Privacy Policy

Company: Kacper Kolasa trading as Kasper Automation

Website: kasperautomation.com

Contact: hello@kasperautomation.com

Security contact: security@kasperautomation.com

Address: 1 Grange Road, Wolverhampton, WV6 8RQ, West Midlands, UK

Effective date: 12/12/2025  |  Last updated: 12/12/2025

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit our website, contact us, or use our services.

1) Who we are

For the purposes of UK GDPR and EU GDPR (where applicable), Kacper Kolasa trading as Kasper Automation is the data controller for personal data collected via our website and business operations.

When providing automation services for a client, we may act as a data processor for personal data that the client controls. In those cases, processing is governed by our Data Processing Addendum (DPA) and the client's instructions.

2) The personal data we collect

2.1 Website and technical data

When you visit our website, we may process technical data such as:

  • IP address
  • Device and browser information
  • Pages viewed and request metadata
  • Approximate location inferred from IP (country/region level)

2.2 Contact and enquiry data

When you contact us (for example via a contact form or email), we may collect:

  • Name
  • Email address
  • Company name
  • Role/job title
  • Message content and any attachments you send

2.3 Client and service delivery data (services)

When delivering automation services, we may process data that a client provides or makes available to us. This can include:

  • CRM records (lead/customer fields, statuses)
  • Operational messages (email/Slack/Teams content routed through workflows)
  • Files intentionally passed through workflows (documents, exports)
  • Identifiers and metadata required to run workflows (record IDs, timestamps, event types)
  • Limited logs and diagnostic information for reliability and support

The exact categories depend on the client's tool stack and the workflows requested.

3) How we use personal data

We use personal data to:

  • Respond to enquiries and communicate with prospects and clients
  • Provide and support our services (including building, testing, deploying, and maintaining workflows)
  • Operate and secure our website and systems
  • Maintain business records (including invoicing and compliance)
  • Prevent fraud and misuse

We do not sell personal data.

4) Lawful bases for processing

Where UK GDPR / EU GDPR applies, we rely on the following lawful bases:

  • Consent (Article 6(1)(a)): where you provide information via a form or opt in to communications (where applicable).
  • Contract (Article 6(1)(b)): where processing is necessary to provide services or take steps at your request before entering a contract.
  • Legitimate interests (Article 6(1)(f)): where processing is necessary for our legitimate interests (for example, operating our website securely, responding to enquiries, and improving service reliability), balanced against your rights.
  • Legal obligation (Article 6(1)(c)): where we must comply with legal or regulatory requirements.

5) Cookies and similar technologies

We may use cookies or similar technologies that are necessary for the website to function.

If we use non-essential cookies (for example analytics or marketing cookies), we will provide a cookie notice and obtain consent where required.

6) How we share personal data

We may share personal data with:

  • Service providers that help us operate the website and deliver services (subprocessors)
  • Professional advisers (legal, accounting) where necessary
  • Authorities or third parties where required by law

We only share data necessary for the relevant purpose.

6.1 Subprocessors

We use third-party providers ("subprocessors") for functions such as hosting, email delivery, and form handling.

Current subprocessors list: /subprocessors.html

7) International transfers

Some of our service providers may process personal data outside the UK or EEA.

Where international transfers occur, we use appropriate safeguards, such as:

  • UK International Data Transfer Agreement (IDTA) and/or UK Addendum
  • EU Standard Contractual Clauses (SCCs)
  • Other lawful transfer mechanisms permitted by applicable law

8) Data retention

We keep personal data only as long as necessary for the purposes described in this policy.

Typical retention categories include:

  • Enquiry and correspondence records
  • Client communications and support records
  • Service documentation and project records
  • Website and security logs
  • Billing and compliance records (as required by law)

Retention details: Available on request

9) Security

We implement appropriate technical and organisational measures designed to protect personal data, including:

  • Access controls (least privilege where feasible)
  • Secure credential handling
  • Monitoring and incident response processes
  • Secure hosting configurations appropriate to the chosen delivery model

No method of transmission or storage is completely secure. If you believe your data has been compromised, contact: security@kasperautomation.com.

10) Your rights

Where UK GDPR / EU GDPR applies, you may have the right to:

  • Access your personal data
  • Correct inaccurate personal data
  • Request deletion of personal data
  • Restrict or object to processing
  • Request portability of personal data
  • Withdraw consent (where processing is based on consent)

To exercise your rights, email: hello@kasperautomation.com.

10.1 Complaints

If you are in the UK, you can lodge a complaint with the Information Commissioner's Office (ICO).

If you are in the EEA, you can lodge a complaint with your local supervisory authority.

11) Children's privacy

Our website and services are not directed to children, and we do not knowingly collect personal data from children.

12) Processor vs controller roles (services)

12.1 When we are the controller

We are the controller for:

  • Website visitor data
  • Enquiries and communications
  • Business operations data (accounting, invoicing, administration)

12.2 When we are the processor

For many client engagements, we act as a processor for personal data the client controls (for example, CRM records processed through workflows). In those cases:

  • The client is the controller
  • We process data only on the client's documented instructions
  • Our processing is governed by our DPA and the client's agreement with us

DPA: /dpa.html

13) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date above.

14) Contact

For privacy questions or requests: hello@kasperautomation.com

For security concerns: security@kasperautomation.com