Data Protection Notice

1. Introduction

Kelex Labs Ltd ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We are a UK-based company specialising in cybersecurity, data protection, AI governance, and operational resilience services. As experts in data protection, we hold ourselves to the highest standards of data protection and security.

We are a B2B organisation and do not provide services direct to customers. If you are not a B2B customer you must not input any contact details into any of the forms on this website.

2. Information We Collect

2.1 Information You Provide

We may collect the following personal information when you:

• Contact us through our website or email
• Book a consultation or request our services
• Subscribe to our newsletter or updates
• Participate in surveys or feedback forms

This information may include:

• Name and job title
• Company name and industry
• Email address and phone number
• Business requirements and project details

2.2 Information We Collect Automatically

When you visit our website, we may automatically collect:

• IP address and location data
• Browser type and version
• Pages visited and time spent on site
• Referring website information
• Device information and screen resolution

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

• Providing cybersecurity assessments and consultancy services
• Communicating about your projects and requirements
• Delivering reports and recommendations
• Managing ongoing service relationships

3.2 Business Operations

• Responding to inquiries and support requests
• Scheduling consultations and meetings
• Processing payments and invoicing
• Maintaining business records

3.3 Marketing and Communications

• Sending relevant industry updates and insights
• Informing you about new services or offerings
• Inviting you to events or webinars
• Improving our website and user experience

4. Lawful Basis for Processing

Under UK GDPR, we process your personal data based on:

• Contract: To perform our services and fulfill contractual obligations
• Legitimate Interest: To operate our business, improve our services, and maintain client relationships
• Consent: For marketing communications and optional services (where applicable)
• Legal Obligation: To comply with regulatory requirements and legal duties

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We may engage trusted third-party service providers to assist with:

• Website hosting and technical infrastructure
• Email marketing and communication platforms
• Payment processing and accounting services
• Professional services (legal, audit, etc.)

5.2 Legal Requirements

We may disclose your information if required by law, regulation, or legal process, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

6. Data Security

As cybersecurity experts, we implement robust security measures to protect your personal information:

• Encryption of data in transit and at rest
• Multi-factor authentication for system access
• Regular security assessments and monitoring
• Employee training on data protection practices
• Incident response procedures and breach notification protocols

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but maintain industry-leading practices.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, please contact us using the information provided below.

8. Data Retention

We retain your personal information only for as long as necessary to:

• Fulfill the purposes outlined in this Privacy Policy
• Comply with legal and regulatory requirements
• Resolve disputes and enforce agreements
• Maintain business records as required by law

Typically, we retain client data for 7 years after the end of our business relationship, unless a longer retention period is required by law.

9. International Transfers

Your personal data is primarily processed within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by the ICO
• Binding corporate rules or certification schemes

10. Cookies and Tracking

Our website uses essential cookies to ensure proper functionality. We do not use tracking cookies or third-party analytics without your explicit consent. For more information about our cookie usage, please see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Providing notice during your next interaction with our services

12. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: