Data Protection Policy

Date adopted: 31 May 2026. Review date: 31 May 2027.

Purpose

Kabware Services Limited handles personal data lawfully, fairly, and with care. This policy sets out how Kabware protects personal data when it builds software, runs its website, works with customers, and manages supplier or procurement activity.

Kabware will comply with the UK GDPR, the Data Protection Act 2018, and applicable data protection law.

Scope

This policy applies to personal data handled by Kabware as controller or processor. It covers customers, prospects, suppliers, contractors, website visitors, product users, and people whose data may appear in customer-provided documents or workflows.

Principles

Kabware will follow the UK GDPR principles:

  • lawfulness, fairness, and transparency;
  • purpose limitation;
  • data minimisation;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality;
  • accountability.

How Kabware Uses Personal Data

Kabware may process personal data to:

  • respond to enquiries;
  • manage customers, suppliers, and contracts;
  • build, test, support, and improve software services;
  • operate websites, applications, and cloud infrastructure;
  • meet legal, accounting, security, and procurement obligations.

Kabware will document the lawful basis for processing where required.

Optional Website Analytics

Kabware does not load browser analytics until you choose to allow it. If you consent, the Kabware and Concordis marketing websites use Microsoft Application Insights with random first-party visitor and session identifiers to understand page visits, campaign sources, calls to action, outbound product links, and contact-form progress.

Analytics includes the website host and route, broad traffic classification, allowlisted UTM campaign values, referrer hostname, and success or failure categories. It does not include your name, email address, contact-form message or other form contents, full referrer URLs, payment details, advertising identifiers, or raw IP addresses supplied by the browser code.

The visitor identifier is stored in your browser's local storage and the session, campaign, and traffic values are stored in session storage. Identifiers are scoped to the website origin and are not used to build a profile across Kabware products.

You can decline analytics or use the Analytics preferences control in the website footer to withdraw consent. Withdrawal stops browser analytics and removes the analytics identifiers and session context from that browser. Your versioned choice and timestamp remain in first-party storage so the site can respect it.

Security

Kabware will protect personal data using controls that fit the risk and the scale of the company. These may include access control, encryption, secure cloud services, password management, least-privilege access, patching, backups, and logging.

Kabware will limit access to personal data to people and systems that need it for a clear business purpose.

Customer Data And AI Services

Where Kabware processes customer documents, prompts, records, or operational data for an AI-enabled service, Kabware will use the data only for the agreed service purpose unless the customer gives clear permission for another use.

Kabware will not use customer confidential data to train public AI models unless a customer contract permits it.

Kabware will design AI workflows with attention to access control, human review, data minimisation, and output quality.

Processors And Suppliers

Kabware may use cloud, hosting, communications, analytics, payment, or professional service suppliers. Kabware will choose suppliers with appropriate security and data protection controls.

Where required, Kabware will put processor terms in place before sharing personal data with a supplier that processes personal data on Kabware's behalf.

Individual Rights

People may have rights to access, correct, erase, restrict, object to, or receive a copy of their personal data. Kabware will respond to valid requests within the time required by law.

Requests should be sent to info@kabware.co.uk.

Incidents

Kabware will record personal data incidents, investigate them, and take corrective action. Where a breach creates a legal reporting duty, Kabware will notify the Information Commissioner's Office and affected people as required.

Responsibility And Review

The Director is responsible for this policy, data protection records, supplier checks, and responding to data protection requests.

Kabware will review this policy at least once a year, and sooner if law, services, suppliers, or processing activities change.