We are a UK-based enterprise AI consultancy. We collect only the personal data we need — primarily the details you submit through our contact form and limited technical data when you visit our website. We never sell your data, and you have the right to access, correct, or delete the information we hold about you.
1. Who we are
KDBL Ltd ("KDBL", "we", "us", or "our") is a company registered in England and Wales. We are the data controller responsible for your personal data in respect of this website and our consultancy services.
| Company | KDBL Ltd, registered in England and Wales |
|---|---|
| Company number | 15430964 |
| Registered office | Bartle House, Oxford Court, City Centre, Manchester, M2 3WQ |
| Data Protection Officer | dpo@kdbl.co.uk |
| ICO registration | ICO:00014552113 |
We have appointed a Data Protection Officer (DPO) who can be contacted at dpo@kdbl.co.uk, and we are registered with the UK Information Commissioner's Office (ICO) as a data controller under reference ICO:00014552113. If you have any questions about this policy or how we handle your data, please contact us using the details in section 14.
2. Scope of this policy
This policy applies to personal data we process as a controller — for example, when you browse our website, contact us, or enter into a consultancy or licensing relationship with us.
Where we process personal data on behalf of a customer (for example, data processed within software we license or operate for that customer), we act as a data processor. In those cases, the customer is the controller and their own privacy notice applies; our processing is governed by our customer agreement and a separate Data Processing Agreement. See our Terms of Use for more detail.
3. Data we collect
Information you give us
- Contact and enquiry data — your name, email address, company name, and the contents of any message you submit through our contact form or send to us by email.
- Business relationship data — information exchanged when scoping, contracting, or delivering a project, including the details of named contacts at customer organisations.
Information we collect automatically
- Technical data — your IP address, browser type and version, device information, and the pages you visit, collected through standard server logs and any analytics we use.
- Usage data — limited information about how you interact with our website, used to keep it secure and to improve it.
We do not intentionally collect special category data (such as health, racial or ethnic origin, or political opinions) through this website, and we ask that you do not include such information in messages to us unless strictly necessary.
4. How we use your data
- To respond to your enquiries and provide the information or services you request.
- To negotiate, enter into, and perform contracts for our consultancy and software services.
- To manage our relationship with you, including administration, invoicing, and support.
- To operate, secure, and improve our website and services.
- To send you relevant business communications where you have asked us to or where we are lawfully permitted to do so.
- To comply with our legal, regulatory, and accounting obligations.
5. Lawful bases for processing
Under the UK GDPR, we rely on the following lawful bases:
| Responding to enquiries | Our legitimate interests (to answer prospective and existing clients) and, where applicable, steps taken at your request before entering a contract. |
|---|---|
| Delivering our services | Performance of a contract with you or your organisation. |
| Website security & improvement | Our legitimate interests in running a secure, effective website. |
| Marketing communications | Your consent, or our legitimate interests in business-to-business marketing (you can opt out at any time). |
| Legal & regulatory compliance | Compliance with a legal obligation to which we are subject. |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You may object to this processing — see section 11.
6. Who we share data with
We do not sell your personal data. We share it only where necessary, with:
- Service providers and processors who help us run our business — for example, our form-handling provider (Web3Forms), email and productivity providers, hosting and infrastructure providers, and analytics providers. These parties act on our instructions under appropriate contractual safeguards.
- Professional advisers such as accountants, auditors, and lawyers, where reasonably required.
- Authorities and regulators where we are required to disclose data by law.
- Successors in the event of a merger, acquisition, or sale of our business, subject to appropriate confidentiality protections.
Our website contact form is processed by Web3Forms, which forwards your submission to us by email. Our website also loads fonts and libraries from third-party content delivery networks (such as Google Fonts), which may receive your IP address as a technical necessity of delivering those resources.
7. International transfers
We are based in the UK and aim to keep personal data within the UK or European Economic Area (EEA). Some of our service providers may process data outside the UK/EEA. Where that happens, we ensure appropriate safeguards are in place — such as an adequacy decision, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with the UK Addendum — so that your data receives an equivalent level of protection.
8. How long we keep data
We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.
- Enquiries that do not lead to a relationship — typically up to 24 months, then deleted.
- Customer and contract records — for the duration of the relationship and for up to 6 years afterwards, to meet contractual and tax obligations.
- Website logs and analytics — typically retained for up to 26 months.
When data is no longer required, we securely delete or anonymise it.
9. How we protect your data
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure, consistent with Article 32 of the UK GDPR. These include access controls, encryption in transit, supplier due diligence, and staff confidentiality obligations. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.
10. Cookies & tracking
Our website uses only the cookies and similar technologies necessary to make the site function and to keep it secure. Where we use non-essential cookies — for example, for analytics — we will request your consent and you can withdraw it at any time. You can also control cookies through your browser settings, though disabling some cookies may affect how the site works.
11. Your rights
Under UK data protection law, you have the right to:
- Be informed about how your data is used (this policy).
- Access the personal data we hold about you.
- Rectification of inaccurate or incomplete data.
- Erasure of your data in certain circumstances ("right to be forgotten").
- Restrict our processing of your data in certain circumstances.
- Data portability — to receive your data in a structured, commonly used, machine-readable format.
- Object to processing based on legitimate interests or direct marketing.
- Withdraw consent at any time, where processing is based on consent.
- Not to be subject to solely automated decision-making that produces legal or similarly significant effects.
To exercise any of these rights, contact our Data Protection Officer at dpo@kdbl.co.uk. We will respond within one month. There is normally no charge, although we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive. We may need to verify your identity before acting on a request.
12. Children's data
Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
13. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. The current version and its "last updated" date are shown at the top of this page. We encourage you to review it periodically. Material changes will be highlighted where appropriate.
14. Contact & complaints
If you have questions about this policy or wish to exercise your rights, please contact:
| Data Protection Officer | dpo@kdbl.co.uk |
|---|---|
| General enquiries | contact@kdbl.co.uk |
| Post | KDBL Ltd, Bartle House, Oxford Court, City Centre, Manchester, M2 3WQ |
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you are unhappy with how we have handled your data. We would, however, appreciate the chance to address your concerns first.
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 ·
ico.org.uk