How BOOLINOR LTD collects, uses, stores and protects personal data.
This Privacy Policy is issued by BOOLINOR LTD, a company registered in England and Wales, with its registered office at 58 The Stables, Wynyard, Billingham, United Kingdom, TS22 5SG (referred to in this document as "BOOLINOR", "we", "us" or "our").
BOOLINOR LTD is the data controller for all personal data collected through the boolinor.works website and through our commercial and training activities. As data controller, BOOLINOR is responsible for determining the purposes and means by which personal data is processed.
We take the privacy and security of personal data seriously. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, how long we retain it and what rights you have in relation to it. It applies to all personal data collected through our website at boolinor.works, through enquiry and contact forms, through our service delivery process, and through direct communications by email or telephone.
This Privacy Policy is governed by the UK General Data Protection Regulation (UK GDPR) as retained in UK law under the European Union (Withdrawal) Act 2018, and the Data Protection Act 2018. It applies to all natural persons whose personal data is processed by BOOLINOR LTD in connection with its business activities.
If you have questions about this Privacy Policy or about how BOOLINOR handles your personal data, you may contact us at: RobertVane@boolinor.works or by writing to the registered address above.
BOOLINOR collects and processes personal data in the following categories, depending on how you interact with us:
When you submit an enquiry through the contact form on boolinor.works, or when you contact us directly by email or telephone, we collect the following personal data:
When you or your organisation engages BOOLINOR for a training programme or consulting service, we collect additional personal data required to manage and deliver that engagement:
When you visit boolinor.works, our hosting infrastructure and analytics tools may automatically collect certain technical data:
This data is collected in aggregate form and is not used to identify individual visitors unless a security incident or legal matter requires us to trace a specific visit. Our use of cookies is described separately in our Cookie Policy.
BOOLINOR may process personal data relating to individual contractors, freelancers or sole traders who provide services to BOOLINOR LTD. This includes contact information, bank or payment details, and professional documentation required for due diligence and contractual purposes.
Under the UK GDPR, BOOLINOR is required to identify a lawful basis for each category of personal data processing. We rely on the following lawful bases:
We process enquiry and contact data on the basis of our legitimate interests in responding to potential clients and in managing inbound business communications. It is in the legitimate interest of both BOOLINOR and the individuals who contact us to have their enquiries reviewed and responded to. We have assessed this basis and concluded that our legitimate interests are not overridden by your interests or rights, given that enquiries are submitted voluntarily and relate to a professional service context.
Where you or your organisation has entered into a commercial engagement agreement with BOOLINOR, we process personal data to the extent necessary to perform that contract. This includes processing participant details to deliver training modules, processing billing contact details to issue invoices and process payments, and processing technical contact details to manage environment access and handover documentation.
BOOLINOR processes certain personal data to comply with its legal obligations under United Kingdom law. This includes the retention of accounting and tax records, compliance with requests from regulatory authorities, and adherence to the requirements of the Data Protection Act 2018.
Where BOOLINOR sends optional marketing communications or newsletters relating to new service modules, content publications or events, we do so only on the basis of your explicit consent. You may withdraw consent at any time by contacting us at RobertVane@boolinor.works or by following the unsubscribe instructions in any marketing email.
BOOLINOR uses the personal data it collects for the following purposes:
BOOLINOR does not sell, rent or trade personal data to any third party. We share personal data only in the following limited circumstances:
BOOLINOR uses a small number of third-party service providers to support its operations. These providers process personal data as data processors under contract with BOOLINOR, and only according to our written instructions. Current categories of third-party processors include:
All third-party processors with whom BOOLINOR shares personal data are contractually required to maintain appropriate technical and organisational security measures and to process data only for the purposes specified by BOOLINOR.
BOOLINOR may disclose personal data to law enforcement agencies, courts, regulators or other public authorities where we are legally required to do so, or where disclosure is necessary to establish, exercise or defend legal claims.
In the event that BOOLINOR LTD is involved in a merger, acquisition, asset sale or business restructuring, personal data held by BOOLINOR may be transferred to the successor entity as part of that transaction. We will notify affected individuals and data subjects in advance of any such transfer where practicable and where required by law.
BOOLINOR is a United Kingdom-based company and processes personal data primarily within the United Kingdom. Where any third-party processor used by BOOLINOR is located outside the United Kingdom, we ensure that appropriate safeguards are in place for the transfer of personal data to that country, in accordance with Chapter V of the UK GDPR.
Appropriate safeguards may include adequacy regulations made by the United Kingdom Secretary of State, standard contractual clauses approved for use under UK data protection law, or other legally recognised transfer mechanisms. Details of the safeguards applicable to any specific international transfer are available upon request by contacting RobertVane@boolinor.works.
BOOLINOR retains personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Our standard retention periods are as follows:
Where legal proceedings are initiated or anticipated, BOOLINOR may retain relevant personal data beyond the above periods until the matter is resolved and any applicable limitation period has expired.
BOOLINOR implements and maintains appropriate technical and organisational measures to protect personal data against accidental loss, destruction, damage, unauthorised access, disclosure or alteration. These measures include:
While BOOLINOR takes data security seriously, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of personal data transmitted to us electronically. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, BOOLINOR will notify the relevant supervisory authority (the Information Commissioner's Office) within 72 hours of becoming aware of the breach, and will notify affected individuals where required.
