Cybersecurity lock icon on a digital background

Our Commitment

Privacy Policy

Your privacy is important to us. This policy explains what data we collect and how we use it to provide our services, ensuring transparency and security.

Last updated: 27 October 2025

Who We Are & Contact
What Data We Collect
Why We Use Your Data
Cookies & Technologies
Payments
Analytics & Marketing
Sharing & Transfers
Data Retention
Your Rights
Security
Automated Decisions
Children's Privacy
Third-Party Links
Policy Changes

Introduction

This Privacy Policy explains how BOSIT GROUP LTD (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you visit https://bosit.co.uk (the “Website”) or interact with our services (the “Services”). Please read this together with our separate Cookie Policy.

Scope & Applicable Laws

This Policy has been drafted in accordance with: the UK General Data Protection Regulation (UK GDPR); the EU General Data Protection Regulation (EU GDPR) (where applicable); the Data Protection Act 2018; and the Privacy and Electronic Communications Regulations (PECR). We also respect browser-based privacy signals, including the Global Privacy Control (GPC) standard.

1. Who We Are & How to Contact Us

Controller: BOSIT GROUP LTD

Registered Office: Coventry, England, United Kingdom

Company number: 15376757

Jurisdiction: England and Wales

Website: https://bosit.co.uk

Email: contact@bosit.co.uk / privacy@bosit.co.uk

All requests relating to the exercise of data subject rights, complaints, or general privacy enquiries should be submitted to the above email addresses.

2. What Data We Collect

A. Data Provided Directly by You

We may collect the following information that you provide voluntarily:

Identity and contact details: name, company name, position or job title, email address, telephone number.
Account data: username, login identifier, and password (where an account is created).
Communications: enquiry form submissions, customer support messages, chat transcripts, attachments, and call notes.
Marketing preferences: newsletter sign-ups, consent records, and opt-in/opt-out selections.
Recruitment data: CV/résumé, cover letter, portfolio links, interview notes, and employment history (if you apply for a role).

B. Data Collected Automatically

When you interact with our Website, we may automatically collect:

Technical information: IP address, browser type and version, device type, operating system, time zone, referring URLs, and country/city-level geolocation.
Usage and performance data: time spent, clicks, scrolling behaviour, page load times, and error logs.
Cookies and SDKs: as detailed in our Cookie Policy, including strictly necessary, analytics, performance, preference, and marketing cookies.

BOSIT does not intentionally collect special category data (e.g., health, ethnicity, political opinions) and does not knowingly collect any data relating to children (see §12).

C. Live chat & pre-chat forms

When you use our live chat widget (currently provided by tawk.to), we may collect the information that you enter into the pre-chat form, such as your name, business email address, phone number, company name and company registration number, together with the content of your messages and certain technical metadata (including timestamps, browser type, and approximate location based on IP address).

We use these details to identify you and your organisation, respond to and track your enquiry, and to prevent spam, abusive, or clearly non-genuine use of the chat. Live chat is intended only for genuine business enquiries and we may choose not to respond to messages that are incomplete, fictitious, or inappropriate. You should not use the chat to send sensitive or special category data (for example information about health, children, or other highly personal details).

3. Why We Use Your Data (Purposes and Legal Bases)

We process personal data only when we have a lawful basis as defined under Article 6 of the UK GDPR. Consent may be withdrawn at any time by contacting us or through the Cookie Settings panel.

Purpose	Examples	Lawful Basis
To provide and secure our Website and Services	authentication, availability, fraud and abuse prevention, technical maintenance	Contract / Legitimate interests
To manage customer support and communications	responding to user enquiries, complaints, or requests (including live chat)	Contract / Legitimate interests
To improve and develop our products and Website	debugging, analytics, and user experience testing	Legitimate interests (proportionate and minimal)
Analytics and audience measurement	GA4 with IP anonymisation and Consent Mode	Consent
Marketing and communications	newsletters, campaign optimisation (Google/Meta)	Consent (or Legitimate interests for B2B marketing, with opt-out)
Payments and invoicing	order fulfilment, fraud prevention, and transaction records	Contract / Legal obligation
Legal and regulatory compliance	maintaining records, responding to lawful requests, ensuring information security	Legal obligation / Legitimate interests

4. Cookies & Similar Technologies

We use cookies, pixels, tags, and local storage to operate our Website. Except for strictly necessary cookies, we use these technologies only when you have provided your explicit consent via our cookie banner.

Our banner enables you to “Accept All”, “Reject All”, or “Customise” preferences at any time via the Cookie Settings section in the website footer. We honour Global Privacy Control (GPC) as an automatic opt-out for non-essential cookies.

5. Payments

Payments on our Website are processed securely through Stripe, which acts as an independent data processor under its own privacy and compliance framework. We do not have access to or store any cardholder information. Stripe is certified under the Payment Card Industry Data Security Standard (PCI-DSS). We only retain transaction-related metadata required for invoicing, accounting, and statutory compliance.

6. Analytics, Performance & Marketing

Analytics:

We utilise Google Analytics 4 (GA4) with IP anonymisation and Consent Mode v2, ensuring that no identifiable information is collected without consent.

Performance & Testing:

Occasionally, we may run controlled A/B tests or collect limited usage data for stability and performance monitoring, strictly within user consent settings.

Marketing:

Where consent or legitimate interest applies, we may measure and optimise the performance of advertising campaigns (e.g., Google Ads, Meta Ads). We do not engage in cross-context behavioural advertising or sell personal data to third parties.

You may manage your preferences at any time via the Cookie Settings panel.

8. Data Retention

Personal data is retained only for as long as necessary for the purposes stated above, and then securely deleted or anonymised.

Data Category	Retention Period
Support communications	Up to 24 months after case closure
Marketing data	Until withdrawal of consent or prolonged inactivity
Analytics data	14–26 months, subject to consent
Payment records	As required by tax and accounting laws

Data may be retained longer where required by legal or regulatory obligations.

9. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

Access your personal data and receive a copy.
Rectify inaccurate or incomplete data.
Erase your data (“right to be forgotten”).
Restrict or object to processing based on legitimate interests or direct marketing.
Data portability of information you provided to us.
Withdraw consent at any time (this does not affect prior lawful processing).

To exercise any of these rights, please contact us at privacy@bosit.co.uk or contact@bosit.co.uk. We reserve the right to verify your identity before fulfilling any request.

10. Security

We implement appropriate administrative, technical, and physical safeguards to protect your personal data, including but not limited to:

TLS/HTTPS encryption for all website communications;
secure infrastructure hardened against intrusion;
strict access controls and role-based permissions;
encryption and secret key management;
network firewalls and real-time monitoring;
continuous patching and system updates; and
employee confidentiality undertakings and training.

Despite robust measures, no online transmission is entirely risk-free. BOSIT continuously reviews and enhances its information security framework.

11. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or significant effects on individuals. If this practice changes in the future, we will update this Policy and provide prior notice.

12. Children’s Privacy

Our Website and Services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors. If you believe that a child has provided us with their data, please contact privacy@bosit.co.uk so we can promptly remove it.

13. Third-Party Links

Our Website may contain links to external websites or resources. These third parties have independent privacy policies, and BOSIT bears no responsibility for their content, security, or data-handling practices. We recommend reviewing their privacy statements before submitting personal information.

14. Changes to This Policy

We may revise this Privacy Policy periodically to reflect legal, technical, or operational developments. The “Last updated” date at the top of this page indicates when this Policy was last amended. Substantive changes will be communicated through our Website and, where necessary, renewed consent will be sought.