Bullshark Limited (“we,” “us,” or “our”) offers digital business transformation services. This Privacy Notice sets out how we collect, use, share, and protect any information we collect through this website (herein, the “Website”) as well as in the context of external marketing events. This Privacy Notice also explains the measures we take to safeguard your information and describes how you may contact us regarding our privacy practices.
Any data collected through the Website or external marketing events held by Bullshark Limited or its partners, including personal data as defined under applicable data protection laws (collectively, “Personal Data”), will only be used for the purposes set out in this Privacy Notice. Notwithstanding, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law.
When data is collected on this Website, we are acting as a data controller.
Please read this Privacy Notice thoroughly. If you disagree with the way Personal Data will be used, please do not use this Website or provide your Personal Data through the Website.
personal data we collect
The following table describes the categories of Personal Data we collect.
|Category of Personal Data||Types of Personal Data Processed|
|Contact Information and Identifiers||First name, last name, e-mail address, telephone number, job title, employer’s name, country, online identifiers; IP address; mobile ad identifiers, third party cookies.|
|Internet or other electronic network activity information (Technical Data)||Operating system, browser type, browsing history; search history; online interests, such as information about categories of consumer interests derived from online usage; and information on a consumer's interaction with a website, application, or advertisement such as referring domains and exit links and their journey on our Website.|
|Geolocation Data||Location information from your device or IP address.|
|Information you communicate to us or share on the public areas of our site||Information that you directly send us by using the comment functionality on this Website.|
sources of personal data we collect
We may collect the Personal Data outlined above from the following categories of sources:
- Information you provide directly. For example, when you use the query form to inquire about our services, download a white paper, submit your information to us at an external marketing event or tradeshow, or to register for a Sapient-sponsored event.
- Information obtained from third parties. Information about you that may come from data brokers, partners (e.g., those that offer co-branded services, sell or distribute our products, or engage in joint marketing activities), data analytics providers, and social networks.
- Information from our Clients. If Personal Data about you has been processed by us on behalf of a client (or any controller as per GDPR) and you wish to exercise any rights you have, we may have to ask you to inquire with our client directly. We will support the client (or controller) to the extent required by applicable law in responding to your request.
- Information we do not seek. We do not intend to collect “special” or “sensitive” information from or about you (e.g., government identifiers, information on race or ethnicity, political opinions, religious beliefs, health data). We ask that you do not provide such information, and if we find such information we will delete it.
data use and legal basis for data collection
Employees of Bullshark Limited (from Sales, Marketing, IT, Operations, and Finance) are processing your data. Any processing of your Personal Data by these employees is in accordance with our instructions. The following table provides information about our purposes and legal basis for collecting and using your personal data:
|Purpose for Usage of Personal Data||Basis for Collection|
|To read and respond to your inquiries sent using our online query or data access request forms||We will rely on our legitimate interest to respond to individuals’ queries, or legal obligation to provide an opportunity to exercise your rights.|
|To contact you where you have indicated you wish to be contacted||We rely on your consent indicating that you want to receive marketing material from us.|
|Operating, analysing, improving, and securing our Website||We rely on your consent to collection and use of your personal data through cookies if you are from the EU; or we rely on our legitimate interest to improve our services and develop new products.|
|Marketing services that may include analysing and optimizing proprietary databases by verifying, removing, or correcting information, or for the purpose of mitigating fraud||We rely on your consent to use your personal data for marketing services.|
|Other internal purposes, such as website maintenance, quality control, and legal compliance||We rely on our legitimate interest to support our internal operations and conduct research.|
In addition, we may also use your information as follows:
Analytics. Services are used to help us understand how users access and use the Website. We also work with agencies, advertisers, ad networks, and other technology services to place ads about our products and services on other websites and services.
Interest-based Advertising. We may incorporate tracking technologies into our own Website as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use and delivering relevant ads and/or other content to you.
