PRIVACY POLICY
Last Updated: 16 MAY 2026
1. ABOUT THIS POLICY
KADA Management Limited ("KADA", "we", "us", "our") is an Irish-registered business consulting practice based in Moneygall, Co. Offaly, Ireland. We provide remote operations, systems, sales, project management, virtual assistance, social media, email marketing and website support services.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it (including how we use AI tools to support our work), who we share it with, how long we keep it, and the rights you have over it. It applies to visitors to www.kadamanagement.com, prospective clients, clients and contacts of KADA.
This policy is provided in line with the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") as transposed in Ireland by the Data Protection Act 2018, and the UK GDPR where it applies.
2. DATA CONTROLLER
KADA Management Limited is the Data Controller for the personal data described in this policy.
We have not appointed a statutory Data Protection Officer as we are not required to under Article 37 GDPR. Privacy queries are handled directly by the controller at the email above.
3. PERSONAL DATA WE COLLECT
3.1 Website visitors
3.2 Prospective and existing clients
3.3 Categories we do not knowingly collect
We do not request, and ask clients not to provide, special category data under Article 9 GDPR (such as health, racial or ethnic origin, religious beliefs, biometric or genetic data) or criminal-records data under Article 10. We do not request payment card data; payments are handled by third-party processors.
4. LAWFUL BASES FOR PROCESSING
We rely on the following Article 6 GDPR lawful bases:
5. OUR USE OF AI TOOLS
KADA actively uses OpenAI ChatGPT and Anthropic Claude to help us draft documents, summarise notes, structure plans, analyse non-sensitive business information, and otherwise improve the quality and speed of our work. Google Gemini and Microsoft Copilot are available to us as part of our Google Workspace and Microsoft 365 subscriptions but are not actively used in client delivery at this time. We treat AI as a productivity tool, not as a decision-maker.
5.1 What we do
5.2 What we do not do
5.3 Your choice
If you are a client and you would prefer that we do not use AI tools in the delivery of your engagement, tell us in writing and we will agree alternative arrangements where reasonably possible.
6. HOW WE USE YOUR DATA
7. WHO WE SHARE YOUR DATA WITH
We do not sell your personal data. We share it only with third parties that help us run KADA. These processors act on our instructions under written agreements that include the safeguards required by Article 28 GDPR. Our main processors are:
This list may change from time to time and the current version is what governs.
We may also disclose personal data where we are legally required to do so (for example to the Revenue Commissioners, courts, or An Garda Siochana), or to professional advisers under confidentiality.
8. INTERNATIONAL TRANSFERS
KADA is based in Ireland and prefers EU/EEA-hosted services where practical. However, several of the SaaS and AI tools we rely on are operated by US-headquartered providers, so some personal data is transferred outside the EEA - principally to the United States.
Where this happens, we rely on one or more of the following safeguards under Chapter V GDPR:
You can ask us for a copy of the safeguards in place for a specific transfer by emailing admin@kadamanagement.com.
9. HOW LONG WE KEEP YOUR DATA
When the retention period ends, we delete or anonymise the data.
10. HOW WE PROTECT YOUR DATA
No system is completely secure. If we become aware of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours and you without undue delay where required under Articles 33-34 GDPR.
11. COOKIES AND SIMILAR TECHNOLOGIES
Our website uses a small number of cookies and similar technologies. Strictly necessary cookies are set without consent; non-essential cookies (including analytics) are set only after you accept them through our cookie banner. You can change or withdraw your consent at any time via the cookie settings on the site or through your browser controls.
Disabling cookies through your browser may affect site functionality.
12. YOUR RIGHTS
Under the GDPR you have the following rights. We will respond to a valid request within one month, extendable by a further two months for complex requests.
To exercise any right, email admin@kadamanagement.com with "Data request" in the subject line. We may need to verify your identity before responding.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the supervisory authority. In Ireland this is:
UK residents may complain to the Information Commissioner's Office (ico.org.uk).
13. CHILDREN
Our website and services are aimed at businesses and adults. We do not knowingly collect personal data from children under 16, which is the digital-consent age in Ireland under section 31 of the Data Protection Act 2018. If you believe a child has provided personal data to us, please contact admin@kadamanagement.com and we will delete it.
14. CHANGES TO THIS POLICY
We may update this policy from time to time. The current version is always available at www.kadamanagement.com/privacy-policy with the "Last updated" date at the top. Material changes will be notified by email to clients and active marketing subscribers.
15. CONTACT
Questions, requests and complaints about this policy or your personal data:
(c) 2026 KADA Management Limited. All rights reserved.
KADA Management Limited ("KADA", "we", "us", "our") is an Irish-registered business consulting practice based in Moneygall, Co. Offaly, Ireland. We provide remote operations, systems, sales, project management, virtual assistance, social media, email marketing and website support services.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it (including how we use AI tools to support our work), who we share it with, how long we keep it, and the rights you have over it. It applies to visitors to www.kadamanagement.com, prospective clients, clients and contacts of KADA.
