Privacy Policy

Last updated: July 7, 2026

1. Introduction

Kestrel ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.kestrelconsulting.services (the "Site").

Please read this Privacy Policy carefully.

2. Data Controller

The primary Data Controller responsible for your personal information under this policy is Kestrel Systems Pty Ltd, a proprietary limited company registered in South Africa.

KESTREL SYSTEMS (Pty) Ltd

Registration: 2026/364797/07

Email: lee@kestreldb.com

2.1 EU Representative (GDPR Article 27)

As our operations are managed within the European Economic Area, our designated representative in the European Union is Lee Fowler, located in Stockholm, Sweden. For all queries regarding European data processing, please contact lee@kestreldb.com.

2.2 South Africa Information Officer (POPIA)

The designated Information Officer for South African compliance is Lee Fowler (lee@kestreldb.com). South African data subjects may lodge inquiries or complaints regarding our handling of personal information with the South African Information Regulator (complaints.IR@inforegulator.org.za).

3. Information We Collect

We may collect information about you in a variety of ways, including:

3.1 Personal Data

Personally identifiable information, such as your name, email address, phone number, and any other information you voluntarily provide to us when you:

  • Submit a contact form
  • Request early access to our product
  • Sign up for our newsletter
  • Communicate with us via email

3.2 Usage Data

Information our servers automatically collect when you access the Site, including:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website
  • Device information

3.3 Data Sourced from Third Parties and Business Enrichment

For our business-to-business (B2B) lead generation, data mining, and sales outreach activities, we may collect professional personal data about you from third-party sources rather than directly from you.

Sources of Data: Publicly accessible corporate websites, professional networking platforms (e.g., LinkedIn), registry data, corporate directories, and third-party commercial data brokers or business intelligence platforms.

Categories of Data Collected: Professional identity data (first name, last name, job title, department), professional contact data (corporate email address, business telephone number, office address), and company data (company name, industry, company size, public corporate postings).

Data Enrichment and AI: We may use automated systems, software integrations, or artificial intelligence algorithms to cross-reference and enrich this data to ensure accuracy, infer professional interests, and evaluate whether your organization might benefit from our services. We do not engage in any automated profiling that produces legal or similarly significant effects on you.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Site and store certain information. Tracking technologies used include:

4.1 Essential Cookies

These cookies are necessary for the website to function and cannot be switched off. They are usually set in response to actions made by you, such as setting your privacy preferences.

4.2 Analytics Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us know which pages are the most and least popular.

4.3 Marketing Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.

Meta Pixel (Facebook Pixel)

We use Meta Pixel to understand how visitors interact with our website. This pixel:

  • Tracks page views and conversions
  • Only loads after you consent to marketing cookies
  • Data is processed by Meta Platforms, Inc.

Legal basis: Consent (GDPR Article 6(1)(a))

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent: For analytics and marketing cookies, and marketing communications
  • Legitimate Interests: For essential website cookies, IT security, fraud prevention, and conducting business-to-business (B2B) marketing, lead enrichment, data validation, and direct sales outreach where our commercial interests are balanced against your privacy rights
  • Contractual Necessity: When processing is necessary for the performance of a contract
  • Legal Obligation: When required to comply with legal requirements

6. Use of Your Information

We may use the information we collect about you to:

  • Provide, operate, and maintain our website
  • Improve, personalize, and expand our website
  • Understand and analyze how you use our website
  • Develop new products, services, features, and functionality
  • Communicate with you about our services
  • Send you marketing and promotional communications (with your consent)
  • Prevent fraud and ensure security

7. Disclosure of Your Information

We may share information we have collected about you in certain situations:

  • By Law or to Protect Rights: If we believe disclosure is necessary to comply with legal obligations
  • Third-Party Service Providers: We may share your information with third parties that perform services for us
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition

Meta Platforms, Inc.: When you consent to marketing cookies, page view data is shared with Meta.

8. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We retain your contact information for as long as your account is active, or up to 12 months after your last interaction with our marketing emails or text messages.

9. Your Data Protection Rights

Under the GDPR, you have the following rights:

Right to Access

You can request copies of your personal data.

Right to Rectification

You can request that we correct inaccurate information.

Right to Erasure

You can request that we delete your personal data.

Right to Restrict Processing

You can request that we limit how we use your data.

Right to Data Portability

You can request that we transfer your data to another organization.

Right to Object

You can object to our processing of your personal data.

To exercise any of these rights, please contact us at lee@kestreldb.com. We will respond to your request within 30 days.

10. US State Privacy Rights (including California CPRA)

If you are a resident of California or other US states with comprehensive privacy laws, you have the right to request access to, correction of, or deletion of your personal data. You also have the right to opt-out of the “sale” or “sharing” of your personal information (including for targeted advertising).

We do not “sell” your personal information for money, but our use of the Meta Pixel may qualify as “sharing” for cross-context behavioral advertising. To exercise your right to opt-out, please use our cookie banner to decline marketing cookies or email us at lee@kestreldb.com.

We do not knowingly collect or share data from minors under 16.

11. Security of Your Information

We use administrative, technical, and physical security measures to protect your personal information. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

12. Children's Privacy

Our Site is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

13. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. When you consent to marketing cookies, data is transferred to Meta Platforms, Inc. in the United States.

We rely on EU Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework to ensure adequate protection for personal data transferred to the United States.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this page.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Kestrel

Email: lee@kestreldb.com

You also have the right to lodge a complaint with a supervisory authority. In the EU, you can contact your local data protection authority.

16. Legal Notice (Impressum)

Company Name

Kestrel Systems Pty Ltd

Registration Number (South Africa)

2026/364797/07

Registered Corporate Address

112 Van Eyssen Rd, Churchill Estate, Western Cape, 7500

EU Representative & Operations Point of Contact

Lee Fowler

EU Physical Location

Stockholm, Sweden

Email Contact

lee@kestreldb.com