As a data subject under UK GDPR, you have the following rights in relation to your personal data processed by BOOLINOR LTD:
You have the right to request a copy of the personal data BOOLINOR holds about you (a "subject access request"). We will respond to your request within one calendar month of receipt. Where the request is complex or there are multiple requests, we may extend this period by a further two months, and we will inform you of the extension within the initial one-month period.
If the personal data BOOLINOR holds about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will act on reasonable rectification requests without undue delay.
In certain circumstances you have the right to request that BOOLINOR erase your personal data. This right applies where: the personal data is no longer necessary for the purposes for which it was collected; you withdraw consent and there is no other lawful basis for processing; you object to processing and there are no overriding legitimate grounds; the data has been unlawfully processed; or erasure is required to comply with a legal obligation. This right does not apply where processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
You have the right to request that BOOLINOR restricts the processing of your personal data in certain circumstances, including where you contest the accuracy of the data, where the processing is unlawful but you prefer restriction over erasure, or where BOOLINOR no longer needs the data but you require it for legal claims.
Where BOOLINOR processes your personal data by automated means and the processing is based on your consent or on a contract with you, you have the right to receive a copy of the personal data you have provided to BOOLINOR in a structured, commonly used and machine-readable format. You may also request that we transmit that data directly to another data controller where technically feasible.
You have the right to object to BOOLINOR's processing of your personal data where that processing is based on legitimate interests. Where you object, BOOLINOR will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or where the processing is necessary for the establishment, exercise or defence of legal claims. You also have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling related to such marketing, and BOOLINOR will stop such processing immediately upon receipt of your objection.
BOOLINOR does not make any decisions about individuals based solely on automated processing that produce legal effects or similarly significant effects. All decisions made by BOOLINOR that affect individuals are reviewed by a human member of staff.
To exercise any of the rights described in this section, please contact BOOLINOR by email at RobertVane@boolinor.works, or by writing to BOOLINOR LTD, 58 The Stables, Wynyard, Billingham, United Kingdom, TS22 5SG. We may need to verify your identity before processing your request. We will not charge a fee for handling your request unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or decline to act on the request.
If you are dissatisfied with how BOOLINOR has handled your personal data, or if you believe that BOOLINOR has processed your personal data in breach of the UK GDPR or the Data Protection Act 2018, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), which is the supervisory authority for data protection in the United Kingdom.
The ICO can be contacted at:
We would, however, encourage you to contact us directly at RobertVane@boolinor.works in the first instance, as we will endeavour to resolve any concerns without the need for a formal complaint to the ICO.
boolinor.works uses cookies and similar tracking technologies to support the operation and analytics of the website. A full description of the cookies we use, the purposes for which we use them, and how you can manage or decline cookies is provided in our Cookie Policy, which is available at cookie-policy.html.
boolinor.works may contain links to third-party websites, services or resources. This Privacy Policy applies only to boolinor.works and to the personal data processed by BOOLINOR LTD. When you navigate to a third-party website via a link on boolinor.works, your use of that website is governed by its own privacy policy and terms, for which BOOLINOR LTD accepts no responsibility. We encourage you to review the privacy policies of any third-party websites you visit.
BOOLINOR's services are directed at professional development teams, technical leads and business organisations. We do not knowingly collect personal data from individuals under the age of 18. Our website content, training programmes and consulting services are not intended for use by children. If BOOLINOR becomes aware that it has inadvertently collected personal data from an individual under 18 years of age, we will take immediate steps to delete that data from our records.
BOOLINOR may update this Privacy Policy from time to time to reflect changes in our processing activities, changes in applicable law, or improvements to our practices. When we make material changes to this Privacy Policy, we will update the "Last Updated" date at the top of this document and will post the revised version on boolinor.works. Where the changes are significant, we may notify existing clients and contacts by email.
We encourage you to review this Privacy Policy periodically. Continued use of boolinor.works and continued engagement with BOOLINOR's services following any update to this Privacy Policy constitutes your acknowledgement of the updated terms.
All data protection enquiries, subject access requests and requests to exercise your rights under the UK GDPR should be directed to:
BOOLINOR aims to acknowledge all data protection enquiries within five business days and to provide a substantive response within one calendar month. Where the matter requires additional time, we will notify you of the expected timeline within the initial response.
Where BOOLINOR processes personal data in the context of a business-to-business commercial relationship — for example, the personal data of employees, contractors or directors of a client organisation — it is the responsibility of the client organisation, as the data controller in respect of its own employees' personal data, to ensure that appropriate notices have been given to those individuals and that the sharing of their personal data with BOOLINOR is lawful. BOOLINOR will process such personal data only in accordance with the engagement agreement and this Privacy Policy.
Where a client organisation shares personal data with BOOLINOR for the purpose of configuring training environments or conducting an API estate audit, BOOLINOR will process that data solely for the purposes set out in the engagement scope document and will not retain it beyond the applicable retention period set out in Section 7 of this Policy.
For client engagements that involve BOOLINOR processing personal data on behalf of the client organisation — for example, where BOOLINOR accesses client systems or databases as part of an integration audit or consulting engagement — BOOLINOR is prepared to enter into a formal Data Processing Agreement (DPA) in accordance with Article 28 of the UK GDPR. Clients who require a DPA should indicate this requirement at the scoping stage of the engagement. BOOLINOR's standard DPA is available upon request from RobertVane@boolinor.works.