This policy is provided in line with the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") as transposed in Ireland by the Data Protection Act 2018, and the UK GDPR where it applies.
2. DATA CONTROLLER
KADA Management Limited is the Data Controller for the personal data described in this policy.
- Company: KADA Management Limited
- Registered address: Moneygall, Co. Offaly, Ireland
- Website: www.kadamanagement.com
- Email: admin@kadamanagement.com
We have not appointed a statutory Data Protection Officer as we are not required to under Article 37 GDPR. Privacy queries are handled directly by the controller at the email above.
3. PERSONAL DATA WE COLLECT
3.1 Website visitors
- Identifiers you submit through forms: name, email address, business name, phone number, message content.
- Technical data: IP address, device identifier, browser type, country, pages visited, referring URL, time on site.
- Marketing preferences: opt-in status to our email list and any preferences you tell us.
3.2 Prospective and existing clients
- Contact and identification data: name, role, business name, email, phone, postal address where relevant.
- Contractual data: proposals, statements of work, invoices, payment records.
- Operational data you share with us to deliver services: business documents, processes, anonymised data sets, login details to systems where you formally authorise us to act on your behalf, and other content you upload, paste or send to us.
- Communications: emails, messages, call notes and meeting recordings (only with consent).
3.3 Categories we do not knowingly collect
We do not request, and ask clients not to provide, special category data under Article 9 GDPR (such as health, racial or ethnic origin, religious beliefs, biometric or genetic data) or criminal-records data under Article 10. We do not request payment card data; payments are handled by third-party processors.
4. LAWFUL BASES FOR PROCESSING
We rely on the following Article 6 GDPR lawful bases:
- Consent (Art. 6(1)(a)) - for non-essential cookies, analytics, and marketing emails. You can withdraw consent at any time.
- Contract (Art. 6(1)(b)) - to take steps before entering a contract (responding to enquiries, sending proposals) and to perform our services for clients.
- Legal obligation (Art. 6(1)(c)) - to keep accounting records as required by the Companies Act 2014 and Revenue (typically 6 years), and to respond to lawful regulatory or law-enforcement requests.
- Legitimate interests (Art. 6(1)(f)) - to operate, secure and improve our business, including limited use of AI tools to support our work (see section 5). We balance these interests against your rights and you can object at any time.
5. OUR USE OF AI TOOLS
KADA actively uses OpenAI ChatGPT and Anthropic Claude to help us draft documents, summarise notes, structure plans, analyse non-sensitive business information, and otherwise improve the quality and speed of our work. Google Gemini and Microsoft Copilot are available to us as part of our Google Workspace and Microsoft 365 subscriptions but are not actively used in client delivery at this time. We treat AI as a productivity tool, not as a decision-maker.
5.1 What we do
- We use AI tools under business or paid plans where the provider contractually commits not to use our inputs to train its public models.
- We minimise the personal data we share with AI tools. Where personal data is involved, we use the smallest amount needed and prefer anonymised or pseudonymised content.
- We review AI outputs before they are sent to clients or used in deliverables. A human at KADA is always responsible for the final work product.
- We use AI to assist with tasks such as drafting emails and documents, summarising meetings and notes, building templates, analysing publicly available data, and helping with code or formulas.
5.2 What we do not do
- We do not input client special-category data, financial account credentials, payment card data, or other sensitive personal data into AI tools.
- We do not use AI to make decisions that produce legal or similarly significant effects about you. There is no solely automated decision-making within the meaning of Article 22 GDPR.
- We do not sell your data to AI providers or anyone else.
5.3 Your choice
If you are a client and you would prefer that we do not use AI tools in the delivery of your engagement, tell us in writing and we will agree alternative arrangements where reasonably possible.
6. HOW WE USE YOUR DATA
- To respond to enquiries and provide quotes or proposals.
- To deliver the services agreed in your contract or scope of work.
- To send invoices and manage payments.
- To send marketing emails through MailerLite where you have opted in. Every marketing email contains a one-click unsubscribe.
- To operate, secure and improve our website and internal systems.
- To comply with our legal, tax and accounting obligations.
7. WHO WE SHARE YOUR DATA WITH
We do not sell your personal data. We share it only with third parties that help us run KADA. These processors act on our instructions under written agreements that include the safeguards required by Article 28 GDPR. Our main processors are:
- Showit (website host) - hosting kadamanagement.com - United States (EU-US Data Privacy Framework).
- Google (Workspace, Analytics, Search Console) - email, file storage, website analytics - EU and United States (EU-US DPF).
- MailerLite - email marketing list and campaigns - EU / United States (SCCs and EU-US DPF).
- HubSpot - CRM and pipeline management - EU / United States (SCCs and EU-US DPF).