Matched Ads. We also use audience matching services to reach people (or groups of people) who have visited our Website or are identified in one or more of our databases. This is done by sharing data with a third party and allowing them to match common factors between our data and their data or other datasets to build audiences of similar consumers to offer more relevant advertising.
disclosures of personal data
The table below shows how and with whom we may share or disclose your Personal Data, and whether (based on the California Consumer Privacy Act’s definition of “sell”) we believe we have “sold” a particular category of information in the prior 12 months.
|Category||Parties With Whom We Share Your Data||Shared in the Last 12 Months|
|Contact Information and Identifiers||Affiliates, service providers, advertising partners, analytics partners, promotional partners.||Yes|
|Internet or other electronic network activity information||Affiliates, service providers, advertising partners, analytics partners, promotional partners.||Yes|
|Geolocation data||Affiliates, service providers, advertising partners, analytics partners, promotional partners.||Yes|
|Your verbatim communications to us or shared on the public areas of our site||N/A||No|
We also may share any of the Personal Data we collect as follows:
Sharing for Legal Purposes: In addition, we may share Personal Data with other parties in order to: (a) comply with legal process or a regulatory investigation (e.g. regulatory authorities’ investigation, subpoena, or court order); (b) enforce our Terms of Service, this Privacy Notice, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of other parties; and/or (d) protect the rights, property or personal safety of us, our platform, our customers, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, spam/malware prevention, and similar purposes.
Sharing In Event of a Corporate Transaction: We may also share Personal Data in the event of a major corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.
Disaster Recovery: Cloudways Ltd is providing the backup disaster recovery servers, which are located in Amsterdam. If the services of third parties for the technical maintenance, administration or processing of data are required, the Personal Data will be accessed by these parties only to the extent that is required to ensure a smooth and secure technical handling of the Website and in compliance with applicable law, including with respect to data confidentiality, privacy and security.
Aggregate, Deidentified, or Anonymized Information: We may aggregate, de-identify and/or anonymize any information collected so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any other party, including advertisers, promotional partners, and sponsors, in our discretion, unless otherwise prohibited by applicable law.
exercising your rights and choices
Please contact [email protected] if you want to make use of any of your below mentioned legal rights. If you wish to exercise your access rights, you can contact us directly.
- Where You Are a Resident of the EU
Subject to certain exceptions and the jurisdiction in which you live, if you are a resident of the EU, the General Data Protection Regulation (GDPR) provides you with specific rights regarding your Personal Data. You may exercise the following legal rights regarding any Personal Data that we hold about you.
- Right of access: You may access all Personal Data we hold about you, know the origin of this Personal Data, and obtain a copy in an understandable format;
- Right to rectification: You may request that we rectify inaccurate or incomplete Personal Data relating to you that we process or control;
- Right to erasure: You may request the erasure or deletion of your Personal Data that we control. We may be required to retain your Personal Data for legal or legitimate business reasons.
- Right to object to the processing of your Personal Data: You may at any time object to the processing of your Personal Data for reasons relating to your personal situation. We may nevertheless, on a case-by-case basis, reject such a request by pointing out the legitimate or otherwise legal reasons for processing this data.
- Right to restrict processing: You may request that our data processing related to you is limited, so that we may keep this data, but we cannot use it or process it in any other manner. This right applies in specific circumstances, i.e.:
- if you challenge the exactness of your Personal Data, we may limit processing for a period of time so that the exactness of the Personal Data can be verified;
- if you object to the erasure of your Personal Data and request instead that its use be limited;
- if we do not need the Personal Data for the purposes mentioned above in Section III anymore, but you still need it to establish, exercise or defend rights before a Court; and
- in the cases where you objected to the processing, which is based on the legitimate interests of the agency, you may ask to limit the processing for the time necessary for us to verify if we can accept your objection request (i.e., the time necessary to verify whether the legitimate reasons of the agency prevail over yours).
- Right to object to data processing for direct marketing purposes: You may unsubscribe to object at any time and without any justification to the reception of direction marketing communications. Simply either (i) click on the link in the footer of the communications you receive from us, (ii) use the link in this notice, or (iii) send us an email at the address in the “Further Information” section below with the word “unsubscribe” in the subject field of the email.
- Right to data portability: You have the right to receive the Personal Data provided by you, in a structured, commonly used and machine-readable format, for personal use or to share with a third party where our lawful basis for processing the Personal Data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means. Please check the list of our Personal Data processing activities’ legal grounds (in Section III of this Privacy Notice) to know whether our processing is based on the performance of a contract or on consent.
- Right to withdraw your consent: You have a right to withdraw consent at any time where we process your Personal Data based on consent.
