Global Privacy Notice

Last updated: January 2026

Michael Keeling Limited values your privacy and is committed to protecting it. This Privacy Notice explains how we collect, use, share, and store personal information about you. It also outlines your rights regarding your personal data and how to exercise them.

This Privacy Notice applies to personal data we collect through 

www.keelingbusinesssolutions.com 

or other websites that Michael Keeling Limited operates that link to this policy ("collectively Websites”), as well as through our products and related service offerings. If you have any questions or concerns about how we handle your personal data, please contact us using the contact information provided at the end of this document.

The personal information we may collect falls into the following categories:

Information You Provide Voluntarily: Certain areas of our websites may require you to provide personal information willingly, such as when you register for an account, request technical support, subscribe to marketing communications, sign up for events, access content, or submit inquiries. We will clearly inform you of the data we collect and the reasons for collecting it at the point of collection.

Information Collected Automatically: When you visit our websites, we may automatically collect certain information from your device. In some jurisdictions, including those in the European Economic Area, this information may be considered personal data under applicable data protection laws. This information may include your IP address, device type, unique device identifiers, browser type, broad geographic location (country or city level), and other technical data. We may also collect information about how your device interacts with our websites, such as the pages you access and links you click.

Collecting this information allows us to better understand who visits our websites, where they come from, and which content they find most relevant. We use this information for internal analytics and to improve the quality and relevance of our websites for our visitors. Some of this information may be collected using cookies and similar tracking technologies.

Information Obtained from Third Parties: Occasionally, we may receive personal information about you from third-party sources, such as lead generation providers, partners, content syndication providers, third-party enrichment tools, or meeting maker vendors. We only collect information from third parties that have your consent or are otherwise legally permitted to share it with us. The types of information we collect from third parties include name, contact information, job title, company, and internet activity. We use this information to market our services to you.

Sensitive Personal Data: We may collect sensitive personal data, or special category personal data, from our customers in the course of providing our services. We do not use sensitive personal data for any other commercial purpose, we do not sell sensitive personal data, and we do not share sensitive personal data for online advertising.

We are committed to protecting your personal data. We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, use, disclosure, alteration, destruction, or accidental loss.

Who does Michael Keeling Limited Share Your Personal Data With?

We may share your personal data with the following categories of recipients:

  • Our group companies and third-party service providers: We may share your data with our affiliated companies and external service providers who assist us in providing our services and products, supporting our websites, or enhancing their security.

  • Our partners: We may share your data with our partners who collaborate with us in selling or distributing our products and services, or engaging in joint marketing activities, subject to your marketing preferences. We will not share text messaging originator opt-in data and consent with any third parties.

  • Law enforcement, regulatory bodies, and government agencies: We may disclose your data to competent law enforcement bodies, regulators, government agencies, courts, or other third parties when we believe disclosure is necessary to comply with applicable laws or regulations, enforce our legal rights, protect your vital interests or those of others, or investigate potential wrongdoing.
  • Other third parties with your consent: We may disclose your data to other third parties with your explicit consent. We may share this data with the following categories for business purposes or for commercial purposes, including sale/online advertising:

Knowledge of Personal Data Sales:

Michael Keeling Limited has no actual knowledge that it sells or shares the personal information of individuals under 16 years of age.

Legal Basis for Processing Personal Data

The foundation upon which we collect and utilise the personal information described above is contingent on the specific data type and the context in which it is obtained. Typically, we will gather your personal information only if:

  1. We need the data to fulfil our obligations under a contract we have with you.
  2. Our legitimate interests dictate it: Processing personal data is essential to operate our platform and communicate with you as needed. For instance, when responding to your inquiries, analysing platform usage, improving our services, marketing to existing customers within legal limits, and identifying or preventing illegal activities.
  3. You consent: You have granted us explicit authorisation to process your personal data.

In certain situations, we may also be legally obligated to collect your personal information or require it to safeguard your or someone else's vital interests. If we request your personal information to comply with a legal obligation or fulfil a contract, we will clearly inform you at the appropriate time and advise you whether providing your personal information is necessary or not (along with the possible consequences of not providing such data).

If we collect and utilise your personal information based on our legitimate interests (or those of any third party), it will typically be to operate our platform and communicate with you as required. For example, responding to your inquiries, analysing platform usage and improving our services, undertaking marketing activities for existing customers within legal limits, and detecting or preventing illegal activities. We may have other legitimate interests, and we will inform you at the relevant time what those interests are. We rely on these legal bases to process data for the following purposes: to assist in providing services (e.g., customer support and usage data) and to market our services to you within legal limits.

