Last update: 06.01.2026

This Privacy Policy explains how Kahlem Advisory (“we”, “us”, “our”) collects and processes personal data when you visit our website, contact us, apply for a fit call, or work with us.

We comply with the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection rules.

1) Who is the controller?

Controller: [Scientific Network Management, S.L. / “Kahlem Advisory”]
Address: Avenida de Mistral 40, Entresuelo 8, 08015, Barcelona, Spain
Email: dominique@kahlemadvisory.com
Phone: +34936940535
Website: https://www.kahlemadvisory.com

Data Protection Officer (DPO): We have not appointed a DPO as we are not required to do so based on our activities and size.

2) What data we collect

Depending on how you interact with us, we may process:

A) Data you provide via forms / applications

• Full name

• Email address

• Phone number

• Company name

• Company website

• Business information you submit (e.g., current monthly revenue range, revenue target, current number of clients, client target, and your stated growth constraint)

B) Communications

• Content of emails/messages you send us and our replies

• Call notes and scheduling details (if you book a call)

C) Basic website data
Our site (via Framer) may process basic technical data necessary to load and secure the website (e.g., IP address, device/browser information, timestamps). (If you add analytics later, update this section and your cookie consent setup.)

We do not intend to collect special category data (health, biometrics, etc.). Please do not submit it.

3) Why we process data (purposes) and the legal basis

We process personal data only when we have a lawful basis under GDPR.

Purpose 1 — Respond to enquiries and fit-call applications
What we do: review your submission, assess fit, contact you, and schedule a call.
Legal basis: pre-contract steps / contract necessity (GDPR Art. 6(1)(b)) and/or legitimate interests (efficiently handling inbound requests).

Purpose 2 — Deliver services to clients
What we do: provide consulting services, manage communications, and run operations needed to perform the agreement.
Legal basis: contract (GDPR Art. 6(1)(b)).

Purpose 3 — Business administration (invoicing, accounting, compliance)
What we do: retain required records and manage billing/admin.
Legal basis: legal obligation (GDPR Art. 6(1)(c)) and/or contract.

Purpose 4 — Improve and protect our website and communications
What we do: ensure security, prevent abuse, troubleshoot issues.
Legal basis: legitimate interests (security and service reliability).

Purpose 5 — Marketing communications (only when permitted)
If we send you updates or promotional messages, we do so only where lawful and you can opt out at any time. In Spain, unsolicited promotional emails generally require prior consent except for limited cases.

4) Who we share data with (processors)

We share personal data only as needed to operate:

• Framer (website hosting and form handling)

• Microsoft 365 (Email provider)

• Odoo (CRM provider, to manage applications, leads, and client relationships)

These providers act as processors (or sometimes independent controllers) under their own terms. We aim to use vendors that provide appropriate contractual protections (e.g., GDPR data processing terms).

5) International data transfers

Some service providers may process data outside the EU/EEA. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses under GDPR Art. 46.

6) How long we keep data (retention)

We keep personal data only as long as needed for the purposes above:

• Fit call applications / enquiries: typically retained for a reasonable period to follow up and manage pipeline, then deleted or anonymized unless you become a client.

• Client data: retained for the duration of the engagement and thereafter only as needed for legitimate business needs and applicable legal/accounting obligations.

• Communications: retained as necessary for continuity, evidence of agreements, and dispute handling.

7) Your rights (GDPR)

You have the right to:

• Access your data

• Rectify inaccurate data

• Erase your data (in certain cases)

• Restrict processing (in certain cases)

• Data portability (where applicable)

• Object to processing (especially where we rely on legitimate interests)

These rights are set out in GDPR Chapter 3 (Articles 15–21).

To exercise your rights, email us at [YOUR EMAIL]. We may ask for verification to protect your data.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).

8) Children / minors

Our services are intended for business owners and professionals and are not directed to minors. In Spain, consent for certain online services is linked to an age threshold (commonly referenced as 14 years).

9) Security

We apply reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No online system is 100% secure, but we work to reduce risk.

10) Cookies

We use only the cookies/technology necessary for the website to function securely and correctly. If we add non-essential cookies (e.g., analytics/marketing), we will update this policy and, where required, implement consent mechanisms.

(If you plan to run analytics soon, tell me which tool and I’ll adapt this section + your cookie banner text.)

11) Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date will reflect the current version.

12) Contact

For privacy questions or requests, contact:
Email: dominique@kahlemadvisory.com
Address: Avenida Mistral 40, Entresuelo 8, 08015 Barcelona, Spain