What we collect
We may collect and store any information you choose to give us, plus the technical data your browser or e-mail automatically supplies (IP address, user-agent string, referral source, time-zone, pages viewed, clicks, and similar diagnostic logs).
Where you become a client or ask for a quotation we also process the usual business contact details, engagement scope, invoices, payments and related correspondence.
Why we use it
Our lawful bases under the UK GDPR are:
• Contract – to provide quotations, perform a contract or take steps at your request.
• Legitimate interests – to run and protect our business, keep records, improve the site and defend legal claims.
• Legal obligation – to satisfy tax, accounting and regulatory duties.
We do not rely on consent except where we send optional marketing; you may unsubscribe at any time.
Sharing and transfers
We keep data strictly in-house except for trusted service providers who host our website, e-mail and accounting systems, professional advisers, and authorities who lawfully require it. Some suppliers operate outside the UK/EEA; where they do, we use contracts or adequacy regulations that UK law recognises.
We never sell your data.
Retention
Records created for accounting or contractual purposes are kept for seven years after the financial year in which they arise (or longer if a dispute seems reasonably possible). Routine server logs are purged within 12 months unless we reasonably need them for security or legal purposes.
Your rights
You may ask us to access, correct, erase, restrict or port your personal data, or object to processing based on legitimate interests. These rights are not absolute; we may refuse where UK GDPR allows (e.g. where fulfilling the request would prejudice legal claims or contravene our statutory record-keeping duties).
To exercise any right, e-mail privacy@olliecrow.io. We will respond within one calendar month. If you are unhappy you may complain to the UK Information Commissioner (ico.org.uk), but we would appreciate the chance to resolve matters first.
Security
We apply technical and organisational measures appropriate to the risk, including access controls, encryption in transit, routine patching and periodic credential reviews. No internet transmission is ever 100 % secure; you transmit at your own risk.
Links to other sites
External sites we link to are outside our control; this notice does not cover them.
Changes
We may update this policy at any time. Material changes will be sign-posted on this page; continued use of the site after an update implies acceptance.
Data controller details
Kuma Research Ltd (registered in England & Wales, No 14741387)
Registered office: 1 Cedar Office Park, Cobham Road, Wimborne BH21 7SB
E-mail: privacy@olliecrow.io