Privacy Policy

1 Introduction

This Privacy Policy ("Policy") sets forth the manner in which Boland Intelligence Group Ltd. ("Boland", "we", "our", or "us") collects, uses, processes, shares, and protects personal data in accordance with applicable data protection legislation, including but not limited to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR) where applicable, and other relevant privacy frameworks.

This Policy applies to:

• • Visitors to our website (https://www.bolandintelligencegroup.co.uk);
• • Clients and prospective clients;
• • Users of our AI-powered services and automation tools;
• • Representatives of business clients and partners;
• • End users whose data may be processed through client use of our services.

2 Legal Basis for Processing

We process personal data in accordance with Article 6 and, where applicable, Article 9 of the UK and EU GDPR. The primary legal bases relied upon include:

• Consent (Art. 6(1)(a)) – for direct marketing, use of cookies, and optional features;
• Contractual Necessity (Art. 6(1)(b)) – to perform obligations under a service agreement;
• Legal Obligation (Art. 6(1)(c)) – for compliance with legal, tax, or regulatory requirements;
• Legitimate Interests (Art. 6(1)(f)) – for business efficiency, service enhancement, security, and fraud prevention;
• Explicit Consent (Art. 9(2)(a)) – where special category data is involved.

3 Categories of Data Collected

We may collect and process the following categories of personal data, either directly from you or through automated means:

4 Purposes of Processing

We collect and use personal data for the following purposes:

• • To establish, manage, and fulfill contracts with clients and partners;
• • To provide AI-driven automation, consultancy, or productivity services;
• • To monitor, maintain, and improve the performance and security of our platform;
• • To send relevant administrative or legal communications;
• • To fulfill legal and regulatory obligations, including anti-fraud measures;
• • To analyze usage trends and improve our offerings using pseudonymised data;
• • To manage cookies and track website engagement, where lawful.

We do not use personal data for automated decision-making that produces legal or similarly significant effects without human intervention.

5 Use of AI and LLM Providers

Boland integrates third-party large language model (LLM) providers to deliver AI automation services. The following processors may receive limited client data depending on service usage:

These third parties act as sub-processors under our Data Processing Addendum (DPA). We take reasonable steps to ensure they offer equivalent safeguards as mandated by the UK GDPR and SCCs where applicable.

6 Data Sharing and Disclosures

We do not sell or rent your personal data.

We may disclose personal data to the following categories of recipients:

• • Authorised employees, contractors, or agents who require the data for operational purposes under strict confidentiality obligations;
• • Cloud service providers, infrastructure hosts, and AI vendors, as set out in our sub-processor list;
• • Legal or regulatory authorities, where required by law or under court order;
• • Professional advisors, such as lawyers, accountants, or auditors, bound by professional secrecy obligations.

7 International Data Transfers

Where we transfer personal data to jurisdictions outside the United Kingdom or European Economic Area (EEA), we ensure appropriate safeguards, including:

• • UK Addendum to the EU Standard Contractual Clauses (SCCs);
• • International Data Transfer Agreements (IDTAs);
• • Vendor participation in the EU-U.S. Data Privacy Framework (where applicable);
• • Explicit consent from data subjects (where legally permissible).

8 Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by applicable law. Retention periods vary depending on the nature of the data:

Upon expiry of retention periods, data is securely deleted or anonymised in accordance with NIST SP 800-88 standards.

9 Data Security

We implement appropriate technical and organisational measures (TOMs) to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures include:

• • Encryption at rest and in transit (TLS 1.2+ / AES-256);
• • Access controls with MFA and role-based restrictions;
• • Logging and monitoring of privileged access;
• • Internal data protection policies and staff training.

In the event of a personal data breach, we will notify the relevant supervisory authority and affected data subjects, as required by law.

10 Data Subject Rights

Under applicable data protection laws, you may exercise the following rights:

11 Cookies and Tracking Technologies

Our website uses cookies and similar technologies for analytics, preferences, and user authentication. A cookie banner is presented on your first visit, allowing you to manage consent preferences.

For more information, see our Cookie Policy.

12 Third-Party Services and Links

Our services may contain links to external websites or integrations with third-party systems. We are not responsible for the privacy practices of those parties and recommend reviewing their privacy notices before engaging.

13 Changes to This Policy

We reserve the right to update or modify this Policy at any time. Significant changes will be notified via email or website banner. Continued use of our services constitutes acceptance of the updated Policy.

14 Contact and Complaints

For any data protection queries, complaints, or rights requests, please contact our Data Protection Officer (DPO):