Privacy Notice

Effective date: 1st November 2025

We practice what we preach

At Kuno, we help businesses show their customers that their data is genuinely safe. That starts with how we handle your information.

We're Kuno ("we", "us", "our"), a data protection consultancy based in France with offices in the UK. We respect your privacy and handle personal data in line with the GDPR, UK GDPR and the Data Protection Act 2018.

We are registered as a Data Controller with the Information Commissioner’s Office under reference ZC045840.

This notice explains what information we collect about you, how we use it, and the control you have over it. It applies wherever we decide why and how we process personal data (act as Data Controller). We've written it in plain English because privacy notices should be easy to read.

When we're responsible for your data (and when we're not)

When we are responsible (we're the "controller"): We make the decisions about data we collect from website visitors, potential clients, client contacts, suppliers, training attendees, and other business contacts.

When our clients are responsible (we're the "processor"): When we're working on client projects - like reviewing their data, handling customer rights requests, or helping with incident response - we follow their instructions under a formal agreement.

What personal data we collect and use?

Who What Why Lawful basis
People who contact us via the website or email Name, work email, job title, company, phone number; your preferences; messages you send us To respond to enquiries and send relevant proposals Legitimate interests or contractual necessity
Event registrants/attendees Event registration details; attendance; feedback To run events and training, manage attendance and improve future events Contractual necessity and legitimate interests
Event registrants/attendees (optional info) Dietary requirements; accessibility needs (if you choose to share) To accommodate needs at events Consent (for optional information)
Prospective clients and business contacts Contact details you/your organisation share with us; your stated preferences To share useful insights (event invites, guides, resources) Consent for email marketing; legitimate interests for relevant B2B communications (with opt-out)
Business contacts from other sources Publicly available information (e.g., Companies House, LinkedIn) To verify details, maintain accurate contact records, and reach out where appropriate Legitimate interests
Referred contacts Referrals from colleagues or partners (contact details) To make contact, respond to interest, and provide information about services Legitimate interests
Client representatives and team members Names of key contacts, contact details, company details, financial details; email addresses of your team; any personal data contained in emails shared with us To deliver our services (project management, billing, updates) Contractual necessity and legitimate interests
Clients (records) Tax records, invoices, audit trails, record-keeping data To meet legal and regulatory requirements Legal obligation

What we don't collect:

We don't intentionally collect sensitive personal information through our website or marketing.

Please don't include health information, political views, or other sensitive details in contact forms. We aim to collect the minimal personal data necessary for our purposes.

We don’t use cookies or similar tracking technologies unless they are strictly necessary to make our website work.

When we share your information

We only share your information when necessary and with appropriate protections and with:

Service providers we trust: IT hosting providers, email systems, analytics, video conferencing, and event management. We require them to keep your data confidential and secure with a formal agreement.

Professional advisers and insurers: When needed for legal or business advice.

Law enforcement, regulatory or judicial authorities: Only if required by law or to protect rights and safety.

Event partners: If you register for an event we're running with others (we'll tell you at the time).

International transfers

If we need to transfer your data outside the UK or the EEA, we prioritise partners based in countries that have adequate data protection laws, where this is not possible, we use approved protections like the UK International Data Transfer Agreement or Standard Contractual Clauses, plus additional safeguards as needed.

How long we keep your information

We keep your information only as long as we need it, then securely delete it:

  • Enquiries and potential client information: Up to 12 months after our last interaction
  • Client records and project files: 6-7 years after contract end (for tax and legal requirements)
  • Marketing communications: Until you opt out (we keep a record of your opt-out to respect your choice)
  • Event and training records: Up to 24 months for administration

Your rights

You have control over your personal information:

You can ask us to:

  • Provide you with the Personal Data we have about you
  • Correct information that's wrong
  • Delete your information in certain circumstances
  • Stop or limit how we use your information
  • Give you a copy of your information in a portable format
  • Stop marketing communications at any time

If we're processing your data based on consent, you can withdraw that consent whenever you want.
 
To use these rights: Contact us at dpo@kuno.eu. We may need to verify who you are and clarify what you're asking for.
 
If we're working on a client project involving your data, we'll pass your request to the relevant client who makes the decisions about that data.
 
If you're not happy: You can complain to the Information Commissioner's Office at ico.org.uk or 0303 123 1113. We'd appreciate the chance to resolve any concerns first, though.

How we protect your information

We take security seriously because we know how important your personal data is:

  • Access controls so only the right people can see your data
  • Encryption when data moves between systems
  • Regular security testing and improvements
  • Careful vetting of service providers
  • Logging and monitoring to detect issues
  • Secure development practices for our systems

Children's information

Our website and services are designed for businesses. We don't knowingly collect information from children through our website.

Contact us

Controller:
In France, Kuno SASU
In the UK, Kuno (Wheldon Consultants Ltd).

Email: dpo@kuno.eu

Address:

France:
25 rue Debellyme,
Paris 75004

UK:
1 Claydon Business Park,
Great Blakenham,
Ipswich
IP6 0NL

Updates to this notice

We may update this notice occasionally to reflect changes in our practices or legal requirements. When we do, we'll take appropriate measures to inform you and post the updated version here and change the effective date.
 
Last updated: 1 November 2025