If you have any questions or require further information regarding the legal basis upon which we collect and utilise your personal information, please contact us using the contact information provided under the "How to contact us" heading at the bottom of this notice.

Use of Cookies and Similar Tracking Technology

We operate a privacy first policy and this website uses Plausible Analytics which does not use cookies or similar technologies that require information to be stored on your device. Plausible Analytics focuses on data protection and processes data in a way that protects the privacy of users. By using techniques such as pseudonymization and anonymization, the data is processed in such a way that the privacy of users is largely preserved. We do not use or store any other cookies.

Furthermore, since Plausible Analytics does not collect personal data for advertising purposes or similar, this practice can be regarded as a legitimate interest of the website operator (Art. 6 (1) (f) GDPR) therefore no explicit consent of the user is required, as the processing is carried out in a manner that does not unreasonably prejudice the rights of the user. Additionally Since Plausible Analytics does not store any information on the user’s device, Article 5(3) of the ePrivacy Directive does not require explicit consent.

Plausible Analytics does not use cross-platform tracking and does not pass on data to third parties. It primarily uses data that is recorded by default in server logs, such as requested URLs, access times, HTTP status codes and transferred data volumes. This information is used to analyze website traffic in accordance with the data protection principles of data minimization and storage limitation.

Data processing at Plausible takes place in two steps:

Pseudonymization: When the data is received, it is pseudonymized using a hash function and a regularly changing key (“salt”). This process aims to change personal data in such a way that the persons are no longer directly identifiable, but a distinction between sessions is made possible.

Anonymization after 24 hours: Within 24 hours of pseudonymization, the data is completely anonymized by removing the “salt” so that it can no longer be traced back to the original user data. The remaining data does not allow any direct or indirect identification of persons.

Data Security

Michael Keeling Limited employs appropriate technical and organisational measures to safeguard personal data collected and processed. These measures aim to provide a security level commensurate with the risk associated with handling personal data. 

Michael Keeling Limited data resides on leading cloud service providers (linked on our security page) utilising industry-standard security protocols to protect personal data. Personal data is stored on private servers within a secure security group. End-user to server connections are encrypted using SSL, and server software is updated regularly with the latest security patches.

Data Transfers

Your personal data may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. However, we have taken appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Notice.

Michael Keeling Limited is committed to safeguarding the privacy of personal data transferred from the European Union, United Kingdom, and Switzerland. To ensure compliance with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF"), Michael Keeling Limited has certified that our data processors are compliant with the DPF. These DPA agreements may be referenced here - https://webflow.com/legal/dpa

Michael Keeling Limited is accountable for the personal data it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, even if it is subsequently transferred to a third party. This means that Michael Keeling Limited remains responsible and liable if these third-party agents process the personal data in a manner inconsistent with the principles of the DPFs, unless Michael Keeling Limited can demonstrate that it is not at fault for the resulting harm. 

Data Retention

We retain your personal data as long as we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with legal requirements). When we no longer have a legitimate business need to process your personal data, we will either delete or anonymize it, or if this is not possible, securely store it and isolate it from any further processing.

Your Data Protection Rights

You have the following data protection rights:

  • Access your personal data
  • Correct or update your personal data
  • Request deletion of your personal data
  • Object to the processing of your personal data
  • Restrict the processing of your personal data
  • Request portability of your personal data
  • Opt out of marketing communications
  • Withdraw your consent (if you have given it)
  • Opt out of the sale of your personal data

You can exercise these rights by contacting us using the contact details provided under the "How to contact us" heading at the bottom of this notice.

Sensitive Personal Data

We do not use or disclose your sensitive personal data, except for the purposes of providing services to our customers.

Non-discrimination

We will not discriminate against you for exercising your data protection rights.

Authorised Agent

You can authorise another person to make a data privacy request on your behalf. To do this, you will need to provide us with a written authorization that includes the specific data protection request you want the authorised agent to make.

Data Protection Authority

You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

Appealing Our Decision

If you are not satisfied with our response to your data privacy request, you have the right to appeal our decision. To do this, please contact us using the contact details provided under the "How to contact us" heading at the bottom of this notice. If you are not satisfied with the result of the appeal, you have the right to contact your respective attorney general depending on where you reside.