If you are unsatisfied with the way we process your Personal Data or if your request has been rejected, you may also lodge a formal complaint with your local competent data protection authority.
Subject to legal and other permissible considerations, we will act on your request promptly and in any event within one month from the date we receive your request. This timeframe can be extended by two months depending upon the complexity of the request or the number of requests received at a particular time. In this case, we will inform you within one month from receiving your request, specifying the reasons for extending the response timeframe.
1.2 Data Transfers and Retention
Due to the international nature of our business, your Personal Data may be transferred outside the European Union. Your Personal Data may be transferred to countries that are not considered to have the same level of data protection as in the EU. However, we ensure all data transfers comply with applicable legal requirements. Should you wish to know more about how data is protected or wish to request a copy of the contractual protections, please contact [email protected].
Your Personal Data will be stored in accordance with our applicable data retention requirements and corporate policies. The retention period of your Personal Data varies depending on the type of Personal Data and the purposes of processing it. Your Personal Data will not be retained for any other purpose than that for which it was collected or for longer than is reasonably necessary for that disclosed purpose.
1.3 Information from Our Clients
If Personal Data about you has been processed by us as a processor on behalf of a client in the EU and you wish to exercise any rights you have with such Personal Data, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of our client on whose behalf we processed your Personal Data. We will refer your request to that client and will support them to the extent required by applicable law in responding to your request.
- Where You are a Resident of California
California residents, under the California Consumer Privacy Act of 2018 (“CCPA”), have specific rights with regard to their Personal Data. This section describes how to exercise those rights and our process for handling those requests. (To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.)
Our Website is intended to provide information and services to business clients. In such case, you understand and agree that information collected about you is solely within the context of (i) your role as an employee, owner, director, officer, or contractor or (ii) Bullshark Limited conducting due diligence regarding, or providing or receiving a product or service to or from your employer.
2.1 Information from Our Clients
We also acknowledge that you may have rights under the CCPA in connection with the Personal Data we process on behalf of our clients. If Personal Data about you has been processed by us as a service provider on behalf of a client and you wish to exercise any of the rights described below, please provide the name of our client on whose behalf we processed your Personal Data. We will refer your request to that client and will support them to the extent required by applicable law in responding to your request.
2.2 Rights to Request Access to Your Personal Data
California residents have the right to request that we disclose what categories of Personal Data that we collect, use, disclose, or sell about them. In particular, California residents may request:
- the specific pieces of Personal Data that we have collected about you;
- the categories of Personal Data we have collected about you;
- the categories of sources from which the Personal Data was collected;
- the categories of Personal Data about you we disclosed for a business purpose or sold;
- the categories of third parties to whom the Personal Data was disclosed for a business purpose or sold; and
- the business or commercial purpose for collecting or selling the Personal Data.
2.3 Right to request deletion of your Personal Data
You may also request that we delete any Personal Data that we collected from you. However, we may retain Personal Data for certain important purposes, as set out by law. When we receive and verify your request to delete your Personal Data we will proceed to delete the data unless an exception applies.
2.4 Right to Non-discrimination
We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these CCPA rights.
2.5 Right to Opt-out of the sale of your Personal Data
The CCPA broadly defines what constitutes a “sale” – including in the definition making available a wide variety of information in exchange for “valuable consideration.” To the extent we engage in the “sale” of your Personal Data as defined by CCPA, California residents may opt out of the “sale” of their Personal Data.
Depending what information we have about you, and whether we have included any of it in our marketing products and services, we may have sold (as defined by California law) certain categories of information about you in the last 12 months, as described in the above table in Section IV of this Privacy Notice. If you would like to opt out, you may do so by emailing [email protected].
2.6 Shine the Light
Customers who are residents of California may request (i) a list of the categories of Personal Data disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in the “Further Information” section below and specify that you are making a “California Shine the Light Request.”
2.7 How to Exercise Your Rights Under CCPA
California residents may exercise their CCPA privacy rights by sending an email to [email protected], or by contacting us at: 00356 9971 8881.
For security purposes (and as required under California law), we will verify your identity – in part by requesting certain information from you – when you request to exercise your California privacy rights. For instance, if you request categories or specific pieces of Personal Data we have collected about you, you may need to confirm your possession of an identifier (such as an email address) or to provide a piece of identification that confirms you are the person you claim to be.
