Boss Controls logo white header

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Data protection and privacy policy

Version: 2025

How we protect your information

Thank you for taking the time to learn about how Boss Controls Ltd protects your personal data.

Boss Controls Ltd is an independent limited company registered in England and Wales (Company No. 07308594). Established on 8th July 2010, we optimise Building Management Systems (BMS) within buildings to help organisations reduce energy consumption, save money, improve well-being and mental health, and increase productivity.

We are committed to safeguarding your data and protecting it from unauthorised access, misuse, or loss. This policy explains how we collect, use, store, and protect your data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

The data controller is Boss Controls Ltd, based in Horsham, Sussex, England. For any questions or concerns about this policy, you can contact us at:

What data do we collect?

We may collect and process the following types of personal data:

  • Contact Information: Name, email address, phone number, job title, company name, and address.
  • Technical Information: IP address, browser type, operating system, and information about website usage.
  • Marketing Preferences: Details about your preferences for receiving communications.
  • Other Data: Any information you provide when filling in forms, completing surveys, or corresponding with us.

How we use your data

We use your data for the following purposes:

  1. To provide you with information, products, and services you request from us.
  2. To process and fulfil contracts with you.
  3. To personalise your experience on our website.
  4. To improve our website, services, and communications.
  5. To send marketing communications if you have consented to receive them.

Legal basis for processing data

We process your data under the following lawful bases:

  • Consent: For marketing communications or processing specific requests.
  • Contract: To fulfil contractual obligations with you.
  • Legitimate Interests: To improve services, understand customer needs, and ensure website functionality.
  • Legal Obligation: To comply with applicable laws.

How we protect your data

We use robust technical and organisational measures to protect your data, including:

  • Encryption of sensitive data.
  • Secure servers based in the UK and EU.
  • Regular security audits and vulnerability assessments.
  • Access control to restrict unauthorised access.

Data breaches

In the unlikely event of a data breach, we will notify affected individuals and the ICO (Information Commissioner’s Office) as required by law.

Sharing your data

We may share your data with trusted third parties, including:

  1. Service providers include hosting companies, payment processors, and marketing platforms.
  2. Partners assisting with website or software development.
  3. Law enforcement agencies or regulators, if required by law.

We ensure all third parties adhere to strict confidentiality and data protection standards. Your data will never be sold to third parties.

Data retention

We retain your data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. Retention periods are as follows:

Client Data: Retained for the duration of the contract and up to six years afterward, in accordance with ICO’s storage limitation principle.

Marketing Data: Retained for two years from the date of your last engagement unless you opt out sooner.

Your data rights

Under UK GDPR, you have the following rights:

  1. Right to Access: Request a copy of the personal data we hold about you.
  2. Right to Rectification: Request corrections to inaccurate or incomplete data.
  3. Right to Erasure: Request deletion of your data where there is no legal or contractual reason for us to keep it.
  4. Right to Restrict Processing: Limit how we use your data.
  5. Right to Data Portability: Receive your data in a machine-readable format.
  6. Right to Object: Object to processing based on legitimate interests or for marketing purposes.
  7. Right to Withdraw Consent: Withdraw your consent for data processing at any time.

If you want to exercise these rights, please contact us using the Get in touch form using this link.

You also have the right to lodge a complaint about our processing with a supervisory authority such as the UK’s Information Commissioner’s Office.