Verifying Data Protection Requests

We verify data protection requests to ensure that they are legitimate and to prevent unauthorised access to your personal data. Our verification process is based on matching personal data provided by the requestor with personal data that we have on file with the requestor. The personal data points matched vary based on what Michael Keeling Limited has on the requestor, but Michael Keeling Limited uses multiple personal data points for verification. During the verification process, Michael Keeling Limited aims to avoid collecting additional personal data from the requester that has not been previously collected by Michael Keeling Limited.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. 

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. 

How to contact us

If you have any questions or concerns about our use of your personal data, please contact us at michael.keeling@keelingbusinesssolutions.com (we operate online), or at the following address: MICHAEL KEELING LIMITED Charter House, 56 High Street, Sutton Coldfield, West Midlands, B72 1UJ United Kingdom

Glossary of Terminology and Frameworks

1.1 "controller", "processor", "data subject", "personal data" and "processing" (and "process") will have the meanings given in EU/UK Data Protection Law;

1.2 "Applicable Data Protection Law" means all worldwide data protection and privacy laws and regulations applicable to the Personal Data in question, including, where applicable, EU/UK Data Protection Law, US Data Protection Law, Serbian Data Protection Law, Canadian Data Protection Law, and the Swiss DPA;

1.3 “Breach” means an accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access that is in violation of Michael Keeling Limited’s security obligations under this Agreement by Michael Keeling Limited or its agents of which Michael Keeling Limited becomes aware.  Breach will not include an unsuccessful Breach, which is one that results in no unauthorised access to Personal Data or to any Michael Keeling Limited equipment or facilities storing the Personal Data, and could include (without limitation) pings and other broadcast attacks of firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorised access to traffic data that does not result in access beyond headers) or similar incidents;

1.4 "Canadian Data Protection Law" means: (i) the Personal Information Protection and Electronic Documents Act S.C. 2000, c. 5; (ii) applicable provincial law; (iii) any and all applicable data protection laws made under, pursuant to or that apply in conjunction with any of (i) or (ii); in each case as may be amended or superseded from time to time; 

1.5 “Data Privacy Framework” means the EU-US Data Privacy Framework, the UK extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework self-certification program operated by the US Department of Commerce;

1.6 “Data Privacy Principles” means the Data Privacy Framework principles (as supplemented by the Supplemental Principles);

1.7 "EU/UK Data Protection Law" means: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (the "EU GDPR"); (ii) the EU GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 (the "UK GDPR"); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iv) any and all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i), (ii) or (iii); in each case as may be amended or superseded from time to time; 

1.8 "US Data Protection Law '' means: (i) the California Consumer Privacy Act of 2018, including as amended by the California Privacy Rights Act of 2020, codified at Cal. Civ. Code §1798.100 et seq., upon the CPRA’s enforcement date of July 1, 2023 (together with its implementing regulations) (“CPRA”); (ii) the Virginia Consumer Data Protection Act; (iii) the Colorado Privacy Act; (iv) the Connecticut Personal Data Privacy and Online Monitoring Act; (v) the Utah Consumer Privacy Act; (vi) the Iowa Consumer Data Protection Act; (vii) the Indiana Consumer Data Protection Act;  (viii) the Tennessee Information Protection Act; (ix) the Montana Consumer Data Privacy Act; (x) the Texas Data Privacy and Security Act; (xi) the Oregon Consumer Privacy Act; (xii) the Delaware Personal Data Privacy Act; and (xiii) any and all applicable comprehensive state data protection laws and regulations that are or are not yet in effect as of the Effective Date; in each case as may be amended or superseded from time to time; 

1.9 "Serbian Data Protection Law" means: Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti; Official Gazette of the Republic of Serbia, no 87/2018).  In the case of a transfer of Personal Data to a Non-Adequate Country, by entering into this DPA, the Customer is entering into the Serbian Standard Contractual Clauses (“Serbian SCCs”) as adopted by the "Serbian Commissioner for Information of Public Importance and Personal Data Protection", to provide an adequate level of protection. References to the Standard Contractual Clauses in this DPA will include the Serbian SCCs.  

1.10 “Supplemental Principles” will have the meaning given in the Data Privacy Framework;

1.11 "Standard Contractual Clauses" means: (i) where the EU GDPR or Swiss DPA applies, the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council ("EU SCCs"); and (ii) where the UK GDPR applies, standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR ("UK SCCs"); and (iii) where Serbian Data Protection Law applies, the Serbian SCCs; and

1.12 "Swiss DPA" means the revised Swiss Federal Act on Data Protection enacted on September 25, 2020, and effective on September 1, 2023, as may be amended or superseded from time to time.