Privacy Policy
Last updated: July 7, 2026
1. Introduction
Kestrel ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.kestrelconsulting.services (the "Site").
Please read this Privacy Policy carefully.
2. Data Controller
The primary Data Controller responsible for your personal information under this policy is Kestrel Systems Pty Ltd, a proprietary limited company registered in South Africa.
2.1 EU Representative (GDPR Article 27)
As our operations are managed within the European Economic Area, our designated representative in the European Union is Lee Fowler, located in Stockholm, Sweden. For all queries regarding European data processing, please contact lee@kestreldb.com.
2.2 South Africa Information Officer (POPIA)
The designated Information Officer for South African compliance is Lee Fowler (lee@kestreldb.com). South African data subjects may lodge inquiries or complaints regarding our handling of personal information with the South African Information Regulator (complaints.IR@inforegulator.org.za).
3. Information We Collect
We may collect information about you in a variety of ways, including:
3.1 Personal Data
Personally identifiable information, such as your name, email address, phone number, and any other information you voluntarily provide to us when you:
- Submit a contact form
- Request early access to our product
- Sign up for our newsletter
- Communicate with us via email
3.2 Usage Data
Information our servers automatically collect when you access the Site, including:
- IP address
- Browser type and version
- Operating system
- Pages visited and time spent
- Referring website
- Device information
3.3 Data Sourced from Third Parties and Business Enrichment
For our business-to-business (B2B) lead generation, data mining, and sales outreach activities, we may collect professional personal data about you from third-party sources rather than directly from you.
Sources of Data: Publicly accessible corporate websites, professional networking platforms (e.g., LinkedIn), registry data, corporate directories, and third-party commercial data brokers or business intelligence platforms.
Categories of Data Collected: Professional identity data (first name, last name, job title, department), professional contact data (corporate email address, business telephone number, office address), and company data (company name, industry, company size, public corporate postings).
Data Enrichment and AI: We may use automated systems, software integrations, or artificial intelligence algorithms to cross-reference and enrich this data to ensure accuracy, infer professional interests, and evaluate whether your organization might benefit from our services. We do not engage in any automated profiling that produces legal or similarly significant effects on you.
4. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track activity on our Site and store certain information. Tracking technologies used include:
4.1 Essential Cookies
These cookies are necessary for the website to function and cannot be switched off. They are usually set in response to actions made by you, such as setting your privacy preferences.
4.2 Analytics Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us know which pages are the most and least popular.
4.3 Marketing Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.
Meta Pixel (Facebook Pixel)
We use Meta Pixel to understand how visitors interact with our website. This pixel:
- Tracks page views and conversions
- Only loads after you consent to marketing cookies
- Data is processed by Meta Platforms, Inc.
Legal basis: Consent (GDPR Article 6(1)(a))
5. Legal Basis for Processing
We process your personal data on the following legal bases:
- Consent: For analytics and marketing cookies, and marketing communications
- Legitimate Interests: For essential website cookies, IT security, fraud prevention, and conducting business-to-business (B2B) marketing, lead enrichment, data validation, and direct sales outreach where our commercial interests are balanced against your privacy rights
- Contractual Necessity: When processing is necessary for the performance of a contract
- Legal Obligation: When required to comply with legal requirements
6. Use of Your Information
We may use the information we collect about you to:
- Provide, operate, and maintain our website
- Improve, personalize, and expand our website
- Understand and analyze how you use our website
- Develop new products, services, features, and functionality
- Communicate with you about our services
- Send you marketing and promotional communications (with your consent)
- Prevent fraud and ensure security
7. Disclosure of Your Information
We may share information we have collected about you in certain situations:
- By Law or to Protect Rights: If we believe disclosure is necessary to comply with legal obligations
- Third-Party Service Providers: We may share your information with third parties that perform services for us
- Business Transfers: In connection with any merger, sale of company assets, or acquisition
Meta Platforms, Inc.: When you consent to marketing cookies, page view data is shared with Meta.
8. Data Retention
We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We retain your contact information for as long as your account is active, or up to 12 months after your last interaction with our marketing emails or text messages.
9. Your Data Protection Rights
Under the GDPR, you have the following rights:
Right to Access
You can request copies of your personal data.
Right to Rectification
You can request that we correct inaccurate information.
Right to Erasure
You can request that we delete your personal data.
Right to Restrict Processing
You can request that we limit how we use your data.
Right to Data Portability
You can request that we transfer your data to another organization.
Right to Object
You can object to our processing of your personal data.
To exercise any of these rights, please contact us at lee@kestreldb.com. We will respond to your request within 30 days.
10. US State Privacy Rights (including California CPRA)
If you are a resident of California or other US states with comprehensive privacy laws, you have the right to request access to, correction of, or deletion of your personal data. You also have the right to opt-out of the “sale” or “sharing” of your personal information (including for targeted advertising).
We do not “sell” your personal information for money, but our use of the Meta Pixel may qualify as “sharing” for cross-context behavioral advertising. To exercise your right to opt-out, please use our cookie banner to decline marketing cookies or email us at lee@kestreldb.com.
We do not knowingly collect or share data from minors under 16.
11. Security of Your Information
We use administrative, technical, and physical security measures to protect your personal information. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.
12. Children's Privacy
Our Site is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
13. International Data Transfers
Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. When you consent to marketing cookies, data is transferred to Meta Platforms, Inc. in the United States.
We rely on EU Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework to ensure adequate protection for personal data transferred to the United States.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this page.
15. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Kestrel
Email: lee@kestreldb.com
You also have the right to lodge a complaint with a supervisory authority. In the EU, you can contact your local data protection authority.
16. Legal Notice (Impressum)
Company Name
Kestrel Systems Pty Ltd
Registration Number (South Africa)
2026/364797/07
Registered Corporate Address
112 Van Eyssen Rd, Churchill Estate, Western Cape, 7500
EU Representative & Operations Point of Contact
Lee Fowler
EU Physical Location
Stockholm, Sweden
Email Contact