentiality protections.

Our website contact form is processed by Web3Forms, which forwards your submission to us by email. Our website also loads fonts and libraries from third-party content delivery networks (such as Google Fonts), which may receive your IP address as a technical necessity of delivering those resources.

7. International transfers

We are based in the UK and aim to keep personal data within the UK or European Economic Area (EEA). Some of our service providers may process data outside the UK/EEA. Where that happens, we ensure appropriate safeguards are in place — such as an adequacy decision, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with the UK Addendum — so that your data receives an equivalent level of protection.

8. How long we keep data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

  • Enquiries that do not lead to a relationship — typically up to 24 months, then deleted.
  • Customer and contract records — for the duration of the relationship and for up to 6 years afterwards, to meet contractual and tax obligations.
  • Website logs and analytics — typically retained for up to 26 months.

When data is no longer required, we securely delete or anonymise it.

9. How we protect your data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure, consistent with Article 32 of the UK GDPR. These include access controls, encryption in transit, supplier due diligence, and staff confidentiality obligations. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.

10. Cookies & tracking

Our website uses only the cookies and similar technologies necessary to make the site function and to keep it secure. Where we use non-essential cookies — for example, for analytics — we will request your consent and you can withdraw it at any time. You can also control cookies through your browser settings, though disabling some cookies may affect how the site works.

11. Your rights

Under UK data protection law, you have the right to:

  • Be informed about how your data is used (this policy).
  • Access the personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure of your data in certain circumstances ("right to be forgotten").
  • Restrict our processing of your data in certain circumstances.
  • Data portability — to receive your data in a structured, commonly used, machine-readable format.
  • Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent at any time, where processing is based on consent.
  • Not to be subject to solely automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, contact our Data Protection Officer at dpo@kdbl.co.uk. We will respond within one month. There is normally no charge, although we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive. We may need to verify your identity before acting on a request.

12. Children's data

Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The current version and its "last updated" date are shown at the top of this page. We encourage you to review it periodically. Material changes will be highlighted where appropriate.

14. Contact & complaints

If you have questions about this policy or wish to exercise your rights, please contact:

Data Protection Officerdpo@kdbl.co.uk
General enquiriescontact@kdbl.co.uk
PostKDBL Ltd, Bartle House, Oxford Court, City Centre, Manchester, M2 3WQ

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you are unhappy with how we have handled your data. We would, however, appreciate the chance to address your concerns first.

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 · ico.org.uk

KDBL

Innovative enterprise AI solutions & specialist consulting.

Microsoft Partner
Services Capabilities Contact Documentation Privacy Policy Terms of Use

© 2026 KDBL. All rights reserved.

contact@kdbl.co.uk