- Slack (Salesforce) - internal and client messaging - United States (EU-US DPF).
- Notion, Asana, ClickUp - project and task management - United States (SCCs and EU-US DPF).
- OpenAI (ChatGPT) and Anthropic (Claude) - AI assistance for drafting, summarising and analysis - United States (SCCs and EU-US DPF, no model training on inputs under business plans).
- Google Gemini and Microsoft Copilot - available within our Google Workspace and Microsoft 365 subscriptions; not actively used by KADA at present - EU and United States (EU-US DPF).
This list may change from time to time and the current version is what governs.
We may also disclose personal data where we are legally required to do so (for example to the Revenue Commissioners, courts, or An Garda Siochana), or to professional advisers under confidentiality.
8. INTERNATIONAL TRANSFERS
KADA is based in Ireland and prefers EU/EEA-hosted services where practical. However, several of the SaaS and AI tools we rely on are operated by US-headquartered providers, so some personal data is transferred outside the EEA - principally to the United States.
Where this happens, we rely on one or more of the following safeguards under Chapter V GDPR:
- The European Commission adequacy decision for the EU-US Data Privacy Framework, where the receiving organisation is certified under it.
- Standard Contractual Clauses approved by the European Commission, with supplementary measures where required following our transfer assessment.
- Your explicit consent, where appropriate and after being informed of the risks.
You can ask us for a copy of the safeguards in place for a specific transfer by emailing admin@kadamanagement.com.
9. HOW LONG WE KEEP YOUR DATA
- Website enquiry messages: up to 24 months from last contact, then deleted unless they form part of a client file.
- Client records (contracts, deliverables, working files): for the duration of the engagement and for 6 years after the engagement ends, to meet accounting and limitation-period obligations.
- Accounting and tax records: 6 years (Companies Act 2014, Taxes Consolidation Act 1997).
- Marketing list data (MailerLite): until you unsubscribe or are inactive for 24 consecutive months.
- Website analytics: standard provider retention periods (typically 14 to 26 months).
When the retention period ends, we delete or anonymise the data.
10. HOW WE PROTECT YOUR DATA
- Multi-factor authentication on business email, cloud storage, password manager and key SaaS tools.
- Encrypted storage and TLS in transit.
- Access on a need-to-know basis; KADA is a small business and access is limited to the controller and any contractors who have signed confidentiality terms.
- Regular software and device updates and reputable endpoint protection.
- Written sub-processor and confidentiality agreements where we engage third parties.
No system is completely secure. If we become aware of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours and you without undue delay where required under Articles 33-34 GDPR.
11. COOKIES AND SIMILAR TECHNOLOGIES
Our website uses a small number of cookies and similar technologies. Strictly necessary cookies are set without consent; non-essential cookies (including analytics) are set only after you accept them through our cookie banner. You can change or withdraw your consent at any time via the cookie settings on the site or through your browser controls.
- Strictly necessary - allow the site to function (for example session and security cookies).
- Analytics - Google Analytics, to understand how the site is used. Aggregated and pseudonymised where possible.
- Preferences - remember choices such as cookie consent.
Disabling cookies through your browser may affect site functionality.
12. YOUR RIGHTS
Under the GDPR you have the following rights. We will respond to a valid request within one month, extendable by a further two months for complex requests.
- Right of access (Art. 15) - a copy of the personal data we hold about you.
- Right to rectification (Art. 16) - correction of inaccurate or incomplete data.
- Right to erasure (Art. 17) - deletion in specified circumstances.
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20) - receive your data in a structured, machine-readable format.
- Right to object (Art. 21) - including objection to processing based on legitimate interests and to direct marketing at any time.
- Right to withdraw consent at any time where processing is based on consent (Art. 7).
- Right not to be subject to a decision based solely on automated processing (Art. 22) - as noted above, we do not carry out such processing.
To exercise any right, email admin@kadamanagement.com with "Data request" in the subject line. We may need to verify your identity before responding.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the supervisory authority. In Ireland this is:
- Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.
- Tel: +353 (0)761 104 800. Web: www.dataprotection.ie.
UK residents may complain to the Information Commissioner's Office (ico.org.uk).
13. CHILDREN
Our website and services are aimed at businesses and adults. We do not knowingly collect personal data from children under 16, which is the digital-consent age in Ireland under section 31 of the Data Protection Act 2018. If you believe a child has provided personal data to us, please contact admin@kadamanagement.com and we will delete it.
14. CHANGES TO THIS POLICY
We may update this policy from time to time. The current version is always available at www.kadamanagement.com/privacy-policy with the "Last updated" date at the top. Material changes will be notified by email to clients and active marketing subscribers.
15. CONTACT
Questions, requests and complaints about this policy or your personal data:
- Email: admin@kadamanagement.com
- Post: KADA Management Limited, Moneygall, Co. Offaly, Ireland.
(c) 2026 KADA Management Limited. All rights reserved.
