Kairo Partners

Privacy Policy

Effective date: 24 February 2026

Who we are: Kairo Partners is a trading name of Nevrast Consulting Ltd (“we”, “us”, “our”). We provide consulting services to SMEs and private equity firms.

  • Controller: Nevrast Consulting Ltd, trading as Kairo Partners

  • Company number: 15924692

  • Registered office: 4th Floor Radius House, 51 Clarendon Road, Watford, Hertfordshire, England, WD17 1HP

  • Website: https://kairo.partners

  • Privacy contact: info@kairo.partners

This policy explains how we process personal data when you visit our website, contact us, or engage our services. Where we handle personal data on behalf of clients (e.g. during discovery or pilots), we act as a processor and our Data Processing Addendum (DPA) governs.

1) The data we collect

1.1 Data you provide directly

  • Contact and identity -- name, work email, phone, job title, company.

  • Enquiries -- messages sent via forms or email, meeting notes, preferences.

  • Bookings -- availability and related metadata if you use our scheduling tool.

  • Contract and billing -- correspondence, purchase orders, invoicing details if you become a client.

  • Recruitment -- CV, cover letter and interview notes if you apply.

1.2 Data collected automatically

  • Technical and usage -- IP address, device and browser type, pages viewed, referrers, session duration.

  • Cookies -- see our Cookie Notice for categories and choices.

1.3 Data from third parties

  • Lead data from referrals, networking sites or public registers.

  • Scheduling metadata from booking tools where used.

We do not intentionally collect special category data (e.g. health or ethnicity) via our website or sales channels. Please do not include it in forms.

2) Why we use your data (purposes and legal bases)

  • To provide our services: responding to enquiries, delivering consulting services and managing relationships.

  • To improve our website and services: understanding usage and developing offerings.

  • For marketing: sending updates or information about services that may be relevant. You may opt out at any time.

  • To comply with legal obligations: meeting regulatory and statutory requirements.

You may object to processing based on legitimate interests at any time. Where we rely on consent, it can be withdrawn at any time.

3) Cookies and analytics

We use essential cookies for site operation and, with consent, analytics cookies to understand usage. Preferences can be managed through the cookie banner at any time. See our Cookie Notice for details.

4) Who we share data with (recipients)

We use third-party processors to operate the website and deliver services. Typical categories include:

  • Website and hosting: Framer, Inc.

  • Analytics: Google Analytics (GA4), consent-based pseudonymous usage statistics.

  • Scheduling: Calendly LLC

  • Email and productivity: Google Workspace

  • File storage and collaboration: Google Drive

  • Professional advisers: accounting and legal advisers where required

Processors are required to protect data appropriately and act only under our instructions. We do not sell personal data.

5) International transfers

Some providers may process data outside the UK or EEA. Where this occurs, we rely on adequacy regulations or appropriate safeguards such as the UK IDTA or EU Standard Contractual Clauses with supplementary measures where required.

6) Security

We apply proportionate technical and organisational safeguards including MFA on core systems, role-based access controls, encryption in transit and at rest as provided by vendors, least-privilege administration, device hardening, logging and access reviews. Access is limited to personnel with a legitimate need.

7) Retention

We retain data only as long as necessary for the purpose collected, including legal and accounting requirements.

Typical periods:

  • Responding to enquiries and providing quotes - 24 months after last contract. Example data: contact details, enquiry text. Legal basis (UK GDPR): legitimate interests (B2B sales) or steps to contract.

  • Providing and managing services - 7 years after project close. Example data: contact details, work product, contracts. Legal basis (UK GDPR): performance of a contract.

  • Booking meetings or events - 24 months after last activity. Example data: name, email, availability, notes. Legal basis (UK GDPR): legitimate interests.

  • Improving sites and services (analytics) - 26 months (or tool default). Example data: pseudonymous usage data. Legal basis (UK GDPR): consent (for non-essential cookies).

  • Sending B2B update and marketing - until you opt-out. Example data: name, work email, role. Legal basis (UK GDPR): legitimate interests (PECR corporate subscribers) or consent.

  • Compliance and record-keeping - 6-7 years. Example data: Invoices, contracts, controller logs. Legal basis (UK GDPR): legal obligation.

  • Security and fraud prevention - up to 24 months. Example data: IP, event logs. Legal basis (UK GDPR): legitimate interests.

Where you opt out of marketing, we retain minimal suppression data to respect that preference.

8) Your rights (UK GDPR)

You may request access, rectification, erasure, restriction, objection including to direct marketing, portability where applicable and withdrawal of consent.

Requests can be sent to info@kairo.partners. We will respond within one month (extendable by two months for complex requests).

Supervisory authority: Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Website: www.ico.org.uk
Telephone: +44 303 123 1113

You can complain to the ICO, but please contact us first so we can try to resolve your concern.

9) B2B marketing and PECR

We may contact corporate subscribers using work contact details about relevant services with an opt-out available. Non-B2B marketing is sent only with consent. Every marketing email includes an unsubscribe link.

10) Children

Our services are intended for adults in a business context. We do not knowingly collect children’s data.

11) Third-party links

Our website may link to third-party sites which operate under their own privacy policies. We are not responsible for their practices.

12) Changes to this policy

We may update this policy periodically. The latest version will always appear at /privacy with the effective date noted. Material changes will be highlighted on the site.

13) Contact

Questions or requests regarding this policy or data rights:

Email: info@kairo.partners

Post: Data Protection, Nevrast Consulting Ltd (trading as Kairo Partners),
4th Floor Radius House, 51 Clarendon Road, Watford, Hertfordshire, England, WD17 1HP

Notes for clients

Where we process personal data on your behalf, we do so under a Data Processing Addendum (DPA) that sets out roles, security measures, sub-processors, and international transfer mechanisms. We will align with your security questionnaires and vendor due diligence as needed.

 

This policy is provided for general information and is not legal advice. Please consult your legal counsel for obligations specific to your organisation.

© 2026 Kairo Partners. All rights reserved.

Insights

Privacy Policy

Terms & Conditions

Cookie Notice

Data Protection Addendum