Legal

Privacy Policy

Last updated: 26 May 2026. How we handle personal data on kenniswiserconsulting.com and through our advisory engagements.

1. Who is the controller

Kennis Wiser Consulting Ltd ("we," "us," "our") is the controller for personal data collected through this site and through our advisory engagements. We are registered in England.

2. What we collect and why

We collect three categories of personal data:

  • Contact-form submissions. When you use the form on our contact page, we collect your name, email, organisation (optional), and the message you send. We use this to respond to your enquiry. Lawful basis: legitimate interest in responding to people who contact us.
  • Calendar bookings. When you book a scoping call, we collect your name, email, organisation, and any notes you provide. We use this to schedule and run the call. Lawful basis: steps taken to enter into a contract at your request.
  • KORA AI assistant interactions. If you chat with KORA, the conversation transcript is processed by the Kennis OS Kora runtime. We use this only to respond to your questions in the moment; transcripts are retained for service operation and quality review, not for advertising or profiling. Lawful basis: legitimate interest in providing the assistant.

We also use anonymised analytics on this site once you opt in via the cookie consent banner — see our Cookie Policy.

3. Who we share data with

We share personal data only with service providers we engage to operate the Site:

  • Vercel — site hosting (United States, with EU data processing where available).
  • Cloudflare — DNS, edge networking, domain registration.
  • Septimius — form intake, scheduling, CRM (UK/EU processing).
  • KORA / Kennis OS — AI assistant runtime, which may forward queries to a model provider (currently Anthropic or OpenAI) under strict data-processing terms.

We do not sell personal data, and we do not share it with advertising networks.

4. How long we keep it

  • Contact-form messages and calendar bookings: 24 months from last interaction, then deleted or anonymised.
  • KORA transcripts: 90 days for quality review, then anonymised.
  • If we enter into a client engagement with you, your contact data is kept for the duration of the engagement plus 6 years (UK statutory retention).

5. Your rights (UK GDPR)

You have the right to:

  • Access the personal data we hold about you;
  • Ask us to correct it if it is inaccurate or incomplete;
  • Ask us to delete it (subject to overriding legal obligations);
  • Object to processing based on legitimate interest;
  • Withdraw consent at any time (where consent is the lawful basis — e.g. analytics cookies);
  • Lodge a complaint with the UK Information Commissioner's Office (ICO).

To exercise any of these, use our contact form.

6. International transfers

Some service providers (notably Vercel and AI model providers) process data in the United States. Where this happens, the transfer is covered by the EU Standard Contractual Clauses (with the UK addendum) and a supplementary risk assessment as required under the UK GDPR.

7. Security

We use TLS for all data in transit, scoped access tokens for our service-provider integrations, and least-privilege access internally. We notify affected individuals and the ICO of qualifying data breaches within 72 hours.

8. Changes

We update this policy when our processing changes. The version currently in force always lives at this URL with the "last updated" date at the top.