BnK Consulting Privacy Policy

---

BnK Consulting
Effective Date: 1st Feb 2026
Last Updated: 16th Feb 2026

1. Introduction

This Privacy Policy explains how BnK Consulting (“we”, “us”, “our”) collects, uses, stores and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (Ireland).

We are committed to protecting your privacy and handling your personal data transparently and securely.

2. Data Controller

For the purposes of data protection law, the data controller is: BnK Consulting
Trading as: BnK Consulting
Email: dpo@bnkconsutling.eu
Website: bnkconsulting.eu

If you have any questions about this policy or how your data is handled, please contact us using the details above.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide Directly

• Name
• Business name
• Job title
• Email address
• Phone number
• Postal address
• Information provided via contact forms
• Information shared during consultations, workshops, or engagements
• Billing and invoicing information

3.2 Automatically Collected Data

When you visit our website, we may collect:

• IP address
• Browser type and version
• Device information
• Pages visited
• Time and date of visit
• Referral source

3.3 Marketing Information

• Email subscription preferences
• Event registrations
• Communications preferences

We do not intentionally collect special category (sensitive) personal data unless necessary and lawful to do so.

4. Legal Basis for Processing

We process personal data under the following lawful bases:

Purpose                                                            Legal Basis

Responding to enquiries                   Legitimate interest

Delivering contracted services       Contract

Invoicing and financial records      Legal obligation

Marketing communications            Consent or legitimate interest

Website analytics                               Legitimate interest

Compliance with law                         Legal obligation

Where consent is relied upon, you may withdraw consent at any time.

5. How We Use Your Data

We use personal data to:

• Provide professional consulting services
• Communicate regarding enquiries or projects
• Issue invoices and manage accounts
• Improve our website and services
• Send relevant updates or marketing communications (where permitted)
• Comply with legal and regulatory obligations

We do not sell personal data.

6. Data Sharing

We may share personal data with trusted third parties where necessary, including:

• Accountants or professional advisers
• IT service providers (e.g. cloud storage, email platforms)
• Website hosting providers
• Payment processors
• Legal authorities where required by law

Where third-party processors are used, appropriate Data Processing Agreements (DPAs) are in place. If data is transferred outside the EEA, we ensure appropriate safeguards are applied (e.g. Standard Contractual Clauses).

7. Data Retention

We retain personal data only for as long as necessary:

• Client records: typically 6–7 years (for tax and legal compliance)
• Marketing data: until consent is withdrawn
• Website analytics: as per platform settings

When data is no longer required, it is securely deleted.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure cloud-based systems
• Password protection and multi-factor authentication
• Limited access controls
• Encrypted communications where appropriate

While we take reasonable steps to protect data, no internet transmission is completely secure.

9. Your Data Protection Rights

Under GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure (“right to be forgotten”)
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent (where applicable)
• Lodge a complaint

To exercise your rights, contact us using the details above.

You also have the right to lodge a complaint with:

Data Protection Commission (Ireland)
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Website: www.dataprotection.ie

10. Cookies

Our website may use cookies for:

• Website functionality
• Analytics
• Performance tracking

Where required, a cookie banner allows users to manage preferences. You can control cookies through your browser settings.

For more detail, see our Cookie Policy.

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices.

12. Online Meetings and Recordings (Video Conferencing Platforms)

We may conduct meetings, interviews, workshops or training sessions via platforms such as Zoom or Microsoft Teams.

12.1 Recording

Sessions will only be recorded where:

• Necessary for delivery of contracted services
• Required for documentation or agreed training purposes
• Explicitly agreed in meeting or in advance

Participants will be informed prior to recording. Where required, consent will be obtained.

Recording is not automatic and will not occur without notification.

12.2 Data Processed During Sessions

The following personal data may be processed:

• Name and contact details
• Audio and video streams
• Chat contributions
• Screen shares and shared files
• Meeting transcripts (if enabled)

12.3 Storage and Retention

Recordings are:

• Stored securely using encrypted cloud infrastructure
• Access-restricted
• Retained only for as long as necessary for contractual delivery
• Deleted when no longer required

Where platforms act as processors, we rely on their GDPR-compliant contractual commitments.

13. Artificial Intelligence (AI) Use in Service Delivery

We may use AI-enabled tools to support research, structuring, ideation, prototyping and documentation activities.

13.1 Scope of AI Usage

AI systems are used solely as assistive technologies to:

• Accelerate  analysis
• Structure information
• Generate draft artefacts
• Support innovation workflows & Prototype builds

AI is not used for fully automated decision-making that produces legal or similarly significant effects.

13.2 Data Minimisation and Safeguards

When using AI tools:

• Personal data inclusion is minimised
• Data is anonymised or pseudonymised where possible
• Confidential client information is not retained beyond service delivery needs
• Special category data is not processed unless strictly necessary and lawful

We do not use client data to train public AI models.

13.3 International Transfers

If AI providers process data outside the EEA, appropriate safeguards are implemented, including:

• EU Standard Contractual Clauses
• Adequacy decisions (where applicable)
• EU–US Data Privacy Framework (where relevant)

13.4 Human Oversight

All AI outputs are reviewed by a qualified professional before use.
Professional judgement remains central to all advisory services.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.