Last updated: June 2026
Privacy policy
This notice covers the KonstanTrack marketing website and the personal data we handle when you contact us or request a quote. The KonstanTrack application (used by our customers under contract) is covered by a separate agreement and Data Processing Agreement — see Data protection.
Who we are
KonstanTrack (“we”, “us”) is a UK-based business and the data controller for the personal data described here. Details of the business operator are available on request.
- Based in: United Kingdom
- Privacy contact: [email protected]
The data we collect
We keep collection to a minimum. From this website we may hold:
- Enquiry data — when you submit the quote form: your name, work email and company name, plus any optional detail you add (role, team size, project volume, current tooling, message).
- Technical data — the IP address of a form submission (briefly, for abuse prevention), and standard server logs generated by our hosting and security providers.
- Cookies — only what the site needs to work and to keep the form secure. We use no analytics, advertising or tracking cookies. See our Cookie policy.
Customer (application) data. If your organisation uses the KonstanTrack application, the project, build and quality records you enter are processed on your organisation’s instructions under a separate contract and DPA — your organisation is the controller for that data, and we act as processor.
How we use it, and our lawful basis
- Respond to your enquiry and prepare a quote — lawful basis: legitimate interests (responding to a business enquiry you initiated).
- Prevent abuse and keep the site secure — lawful basis: legitimate interests (protecting our service and users).
- Send you related updates, only where you ask us to — lawful basis: consent, which you can withdraw at any time.
We do not sell your data, and we do not use it for unrelated marketing without your consent.
Automated decisions and profiling
We do not make decisions about you by solely automated means that produce legal or similarly significant effects, and we do not profile website visitors.
Our use of AI-assisted tools
We may use artificial intelligence tools to support internal operations, improve our services, assist with customer support, analyse website enquiries and help with product development. Where personal data is processed using AI-assisted tools, we aim to limit the data used, apply appropriate safeguards, and avoid using personal data to train AI models unless this is clearly stated or lawfully permitted. AI does not make final decisions about you — a person reviews anything that materially affects you.
Who we share it with
We use a small number of trusted providers who process data on our instructions only, under contract:
- Hosting / infrastructure: Microsoft Azure (UK region)
- Security and bot mitigation: Cloudflare (incl. Turnstile on the form)
- Email delivery for enquiry notifications: Resend
We disclose data beyond these providers only where required by law. Business customers can request our Data Processing Agreement for the application.
International transfers
We aim to keep personal data in the UK or EEA. Some providers above (for example a global security/CDN network) may process limited data outside the UK. Where that happens, we rely on a UK adequacy regulation or appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum. You can ask us which safeguard applies to a given provider.
How long we keep it
We keep enquiry data only as long as needed to deal with your enquiry and any resulting relationship. Submission IP addresses are purged after a short period (around 30 days). We delete enquiry data within 12 months of our last contact with you, unless the law requires us to keep certain records longer.
How we protect it
Data is encrypted in transit (TLS) and at rest. Access is least-privilege, the form is protected against automated abuse, and submissions are validated server-side. We apply data minimisation — we only ask for what a quote needs.
Your rights
Under UK GDPR you have the right to access, correct, delete, restrict or port your personal data, and to object to processing based on legitimate interests. Where we rely on consent, you can withdraw it at any time. To exercise any of these, email [email protected]. We respond within one month.
You can also complain to the Information Commissioner’s Office (ICO) at ico.org.uk. We’d appreciate the chance to resolve it first.
Children
This is a business website. It is not directed at children, and we do not knowingly collect personal data from anyone under 18.
Changes to this policy
We may update this notice as our service or the law changes. The date at the top shows the latest version; material changes will be made clear on this page.
