BuyerRecon – Website and Service Privacy Notice

Effective Date: 24 March 2026

1. Introduction and Scope

This Privacy Notice explains how Keigen Technologies UK Limited (“Keigen”, “we”, “us”, “our”) processes personal data in connection with:

• (a) visits to buyerrecon.com and related Keigen websites;
• (b) BuyerRecon customer accounts, onboarding, billing, support, and commercial communications; and
• (c) BuyerRecon service data processed when a customer deploys BuyerRecon on its own website or systems.

Because these contexts involve different data flows and legal roles, this Notice is structured in separate sections below.

2. Who Is Responsible for Your Data

Keigen Technologies UK Limited, 70 London Road, Twickenham, London, UK, company number 13145552, is the controller for:

• (a) buyerrecon.com website visitor data collected directly by us;
• (b) customer account, billing, support, and relationship-management data; and
• (c) certain limited data we process for our own business purposes, such as security, abuse prevention, service integrity, legal compliance, and aggregated service analytics.

When a BuyerRecon customer deploys BuyerRecon on its own website and instructs us to process visitor-related data for that customer’s sales, analytics, or lead-intelligence purposes, that customer is generally the controller of that deployment data and Keigen acts as processor, unless otherwise expressly stated.

Data protection contact: For privacy and data protection questions, contact hello@keigen.co.uk.

3. Data We Collect Directly Through buyerrecon.com and Related Keigen Websites

We may collect:

• contact details you submit, such as name, business email, phone number, company, job title, and message content;
• booking, demo, inquiry, or download information;
• website usage, analytics, cookie, browser, device, and approximate geolocation data;
• marketing preferences and related communication records.

4. Data We Collect in Connection with Customer Accounts and Commercial Relationship Management

We may collect:

• account credentials and administrative user details;
• billing and subscription records;
• support, onboarding, and implementation communications;
• product usage, login, security, audit, and configuration records;
• CRM and commercial relationship data connected with our customers or prospective customers.

5. Data Processed Through BuyerRecon When Deployed by a Customer

Depending on configuration, customer instructions, and lawful deployment, BuyerRecon may process:

• IP-related data and similar online identifiers;
• cookie or browser/session identifiers;
• page views, timestamps, referrers, session duration, visit patterns, and related engagement signals;
• organisation-level matching or enrichment outputs, such as company name, industry, size band, technographic or firmographic attributes, and related commercial signals;
• CRM or enrichment data provided by or connected by the customer.

BuyerRecon is designed primarily to infer organisation-level signals rather than identify named natural persons. However, certain technical data processed in connection with website interactions may constitute personal data under applicable law depending on context.

6. Data Obtained from Other Sources, Including Public Sources

We and our service providers may obtain business-related and, in some cases, personal data from other sources, including public registers, company websites, professional directories, enrichment vendors, business intelligence databases, and customer-connected systems.

Where applicable, we will describe the categories and sources of such data and the purposes for which it is used. Public availability of information does not, by itself, remove data protection obligations.

7. How We Use Personal Data and Our Legal Bases

A. buyerrecon.com Website Operations

• to operate and secure the website;
• to analyse traffic, content usage, and site performance;
• to respond to inquiries, demo requests, and downloads;
• to manage marketing preferences and send relevant communications where permitted.

Legal bases: consent where required; legitimate interests; legal obligation where applicable.

B. Customer Account, Service Delivery, and Commercial Relationship Management

• to provision and administer accounts;
• to provide support, onboarding, billing, and subscription management;
• to monitor service integrity, performance, abuse, and fraud;
• to maintain business records and comply with law.

Legal bases: contract; legitimate interests; legal obligation.

C. BuyerRecon Customer Deployment Processing

• to process customer-instructed visitor-intelligence, analytics, organisation-resolution, enrichment, and lead-signal activities;
• to support customer-configured reporting, scoring, and workflow outputs.

Legal basis: where Keigen acts as processor, we rely on the customer’s instructions and legal basis as controller.

D. Keigen’s Limited Independent Purposes in Relation to Service Operations

• to secure the service;
• to prevent abuse or misuse;
• to maintain logs, resilience, and service continuity;
• to generate aggregated or de-identified service analytics and improve the service.

Legal bases: legitimate interests; legal obligation where applicable.

8. Sharing Personal Information

• Sub-processors: cloud hosting, payment processing, analytics, enrichment, visitor intelligence, CRM connectivity (see Sub-Processors page).
• Legal requirements: when required by law or valid legal process.
• Business transfers: in connection with mergers, acquisitions, or asset sales.

We do not sell your personal information.

9. International Data Transfers

Personal data may be transferred to countries outside the UK and EEA. Where required, we rely on adequacy regulations, the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other valid safeguards under applicable law, together with transfer risk assessments and supplementary measures where appropriate.

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Notice, comply with legal obligations, and enforce our agreements.

• Customer Deployment Data (Processor): Visitor-intelligence, analytics, and related deployment data processed on behalf of a customer is retained for the duration of the relevant Subscription. Upon termination, the customer has a 30-day export period, after which such data is permanently deleted within a further 30 days (that is, within 60 days of termination), except where retention is strictly required by applicable law.
• Account, Billing, and Commercial Relationship Data (Controller): Administrative account details, billing records, invoices, and related commercial records may be retained for up to 6 years from the end of the relevant financial year, or longer where required by law or where reasonably necessary for tax, accounting, audit, dispute resolution, or enforcement purposes.

11. Your Rights

Depending on the context and applicable law, you may have rights to access, correct, erase, restrict, object to, or request portability of your personal data, and to withdraw consent where processing is based on consent.

If your request relates to BuyerRecon data collected on a customer’s website, you may need to contact that customer first, because they are typically the controller of that deployment data.

You may also contact us at hello@keigen.co.uk and we will direct or assist your request as appropriate. We respond within one month, subject to lawful extensions where applicable.

12. If We Obtain Your Data from Other Sources

Where we act as controller and obtain personal data from sources other than directly from you, we aim to provide relevant privacy information within a reasonable period and no later than one month, unless an exception under applicable law applies. Where BuyerRecon is used by a customer acting as controller, that customer is generally responsible for Article 14 transparency obligations, and we will assist as required by law or contract. Where we rely on an exception, we will assess and document that position as appropriate and may publish relevant privacy information in an accessible form, including on our “How BuyerRecon Uses Publicly Available Information” page.

13. Security

We implement appropriate technical and organisational measures including encryption, access controls, audit logging, and regular security assessments.

14. Children

The Service is designed for B2B use and is not directed to individuals under 16. We do not knowingly collect data from children.

15. Changes

We will notify you of material changes via email or notice on buyerrecon.com at least 30 days before they take effect, except where a shorter notice period is reasonably necessary to address legal, regulatory, or security requirements.