Skip to main content

Privacy notice

Last updated: 9 March 2026

Who we are

Kairos Medical Informatics Ltd is the data controller for this website. We provide clinical informatics consultancy from Sheffield, UK. Our registered office is 3 Kensington Chase, Sheffield, South Yorkshire, S10 4NN. Our ICO registration reference is ZB377343. This notice applies to personal data collected via this website only.

What data we collect

We collect only what you submit via the contact form: your name, email address, organisation (optional), subject, and message. We also record your IP address and browser user-agent string at the point of submission, solely for security and anti-abuse purposes (rate limiting and bot detection). We do not collect patient-identifiable or special category data via this website. Please do not include such information in any message you send us.

How we collect it

We collect data when you submit the contact form — not before. We do not use analytics tools, tracking pixels, or third-party data sources.

Purpose and legal basis

Contact form data (name, email, organisation, subject, message) is processed solely to respond to your enquiry. The legal basis is your consent, provided when you submit the form and tick the consent checkbox. You may withdraw consent at any time by contacting us; this does not affect any processing already carried out. IP address and user-agent data are processed under our legitimate interest in protecting this website from abuse, spam, and automated attacks. This processing is limited to the minimum necessary for that purpose.

Data processors

The following third-party services act as data processors on our behalf. They process data only as directed and for the purposes described.

  • Azure Communication Services (Microsoft) — transmits your contact message to us by email. Microsoft's privacy policy: privacy.microsoft.com
  • hCaptcha (Intuition Machines, Inc.) — provides bot detection on the contact form. Your IP address and browser interaction data may be processed by hCaptcha. hCaptcha privacy policy: hcaptcha.com/privacy
  • Azure Application Insights (Microsoft) — collects server-side performance and error metrics (request timing, status codes, exceptions). Message content is never included. Microsoft's privacy policy: privacy.microsoft.com

Who we share it with

We do not sell or share your personal data with third parties for their own purposes. Data is transmitted through the processors listed above, who act strictly under our instruction. Your contact message is delivered to us by email and is not stored in a database.

Retention

Contact form messages received by email are retained for as long as necessary to handle your enquiry and for up to two years thereafter for record-keeping. Security metadata (IP addresses, submission reference IDs) is retained only in server logs and is subject to standard log rotation (typically 30–90 days).

Cookies

This site sets no cookies. No consent banner or cookie notice is required.

Your rights

Under UK GDPR you have the following rights in relation to your personal data. To exercise any of them, use the contact form and state your request clearly. We will respond within one calendar month.

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data ('right to be forgotten')
  • Restriction — ask us to limit how we use your data
  • Objection — object to our processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format

Complaints

If you believe we are processing your personal data unlawfully you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk, or call 0303 123 1113.