If we are unable to complete your request for any reason, we will provide you additional information about the reasons why we could not comply with your request.
You may also designate an agent to make requests to exercise your rights under CCPA as described above. We will take steps to both verify the identity of the person seeking to exercise their rights as listed above and that your agent has been authorized to make a request on your behalf by providing us with a signed written authorization or a copy of a power of attorney.
- Where you are a Resident of Nevada
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of Personal Data that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of Personal Data for monetary consideration by the business to a third party for the third party to license or sell the Personal Data to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at [email protected].
- Your Rights as a Resident of the United States
4.1 Do Not Track
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
We may use our own technology or third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
For example, we use Google Analytics (“Google Analytics”), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can learn about Google’s privacy practices by going to www.google.com/policies/privacy/partners/.
4.3 Interest-Based Advertising
The companies we work with to provide you with targeted ads are required by us to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; (ii) for app targeted ads from DAA participants, https://www.aboutads.info/appchoices; and (iii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices/. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants’ other customers or from other technology services).
To opt out of us using your data for Matched Ads, please contact us on [email protected] and specify that you wish to opt out of matched ads. We will request that the applicable party not serve you matched ads based on information we provide. Alternatively, you may directly contact the applicable party to opt out.
Please note that if you opt out using any of these methods, the opt out will only apply to the specific browser or device from which you opt out. We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any other entities’ statements regarding their opt out options or programs.
Depending on the choices you made when providing us with your Personal Data and in compliance with applicable data protection laws, we may send you direct marketing communications. You can opt out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link, or emailing us at the email address set out in the “Further Information” section below with the word unsubscribe in the subject field of the email. Please note that you cannot opt out of non-promotional emails, such as those about transactions, servicing, or our ongoing business relations.
no data of children
The Website is intended for general audiences and is not directed at children. We do not knowingly collect Personal Data (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected Personal Data in violation of COPPA, contacts us at [email protected]. We will remove the Personal Data we inadvertently collect in accordance with COPPA. We do not knowingly “sell,” as that term is defined under the CCPA, the Personal Data of minors under 16 years old who are California residents.
We use a variety of methods, such as firewalls, intrusion detection software and manual security procedures for the purpose of securing your data against loss or damage, protecting the accuracy and security of Personal Data, and preventing unauthorized access or improper use. If you think that the Website or any Personal Data is not secure or that there has been unauthorized access to the Website or your Personal Data, please contact [email protected] immediately.
Cookies are small pieces of text or code sent to your device when you visit the Website. Cookies are used to optimize the viewing experience, count visitors to a webpage, troubleshoot any problems, keep websites secure, and better serve content.
Functional and required cookies are always used to allow our hosting platform, to securely serve this Website to you. Analytics and performance cookies are used on the Website to view site traffic, activity, and other analytics data. Overall, cookies help us provide you with a better Website, by enabling us to monitor which pages you find useful and which you do not.
You can choose to accept or decline cookies as per our Cookie Consent Tool.
If you follow us on social media (for example, through our accounts on LinkedIn, Facebook, Twitter or Instagram), we will also collect Personal Data about you in order to understand our followers better and understand the public response to our products and services.
We may use this information to engage in social listening to identify and assess what is being said about us publicly to understand industry trends and market sentiment. Any information you provide to us when you engage with our content (such as through our brand page or via Facebook Messenger) is treated in accordance with this Privacy Notice. Also, if you publicly reference us or our Website on social media (such as by using a hashtag associated with us in a tweet or post), we may use your reference on or in connection with our Website.
We have no control over how social media platforms use your Personal Data and they may independently collect information about you when you leave our Website. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to read the privacy notices on the various social media platforms you use.
notifications of changes
Any changes to this Privacy Notice will be promptly communicated on this page and you should check back to see whether there are any changes. Continued use of the Website after a change in the Privacy Notice indicates your acknowledgement and acceptance of the use of Personal Data in accordance with the amended Privacy Notice. If you wish to save this text, please mark the entire statement (e.g. with your mouse) and copy-paste by pushing ctrl-c.
If you consider that we are not complying with this Privacy Notice, if you have any questions in relation to this Privacy Notice, or have questions about your rights and choices, please contact [email protected].
Updated: July 2023