LEGAL
How Kampa Advisors Limited collects, uses and protects personal data, with a professional approach to confidentiality, GDPR compliance and information security.
Last updated: May 2026
Kampa Advisors Limited is committed to protecting personal information and handling it responsibly, securely and transparently.
This Privacy Policy explains how we collect, use, store and protect personal data when individuals contact us, use our website, engage with our services, or otherwise interact with Kampa Advisors Limited.
Kampa Advisors operates within compliance-critical industrial environments and recognises the importance of confidentiality, information security and data protection. Our approach is informed by professional governance standards, including ISO-certified management systems, information security controls and good practice in the handling of confidential and personal information.
This policy is provided for review and may be updated from time to time.
Kampa Advisors Limited is a UK-based consultancy providing advisory, governance, project delivery, compliance and industrial transformation support.
For the purposes of UK data protection law, Kampa Advisors Limited is the data controller for personal data collected through this website and through our direct business interactions.
We may collect and process personal data where it is necessary for legitimate business, contractual, legal or communication purposes.
This may include:
We do not intentionally collect special category personal data through our website. If such information is provided voluntarily, we will only process it where there is a lawful basis to do so and where appropriate safeguards are in place.
We may collect personal data when you:
We may also receive personal data from organisations we work with, including clients, suppliers, contractors, professional advisers and other project stakeholders, where this is necessary for the delivery of services or legitimate business activity.
We use personal data only where we have a lawful basis to do so.
We may use personal data to:
Depending on the circumstances, we may process personal data under one or more of the following lawful bases:
Where processing is necessary to enter into or perform a contract with you or your organisation.
Where processing is necessary for our legitimate business interests, including responding to enquiries, managing professional relationships, delivering services, maintaining records, protecting our business and improving our operations, provided those interests are not overridden by individual rights and freedoms.
Where processing is required to comply with applicable legal, regulatory, tax, accounting or reporting obligations.
Where consent is required, for example for certain marketing communications or non-essential cookies. Where consent is relied upon, it can be withdrawn at any time.
Kampa Advisors Limited recognises that many of the environments in which it operates involve commercially sensitive, operationally sensitive or compliance-critical information.
We take confidentiality and information security seriously and apply appropriate technical, organisational and procedural measures to protect personal data and confidential information.
These measures may include:
Where applicable, our approach is aligned with recognised management system principles, including information security management and confidentiality controls.
Kampa Advisors Limited operates with a professional approach to information security and confidentiality.
Where ISO-certified management systems are referenced by Kampa Advisors Limited, these support the organisation’s approach to governance, operational discipline, information security, quality, environmental management and occupational health and safety.
ISO 27001 relates to information security management and provides a structured framework for managing information security risks. While no organisation can guarantee absolute security, Kampa Advisors Limited takes reasonable and proportionate steps to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
We do not sell personal data.
We may share personal data where necessary with:
Where we use third-party service providers, we take reasonable steps to ensure they handle personal data securely and only process it for appropriate purposes.
Where possible, we aim to use systems and providers that process personal data within the UK or the European Economic Area.
Where personal data is transferred outside the UK or EEA, we will take reasonable steps to ensure that appropriate safeguards are in place. This may include relying on adequacy regulations, standard contractual clauses or other legally recognised transfer mechanisms.
We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, contractual, accounting, reporting or legitimate business requirements.
Retention periods may vary depending on the type of information and the context in which it was collected.
For example:
When personal data is no longer required, we will delete, anonymise or securely archive it as appropriate.
Under UK data protection law, individuals have rights in relation to their personal data.
These may include the right to:
These rights are subject to certain legal limitations and exemptions.
To exercise your rights, please contact us using the details provided in this policy.
We may occasionally send business-related communications to existing clients, contacts or professional stakeholders where we believe there is a legitimate interest in doing so.
Where consent is required for marketing communications, we will seek consent before sending them.
You can ask us to stop sending marketing communications at any time by contacting us directly or using any unsubscribe option provided.
Our website may use cookies or similar technologies to support functionality, improve performance, understand website usage and assist with security.
Cookies are small text files placed on your device when you visit a website.
Some cookies may be essential for the website to function correctly. Others, such as analytics or marketing cookies, will only be used where appropriate consent has been obtained.
Further information is provided in our Cookie Policy.
Our website may contain links to external websites or third-party resources.
We are not responsible for the privacy practices, security or content of external websites. Visitors should review the privacy policies of any external websites they visit.
If a personal data breach occurs, we will assess the nature and potential impact of the incident.
Where required by law, we will notify the Information Commissioner’s Office and affected individuals within the relevant timescales.
We will also take appropriate steps to contain, investigate and remediate any incident.
Our website and services are intended for business and professional audiences.
We do not knowingly collect personal data from children.
We may update this Privacy Policy from time to time to reflect changes in our business, legal obligations, website functionality or data protection practices.
The latest version will be published on this page with the updated date shown above.
For questions about this Privacy Policy or how we handle personal data, please contact:
You also have the right to complain to the UK Information Commissioner’s Office if you are unhappy with how your personal data has been handled.
Website: ico.org.uk
Required for the website to work and always active.
