Privacy Policy


This privacy policy sets out how Kirari QMS Ltd. uses and protects any information that you give to Kirari QMS Ltd., for example when you use our website ( or contact us by email. Kirari QMS Ltd. is a company offering Business to Business services in consultancy, outsourcing and training and so will only process the personal data of Clients, Potential Clients and visitors to our website for this purpose on a lawful basis as described in this Policy.

Kirari QMS Ltd. is committed to ensuring that your privacy is protected and to compliance with the General Data Protection Regulation (GDPR) taking effect from 25th May 2018. This Privacy Policy sets out what data we hold and why, and the relevant procedures regarding our processing of your data. We will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.

Our Use of Your Personal Data

We use your personal data to assist us in answering your enquiries about our services, and to provide you with information about our services. We also process your personal data to provide you with the services that you have requested and to fulfil any contract with you.

  • We respect your personal data and take its security very seriously.
  • We only hold what data we need for the purpose for which we obtained it (see “What Data We Hold” below).
  • We hold your data only on a lawful basis, where you have given your consent and/or for legitimate interests in connection with starting, developing, fulfilling or growing Business to Business activity (see “How We Use Your Personal Data” below).
  • The extent of personal data we hold will be commensurate with the lawful basis above
  • We delete your data when it has reached the end of its retention period.
  • You have privacy rights.
  • We are happy to answer your questions. Our contact details can be found at the end of this notice.
  • We will not share your information with any other party other than those required to fulfil our legitimate business interest with you, or if so required to fulfil our legal obligations.

Your Rights

You have rights in respect of our processing of your personal data, which are summarised below:

  • To access your personal data and information about our processing of it.  You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
    • we no longer need it, or
    • we are processing your personal data by consent and you withdraw that consent, or
    • we no longer have a legitimate reason to process your personal data, or
    • we are processing your personal data unlawfully
  • To object to our processing if it is by legitimate interest.
  • To restrict our processing if it was by legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out by automated means.

If you want to exercise any of these rights, please contact us using the details at the end of this notice.

You can find more information regarding your rights at the website of the UK Information Commissioner’s Office ( You also have the right to lodge a complaint about our processing with the UK Information Commissioner’s Office.

What Data We Hold

We only hold personal data that is directly relevant to our dealings with you, and associated relevant business information.  That data will be collected, held, and processed in accordance with data protection principles and with this Policy.  The following data may be collected, held and processed by the Company:

If you approach us for an enquiry or for a quotation that you do not accept, we will process your name, email address and the contact information which you have provided to us.

If you obtain services from us, we will process your name, address, email and contact details and payment information.

If you consent to receive our marketing, via the website or by having a quotation or by obtaining services from us, we will process your name, email address and contact details and IP address.

If you opt-out of receiving marketing information, then we will process your name and email address so that we don’t market to you again.

How We Use Your Personal Data

References to the legal basis for processing of your personal data are made to Article 6 of the GDPR. Each piece of personal data that we process must have a legal basis:

(i) To deal with enquiries or for a quotation that you do not accept

Under Article 6 (b) Contract: we need to use your details to follow up with you and this processing is necessary in order for us to take steps at your request prior to entering into a contract. Under Article 6 (f) Legitimate Interests: our legitimate interest is for business planning and business development.

If you call us or email us, we will follow up on your enquiry and see how we can help you. We delete your data after answering an enquiry in line with our retention period if you do not choose to request a quotation or to remain as a potential client.

If you provide us with information for a quotation and then do not accept the quotation, we will keep a record of your enquiry.

(ii) If you obtain services from us

Under Article 6(b) Contract we will need to process your data for the performance of the contract.

In order to fulfil the contract for our services, we will need to process your personal data, which we will retain for seven years due to HMRC requirements.

(iii) Marketing information and consent via our website

Under Article 6 (a) Consent: you have consented to the processing of your personal data for this purpose. Under Article 6 (f) Legitimate Interests: our legitimate interest is for business planning and business development purposes which includes sending you information about similar services to those which you have purchased, or those which may be relevant for your organisation, and keeping a record of those who have opted out of marketing.

We would like to send you information about our services and will send you this with your consent, for example if you “Opt In” via our website contacts page or consent in writing or email.

If you have a quotation from us or buy from us, we may send you information about similar services or other services which may be relevant to your business. Our processing in this case is without your consent but you can always opt out at any time.

If you do opt out of marketing, we will keep your name and email address and mark them as ‘do not mail’ so that you will not receive any further marketing communications.

(iv) Technical data

Under Article 6(c) Legal Obligation: we have a legal obligation to protect the data of our clients and our staff. Under Article 6(f) Legitimate Interests strategy planning is a legitimate activity for a business.

We use the logs from our servers to help with our company’s security as well as to look at visitor behaviour (e.g. which website pages get the most traffic or are the most popular). When someone visits our website ( we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

(v) Your data and transfers outside of the EEA

We do not transfer or process any data outside the European Economic Area.

(vi) Third parties

As a client or potential client, we will not transfer your personal data to third parties except the following:

  • Companies that provide services to us. For example, our telephone service providers will get to see your phone number if we call you and our broadband supplier could see your email address (but not the content of what you send us, if you encrypt it).
  • Hosting, platform and cloud service providers and accountancy software. We use a number of service providers, for example our email providers, website host Krystal Hosting, Word Press, Google, Microsoft Office 365 and FreeAgent.
  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order.  If you do not pay our invoices for the services we have provided, we may choose to engage a third party to recover any money you owe us.

(vii) Call recording

We do not record phone calls.

(viii) Sensitive Personal Data

We do not process “sensitive personal data” such as personal data relating to your racial or ethnic origin, your political opinions, your religious beliefs, your sexual life, your health, etc.

(viii) Cookies

Our website uses cookies to allow web applications to respond to you as an individual. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

(ix) Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question to ensure that it complies with the GDPR.

Retention Periods

This is the length of time that we will continue to process or store your personal data:

  • Data about prospective clients: retention for 12 months after the duration of the enquiry, in case you come back.
  • Data about clients: seven years for HMRC and accounting purposes
  • Marketing purposes: for as long as you consent to receive marketing information

Privacy Policy Contact

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the details set out below:

David Poxon, Director and Principal Consultant

Kirari QMS Ltd.

Registered Address: 25 Carpalla, Foxhole, St Austell, Cornwall, PL26 7TY

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We will acknowledge a request you formally make as a “Subject Access Request” within 5 working days and will respond to all legitimate requests within one calendar month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Policy Effectivity and Revisions

This Privacy Policy is deemed to be effective from 22th May 2018. Kirari QMS Ltd may update it from time to time and post the latest revision on our website.