Privacy Policy

Who we are

Keystone Intelligence Group ("Keystone", "we", "us", "our") is an AI consultancy operating in Ireland. We are the data controller responsible for the personal data described in this policy.

Placeholder — to confirm before publishing: registered business name and legal structure, registered address, company registration number (if applicable), and the contact email for data-related queries. These details must be accurate and complete for the policy to be valid.

The data we collect

We collect personal data in two main ways: information you give us directly, and information collected automatically when you use the website.

Information you give us

When you submit the Discovery Call enquiry form on our contact page, we collect:

• Your first and last name
• Your email address
• Your phone number
• Your company name
• Your company's annual turnover band
• Your industry or sector
• The description you provide of your biggest operational problem

If you contact us directly by email instead of using the form, we collect whatever information you choose to include in that correspondence.

Information collected automatically

When you visit the website, certain technical data may be collected automatically, such as your IP address, browser type, device information, and pages visited. Placeholder — to confirm: the exact automatic data collection depends on the hosting and analytics setup. This section must be updated to reflect what your hosting provider and any analytics tools (for example, website analytics or performance monitoring) actually collect.

Why we use your data, and our legal basis

Under the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, we must have a lawful basis for processing your personal data. We rely on the following:

• To respond to your enquiry and arrange a Discovery Call. Legal basis: taking steps at your request prior to entering into a contract, and our legitimate interest in responding to potential clients.
• To understand your business context — including turnover band, sector, and the operational problem you describe — so that the Discovery Call is useful and relevant. Legal basis: our legitimate interest in preparing properly for the conversation you have requested.
• To maintain records of enquiries and correspondence. Legal basis: our legitimate interest in managing our business and our legal obligations to keep certain records.
• To operate and secure the website. Legal basis: our legitimate interest in keeping the site functional and secure.

We do not sell your personal data, and we do not use it for automated decision-making or profiling.

How your data is shared

We do not share your personal data except as described here:

• Service providers. We use third-party providers to run our website and handle enquiries — for example, website hosting and any form-handling, email, or customer-relationship tools. These providers process data on our behalf and only on our instructions.
• Legal requirements. We may disclose data where we are legally required to do so, or to establish, exercise, or defend legal claims.

Placeholder — to confirm: list the specific third-party processors actually in use (for example, the hosting provider, the form or CRM tool, the email provider). Each should ideally have a data processing agreement in place. If any processor stores data outside the European Economic Area, this section must also describe the safeguards used for that transfer.

How long we keep your data

We keep personal data only for as long as necessary for the purposes set out in this policy.

Placeholder — to confirm: set specific retention periods. For example, how long enquiry-form submissions are kept if they do not lead to an engagement, and how long client correspondence and records are retained afterwards. Retention periods should be defined and justifiable rather than indefinite.

How we protect your data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. Placeholder — to confirm: describe the actual measures in place, such as encryption, access controls, and secure storage, in line with how enquiry data is genuinely handled.

Your rights

Under GDPR and the Data Protection Act 2018, you have the following rights over your personal data:

• Access — you can request a copy of the personal data we hold about you.
• Rectification — you can ask us to correct data that is inaccurate or incomplete.
• Erasure — you can ask us to delete your personal data in certain circumstances.
• Restriction — you can ask us to limit how we use your data in certain circumstances.
• Objection — you can object to processing that we carry out on the basis of legitimate interest.
• Portability — you can ask to receive certain data in a portable format.

To exercise any of these rights, contact us using the details below. We will respond within the timeframe required by law. You also have the right to lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie) if you are unhappy with how we have handled your data.

Cookies

Cookies are small files placed on your device when you visit a website. Placeholder — to confirm: this section must be completed once it is known which cookies the site actually sets. If the site uses only essential cookies, state that. If it uses analytics or other non-essential cookies, a cookie banner that asks for consent before those cookies are set is required, and this section should describe each cookie category. If a separate cookie policy is created, link to it here.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "last updated" date at the top of the page. Significant changes will be made clear on this page.

Contact us

For any question about this policy, or to exercise your data protection rights, contact us: