top of page
Kaystone Standards Trans__edited.png

Privacy Policy 

Last updated: March 2026

Keystone Standards Limited takes your privacy and the protection of your personal data seriously. As a consultancy specialising in information security, quality, and management system standards, we understand the importance of protecting personal information and maintaining transparency about how it is handled.

This Privacy Policy explains how Keystone Standards Limited collects, uses, stores, and protects personal data when you interact with our website or contact us regarding our consultancy services. We are committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller responsible for your personal information is:

 

Keystone Standards Limited
34 Alington Road
Newton Aycliffe
Co. Durham
DL5 4LN
United Kingdom

 

Privacy enquiries can be directed to: privacy@keystonestandards.org

ICO Registration Number: ZC102904

 

2. Personal Data We Collect

When you use our website or submit an enquiry through our contact or quotation forms, we may collect the following personal information:

  • First name

  • Company name

  • Email address

  • Telephone number

  • Number of employees

  • Postcodes or locations of relevant sites

  • Services requested

  • Any additional information provided in the enquiry message

 

This information is provided voluntarily when you contact us.

 

3. How We Use Your Information

We process personal data for the following purposes:

  • responding to enquiries submitted via our website

  • providing information about our consultancy services

  • assessing your organisation’s requirements for ISO-related services

  • communicating regarding potential or ongoing consultancy engagements

  • maintaining business records related to enquiries and projects

 

We do not send marketing emails or newsletters.

 

4. Legal Basis for Processing

Under UK GDPR, Keystone Standards Limited relies on the following lawful bases for processing personal data:

 

Legitimate Interests
We process personal data when responding to business enquiries and providing information about our services where there is a legitimate interest in doing so.

 

Contractual Necessity
Where a consultancy engagement is agreed, personal data may be processed as part of fulfilling contractual obligations.

5. Website Platform and Data Collection

Our website is hosted on the Wix platform.

Wix may automatically collect certain technical information when you visit our website, including:

  • IP address

  • browser type and device information

  • website usage data

  • cookie-related information

 

This data helps ensure the website functions correctly and allows us to understand how visitors interact with the site.

 

6. Analytics

We use analytics services to understand website performance and visitor behaviour.

These include:

 

These tools may collect anonymised usage data such as page visits, session duration, device information, and geographic region.

Analytics providers may process data on servers located outside the United Kingdom.

 

7. Storage of Enquiry Data

Information submitted through website forms is stored in:

  • the Wix CRM system associated with our website

  • Microsoft email services

 

No additional CRM systems or external databases are used.

 

8. Sharing of Personal Data

We do not sell or distribute personal data.

However, personal information may be shared with trusted third parties where necessary for legitimate business purposes.

 

These may include:

  • professional accountants

  • email service providers

  • subcontractors or specialist consultants engaged to assist with a project

 

Any such sharing will be limited to what is necessary for the relevant purpose.

 

9. International Data Transfers

Some service providers used by Keystone Standards Limited, including the Wix platform and analytics providers, may process data on servers located outside the United Kingdom.

Where this occurs, appropriate safeguards are in place to ensure personal data is handled in accordance with UK GDPR requirements.

 

10. Data Retention

Enquiry information and related communications may be retained indefinitely unless a request is made for deletion.

 

This helps maintain accurate business records and ensures continuity of communication should future enquiries arise.

Individuals may request deletion of their personal data at any time.

 

11. Your Data Protection Rights

Under UK GDPR, individuals have the following rights regarding their personal data:

  • the right to access personal data

  • the right to request correction of inaccurate information

  • the right to request erasure of personal data

  • the right to restrict processing

  • the right to object to processing

  • the right to data portability (where applicable)

 

Requests relating to personal data can be made by contacting: privacy@keystonestandards.org

 

12. Complaints

If you are unhappy with how your personal data has been handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

 

Information on how to do this can be found at: https://ico.org.uk

 

13. Updates to This Privacy Policy

Keystone Standards Limited may update this Privacy Policy from time to time to reflect changes in legal requirements or operational practices.

The most recent version will always be available on our website.

bottom of page