Kabware Kabware
Policy

Data Protection Policy

Date adopted: 31 May 2026. Review date: 31 May 2027.

Purpose

Kabware Services Limited handles personal data lawfully, fairly, and with care. This policy sets out how Kabware protects personal data when it builds software, runs its website, works with customers, and manages supplier or procurement activity.

Kabware will comply with the UK GDPR, the Data Protection Act 2018, and applicable data protection law.

Scope

This policy applies to personal data handled by Kabware as controller or processor. It covers customers, prospects, suppliers, contractors, website visitors, product users, and people whose data may appear in customer-provided documents or workflows.

Principles

Kabware will follow the UK GDPR principles:

  • lawfulness, fairness, and transparency;
  • purpose limitation;
  • data minimisation;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality;
  • accountability.

How Kabware Uses Personal Data

Kabware may process personal data to:

  • respond to enquiries;
  • manage customers, suppliers, and contracts;
  • build, test, support, and improve software services;
  • operate websites, applications, and cloud infrastructure;
  • meet legal, accounting, security, and procurement obligations.

Kabware will document the lawful basis for processing where required.

Security

Kabware will protect personal data using controls that fit the risk and the scale of the company. These may include access control, encryption, secure cloud services, password management, least-privilege access, patching, backups, and logging.

Kabware will limit access to personal data to people and systems that need it for a clear business purpose.

Customer Data And AI Services

Where Kabware processes customer documents, prompts, records, or operational data for an AI-enabled service, Kabware will use the data only for the agreed service purpose unless the customer gives clear permission for another use.

Kabware will not use customer confidential data to train public AI models unless a customer contract permits it.

Kabware will design AI workflows with attention to access control, human review, data minimisation, and output quality.

Processors And Suppliers

Kabware may use cloud, hosting, communications, analytics, payment, or professional service suppliers. Kabware will choose suppliers with appropriate security and data protection controls.

Where required, Kabware will put processor terms in place before sharing personal data with a supplier that processes personal data on Kabware's behalf.

Individual Rights

People may have rights to access, correct, erase, restrict, object to, or receive a copy of their personal data. Kabware will respond to valid requests within the time required by law.

Requests should be sent to info@kabware.co.uk.

Incidents

Kabware will record personal data incidents, investigate them, and take corrective action. Where a breach creates a legal reporting duty, Kabware will notify the Information Commissioner's Office and affected people as required.

Responsibility And Review

The Director is responsible for this policy, data protection records, supplier checks, and responding to data protection requests.

Kabware will review this policy at least once a year, and sooner if law, services, suppliers, or processing activities change.