Effective Date: 01/01/2026
1. Introduction & Scope
KAIA International ("we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Statement is designed to comply with the UK Data Protection Act 2018, the UK GDPR, and the EU General Data Protection Regulation (GDPR).
As a specialist consulting firm operating across the UK, EMEA, APAC, and LATAM, we apply the highest global standards of data protection to all our client engagements and research activities.
2. Information We Collect
We may collect and process the following categories of data:
- Identity & Contact Data: Name, job title, company name, email address, and telephone number.
- Technical & Usage Data: IP address, browser type, time zone setting, and website interaction data.
- Consultancy Engagement Data: Strategic briefs, diagnostic session notes, and operational data provided for analysis.
- R&D Data: Anonymized data sets used for the development and testing of our proprietary Agentic Intelligence frameworks.
3. Legal Basis for Processing
Under GDPR, we only process data where we have a valid legal basis:
- Contractual Necessity: To perform our consultancy services.
- Legal Obligation: To comply with insurance and financial regulations.
- Legitimate Interests: To conduct R&D, improve our services, and manage our business relationships, provided these do not override your fundamental rights.
4. Agentic AI & The EU AI Act
At KAIA International, we stay at the forefront of AI regulation. Our AI-native workflows are designed with the principles of the EU Artificial Intelligence Act in mind:
- Transparency: We ensure that all AI-augmented outputs are clearly identifiable and subject to human technical oversight.
- Data Integrity: We do not use client-specific or PII-heavy data to train public or foundational models.
- Risk Management: We apply "Privacy by Design" to our Agentic R&D, ensuring that AI agents operate within strictly defined silos to prevent data leakage.
5. International Data Transfers
Given our global footprint, your data may be transferred outside the UK or the European Economic Area (EEA). When such transfers occur, we ensure a similar degree of protection by ensuring at least one of the following safeguards is implemented:
- Adequacy Decisions: Transferring data to countries that have been deemed to provide an adequate level of protection by the UK Government or European Commission.
- Standard Contractual Clauses (SCCs): Utilizing specific contracts approved for use in the UK and EU which give personal data the same protection it has in Europe.
6. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
7. Your Legal Rights (UK & EU)
Regardless of your location, we provide all our users with the rights enshrined in the GDPR:
- Right of Access: Request a copy of your personal data.
- Right to Rectification: Request correction of incomplete or inaccurate data.
- Right to Erasure: Request the deletion of your data where there is no good reason for us continuing to process it.
- Right to Object/Restrict: Object to processing based on legitimate interests or request the restriction of processing.
- Right to Portability: Request the transfer of your data to another party.
8. Security Measures
We have implemented industry-leading security protocols, including encryption at rest and in transit, to protect your data. Our "Agentic Architecture" ensures that any AI processing of client data happens in a secure, controlled environment.
9. Contact & Regulatory Authorities
For any questions regarding this statement, please contact: Data Privacy Lead: legal@kaiaclaims.com
If you are based in the UK, you have the right to make a complaint to the Information Commissioner’s Office (ICO).
If you are based in the EU, you may contact your local National Data Protection Authority.
