Privacy Policy

Effective Date: February 2026

At Kuma, we are committed to protecting the privacy and security of the personal data we process. This policy explains how we collect, use, and safeguard your information when you visit kuma.ie or engage with our services.

1. Data Controller

Kuma Healthcare Consulting is the "Data Controller" for the personal information collected via this website. Contact: [Insert Email Address] Location: Ireland

2. Data We Collect

We collect information only when it is necessary to provide our services or improve your experience:

  • Identity Data: Name, job title, and organization name.

  • Contact Data: Email address and phone number.

  • Technical Data: IP address, browser type, and usage patterns (collected via cookies).

  • Consulting Data: Information provided by you regarding your healthcare organization’s challenges or requirements.

3. Legal Basis for Processing

Under GDPR, we process your data under the following legal bases:

  1. Contractual Necessity: To perform the consulting services you have requested.

  2. Legitimate Interests: To respond to inquiries and improve our website's functionality.

  3. Consent: Where you have explicitly opted-in to receive our newsletter or updates.

4. How We Use Your Data

We use your information to:

  • Provide professional healthcare consulting and strategic advice.

  • Communicate with you regarding project updates or inquiries.

  • Ensure compliance with Irish healthcare regulatory standards (e.g., HIQA, HSE).

  • Maintain the security and integrity of our website.

5. Data Retention

We keep your personal data only as long as necessary:

  • Inquiry Data: Deleted after 12 months if no business relationship is formed.

  • Client Data: Retained for 7 years following the conclusion of a contract (to comply with Irish financial and legal record-keeping requirements).

6. Data Sharing & International Transfers

  • Third-Party Providers: We may use secure third-party processors (e.g., Google Workspace, Microsoft 365, or Irish-based hosting) to manage data.

  • No Selling: We never sell or rent your personal data to third parties.

  • Transfers: If data is transferred outside the European Economic Area (EEA), we ensure "Standard Contractual Clauses" (SCCs) are in place to maintain EU-level protection.

7. Your Rights Under GDPR

As an individual in the EU/Ireland, you have the following rights:

  • Access: Request a copy of the data we hold about you.

  • Correction: Request that we fix inaccurate information.

  • Erasure: Request that we delete your data ("The Right to be Forgotten").

  • Portability: Request a transfer of your data to another provider.

  • Complaint: You have the right to lodge a complaint with the Data Protection Commission (DPC) of Ireland.

8. Cookies and Tracking

We use "cookies" to enhance your experience.

  • Necessary Cookies: Required for the site to function.

  • Analytical Cookies: Help us understand how visitors use the site (e.g., Google Analytics).

  • You can manage your cookie preferences through your browser settings or our on-site cookie banner.

9. Security

We implement industry-standard technical and organizational measures (such as SSL encryption and two-factor authentication) to protect your data against unauthorized access or loss.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Effective Date."