This Privacy Policy was last updated on 30th October 2025.

BH Consulting Privacy Policy

Introduction

BH Consulting takes the protection of your personal data seriously. This Privacy Policy describes how we respect your rights and process your data. We process all data in compliance with applicable data protection laws including the Data Protection Acts 1988 to 2018 (as amended) and Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR) (collectively referred to as “Data Protection Laws”). 

For information on how we collect, store and use information gathered through our website (www.bhconsulting.ie), please refer to the Cookies Policy.

• Who we are and how to contact us

BH Consulting is a professional services firm specialising in Cyber Security and Data Protection services. We assist organisations in achieving compliance with data protection and cybersecurity frameworks, including ISO 27001 and ISO/IEC 27701, and in meeting the requirements of the GDPR, the EU AI Act, and related legislation. We process information including personal data when we provide these services. We act as a Data Controller in respect of the personal data we process, unless otherwise agreed.

Contact Details
Data Protection Officer
BH Consulting
The Linc, TUD Blanchardstown
Dublin 15, D15VPT3, Ireland
Email: dpo@bhconsulting.ie

• Categories of data subjects

Depending on the engagement or interaction, BH Consulting may process the personal data of:

• Clients and client representatives
• Website visitors and newsletter subscribers
• Business partners and suppliers
• Current and prospective employees or contractors
• Participants in training or awareness programmes
• Events attendees

• Purpose and lawful basis for processing

The table below summarises the types of personal data we process, the reasons for processing, and the lawful bases relied upon:

Personal Data	Purpose of Processing	Lawful Basis
Name, contact details, email address, telephone number	To respond to enquiries, provide requested information, or communicate with you regarding our services.	Legitimate interest (business communications)
Name, business contact information, and professional details	To perform and manage our professional services engagements, including project delivery and client support.	Performance of contract
Name, email address, and consent preferences	To send newsletters, event invitations, or updates where you have opted in.	Consent
Employee or applicant information (CVs, qualifications, references)	Recruitment, human resources administration, and employment management.	Performance of contract / Legal obligation
Technical data from website and cookies	To analyse website usage, improve functionality, and maintain cybersecurity.	Legitimate interest / Consent (for non-essential cookies)
Name, address, PPS number, or compliance documentation	To meet our legal obligations under Irish and EU legislation, including anti-money-laundering or tax laws.	Compliance with a legal obligation

We do not collect special categories of personal data about you unless you have asked us to or provide it as part of the agreed services.

• Consequences of failing to provide information

Where personal data is required by law or contract and you fail to provide it when requested, BH Consulting may be unable to enter into or perform the relevant contract or engagement. In such cases, we will notify you promptly.

• Information sharing and third parties

We may sometimes share your data with a third party to supply services on our behalf such as our website, marketing, cloud and IT vendors.. In some cases, the third parties may require access to some of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights. 

• International data transfers

BH Consulting uses reputable service providers, including cloud and IT vendors, some of whom may process data outside Ireland Standard Contractual Clauses. Where personal data is transferred outside the EEA, BH Consulting ensures equivalent protection of your information by using legally approved mechanisms such as Standard Contractual Clauses (SCCs), or by relying on countries recognised by the European Commission as providing adequate protection.

• Children and our website

BH Consulting does not knowingly collect personal data from children under 16 years of age. Our services and website are not directed at children. If you are under 16, please do not provide personal data through our website. Parents and guardians are encouraged to monitor children’s internet use and contact us if they believe a minor has provided personal information.

• Retention of your data

BH Consulting retains personal data only for as long as necessary for the purpose it was collected or as required by applicable laws. After this period, data is securely deleted or anonymised in accordance with our Data Retention Policy.

For cookie retention periods, please refer to our Cookie Policy.

• Data security and confidentiality

BH Consulting applies robust organisational and technical measures to protect personal data against loss, misuse, or unauthorised access. We are certified with ISO 27001 and aligned with ISO/IEC 27701.

Measures include:

• Encryption and Secure Socket Layer (SSL) technologies
• Access controls and role-based permissions
• Regular security testing and monitoring
• Staff confidentiality declarations and annual security and privacy training

While we strive to protect personal data transmitted online, no internet communication can be guaranteed to be entirely secure. Once data reaches your network, its protection becomes your responsibility.

• Your rights

Under the Data Protection Laws, you have the following rights (subject to legal exemptions):

• Access: to request a copy of your personal data held by us.
• Correction: to request correction of inaccurate or incomplete data.
• Erasure: to request deletion of your data in certain circumstances.
• Restriction: to request restriction of processing of your data.
• Portability: to receive your data in a structured, commonly used format or request its transfer to another controller.
• Objection: to object to processing based on legitimate interests.
• Withdrawal of Consent: to withdraw consent where processing relies on it.

How to make a request:
Please contact us at: dpo@bhconsulting.ie.
We may need to verify your identity before processing your request. We aim to respond within one month as required under the GDPR.

If you remain dissatisfied, you may contact the Data Protection Commission,
6 Pembroke Row Dublin 2, D02 X963, or www.dataprotection.ie.

• Marketing communications

From time to time, BH Consulting may use your contact information to send newsletters, event invitations, or updates about our services that we believe may interest you. You may opt out of these communications at any time by contacting info@bhconsulting.ie 

Our marketing emails may contain cookies or tracking pixels to measure engagement, in accordance with our Cookie Policy.

•  Changes to this Privacy Policy

We may update this Privacy Policy periodically. Any significant changes will be notified through our website or, where appropriate, via direct communication.