Privacy Notice

We may collect the following categories of personal data:

• Enquiry data: your name, organisation, email address, and the content of messages you submit via our contact form.
• Subscription data: your email address (and optionally your organisation) if you subscribe for updates.
• Technical data: IP address, device and browser information, approximate location (derived from IP), pages visited, and timestamps (via server logs and/or analytics).
• Cookie data: where used, small files stored on your device (see “Cookies & Analytics”).

We do not intentionally collect special category data (e.g., health, religion) and ask you not to submit such information via the site.

We rely on the following lawful bases under UK GDPR:

• Consent: where you subscribe for updates or accept non-essential cookies (if used).
• Legitimate interests: to operate a secure and effective website, respond to requests, and improve our materials and communications. We balance these interests against your rights.
• Contractual steps: where you request information related to consultancy/partnership engagement and we need to process your data to take steps at your request.
• Legal obligation: where applicable (e.g., compliance with lawful requests or record-keeping requirements).

We may share personal data with service providers that help us run the website and communications, including:

• Hosting / infrastructure: Hostinger (website hosting and logs).
• Email delivery / newsletter: Hostinger (subscriber management and email sending).

These providers act as processors under our instructions and are required to protect your data.

Some service providers may process data outside the UK. Where this occurs, we implement appropriate safeguards, such as UK International Data Transfer Agreements (IDTAs), UK Addendum to SCCs, and/or reliance on adequacy decisions where applicable.

• Enquiries: typically retained for up to 24 months, unless a longer period is required for ongoing engagement or record-keeping.
• Subscriptions: retained until you unsubscribe, after which we suppress your email address to prevent re-adding without consent.
• Server logs: typically retained for a limited period (e.g., 30–90 days) unless needed for security investigations.

Retention periods may vary depending on our operational needs and legal requirements.

We may use cookies or similar technologies to operate the site and understand how it is used. Essential cookies are used only where necessary for core functionality.

If you use analytics, add a cookie banner/consent mechanism and list the cookies here (name, purpose, duration). If you do not use analytics, you can remove this section.

Under UK data protection law, you may have rights including:

• Access to your personal data
• Correction of inaccurate or incomplete data
• Erasure (in certain circumstances)
• Restriction of processing (in certain circumstances)
• Objection to processing based on legitimate interests
• Data portability (in certain circumstances)
• Withdrawal of consent (where processing is based on consent)

To exercise your rights, contact us at info@kyoto.network. We may need to verify your identity before responding.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. No internet transmission is completely secure, but we maintain reasonable safeguards to minimise risk.

We may update this notice from time to time. The “Last updated” date at the top of this page indicates when it was most recently revised.