Kyanite Blue

Privacy Policy

Last updated: February 2025

This Privacy Policy explains how Kyanite Blue Ltd collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Kyanite Blue Ltd (“Kyanite Blue”, “we”, “us”, or “our”) is a company registered in England and Wales under company number 12456304. Our registered address is:

Kyanite Blue Ltd
Moorend Farm Main Street
Ulleskelf, Tadcaster
England, LS24 9DU

Kyanite Blue Ltd is the Data Controller for the personal data processed in connection with our website (kyaniteblue.com) and the services we provide. As Data Controller, we determine the purposes and means by which your personal data is processed.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at hq@kyaniteblue.com.

2. What Personal Data We Collect

We collect personal data in the following circumstances:

2.1 Contact Form Submissions

When you submit an enquiry via our contact form, we collect:

  • Full name
  • Email address
  • Company name
  • Telephone number (optional, if provided)
  • The content of your message

2.2 Website Analytics

We use Google Analytics 4 (GA4) to understand how visitors use our website. This involves collecting:

  • Anonymised IP address (your full IP address is never stored)
  • Pages visited and time spent on each page
  • Browser type and device category
  • Referring website or search term
  • Geographic location at country/region level

All analytics data is anonymised. We do not use analytics data to identify individuals.

2.3 Client Portal Data

For existing clients who access any client portal or account management system, we may process:

  • Email address and password (hashed)
  • Company name and account details
  • Login activity and session logs
  • Product and service configurations associated with your account

3. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Legitimate Interests (Article 6(1)(f))

We process contact form submissions and website analytics data on the basis of our legitimate interests in responding to business enquiries and improving our website and services. We have balanced this against your interests and rights, and consider that you would reasonably expect us to use your contact details to respond to your enquiry.

Contract Performance (Article 6(1)(b))

For existing clients, we process personal data as necessary for the performance of a contract — including managing your account, delivering services, and providing support.

Consent (Article 6(1)(a))

Where you have explicitly opted in to receive marketing communications (product updates, newsletters, or event invitations), we will process your email address on the basis of your consent. You may withdraw consent at any time by unsubscribing or contacting us at hq@kyaniteblue.com.

4. How We Use Your Data

We use your personal data to:

  • Respond to enquiries — to contact you in response to messages submitted through our contact form or sent directly by email.
  • Manage client accounts — to provision and administer the products and services you have engaged us to deliver.
  • Improve our website — to analyse how visitors use kyaniteblue.com so we can improve content, navigation, and performance.
  • Send product updates — where you have given consent, to send relevant updates about products and services we believe may be of interest to you.
  • Comply with legal obligations — to maintain accurate business records as required by applicable law.

We will never sell your personal data to third parties, and we will not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Who We Share Data With

We use a small number of trusted third-party processors to operate our website and services. We share only the minimum data necessary, and all processors are bound by GDPR-compliant Data Processing Agreements (DPAs).

ProcessorPurposeLocation
SupabaseDatabase hosting and storageEU / US (with SCCs)
VercelWebsite hosting and deploymentUS (with SCCs)
ResendTransactional email deliveryUS (with SCCs)
Google Analytics (GA4)Anonymised website analyticsUS (with SCCs)

Where processors are located outside the UK or EEA, we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved by the ICO or European Commission — to ensure your data receives an equivalent level of protection.

6. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law:

  • Enquiry data (contact form submissions from non-clients) — held for 2 years from the date of submission, after which it is securely deleted.
  • Client account data — held for the duration of the client relationship, plus 7 years following termination of the relationship (to comply with statutory accounting and record-keeping requirements).
  • Analytics data — retained in accordance with Google Analytics default retention settings (26 months), using anonymised identifiers only.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances.

Right to Portability

Where we process your data by automated means based on consent or contract, you may request a machine-readable copy.

Right to Restriction

You have the right to request that we restrict processing of your personal data in certain circumstances.

Right to Object

You have the right to object to processing based on legitimate interests, including for direct marketing.

To exercise any of these rights, please contact us at hq@kyaniteblue.com. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK's data protection supervisory authority — at ico.org.uk or by calling 0303 123 1113.

8. Cookies

Our website uses a small number of cookies. We do not use third-party advertising cookies or tracking pixels.

TypePurposeDuration
Essential (session)Required for the website to function; maintains session stateSession
Analytics (GA4)Measures page performance and visitor behaviour using anonymised data; IP anonymisation enabledUp to 26 months

We do not use advertising cookies or sell data to advertising networks. You can control cookie settings via your browser preferences.

9. Contact for Data Requests

For all data protection enquiries, requests to exercise your rights, or questions about this Privacy Policy, please contact us:

Email: hq@kyaniteblue.com

Post: Data Protection, Kyanite Blue Ltd, Moorend Farm Main Street, Ulleskelf, Tadcaster, England, LS24 9DU

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The most current version will always be published at kyaniteblue.com/privacy, with the date of last update shown at the top of this page. We encourage you to review this policy periodically.

If we make material changes that affect how we process your personal data, we will notify affected individuals by email (where we hold your contact details) or by displaying a prominent notice on our website.

This policy was last updated in February 2025. For questions, contact hq@kyaniteblue.com. Also see our Terms of Service.