Privacy Policy

Last update: May 28, 2025

Brain Source International Corporation Limited (“we”, “us”, “our”, “the Owner”) is committed to protecting your privacy. In compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA), we provide this policy in a clear, transparent, and accessible manner. This policy explains how we collect, use, disclose, and protect your personal data when you visit our website or communicate with us through that website.

Data Controller

Controller: Brain Source International Corporation Limited, registered at 63-66 Hatton Gardens, Fifth Floor, Suite 23, London, England, EC1N 8LE.

Personal Data We Collect

We collect the following personal data when you use our website or services. “Personal data” means any information relating to an identified or identifiable person. In particular, we collect: – Identity and Contact Information: Your first and last name, company name, email address, and phone number.

– Professional and Project Details: Your job title, country, and information about your project or recruitment needs.

– Technical Data: Your IP address and device or browser information (collected automatically).

– Cookie and Usage Data: Data stored or collected through cookies when you browse our website.

How We Collect Data

We obtain personal data in two main ways:

– Website Forms: When you fill in a form on our website (e.g. “Request a Quote”), you provide identity, contact, and project details directly.

– Cookies and Tracking: We use cookies and similar technologies to collect technical and usage information. Cookies are small files stored on your device to remember settings or track analytics.

We obtain your consent for non-essential cookies as required by law. To learn more, Users may consult the Cookie Policy.

Why We Use Your Data (Purposes and Legal Basis)

We process your personal data for these purposes, under the following legal bases:

– Service Delivery and Contractual Performance: To provide recruitment, employer of record, and payroll services. Data processing is necessary to perform our contract with you or with our clients.

– Communications and Marketing: To communicate with you (e.g. responding to inquiries) and, with your consent or based on our legitimate business interests, to send you information about our services.

For marketing emails, we rely on your consent or a soft opt-in legitimate interest.

– Website Analytics and Improvement: To analyze website usage (through Google Analytics or similar tools), Tag management and improve our services. This is done under our legitimate interests in maintaining and improving our website.

– Legal Compliance and Security: To comply with laws (e.g. tax, accounting, and employment regulations) and to secure our network. This may include fraud prevention and audit obligations.

Under GDPR processing is lawful if it is necessary for contract performance, compliance with

legal obligations, or our legitimate interests. We will always respect your rights and only use legitimate interests where they do not unduly infringe on your rights or freedoms. For any processing based on consent (e.g. marketing emails), you may withdraw your consent at any time.

Methods of processing

We take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of our website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Sharing Your Data

We may share your personal data with:

– Brain Source Affiliates: Our group companies and subsidiaries, to the extent needed to deliver services.

– Service Providers: Third-party vendors and partners (such as payroll processors, IT providers, analytics services). These parties act as data processors or service providers under contract with us.

– Legal and Regulatory Authorities: Government, tax, or law enforcement agencies if required by law (for example, for tax or employment records).

We do not sell your personal information.

International Data Transfers

Your data may be processed and stored in the UK, EU, or the USA. When transferring personal

data outside the UK/EU (for example, to a third country), we ensure compliance with legal requirements.

Under the GDPR, transfers outside the EEA/UK can take place only if an adequacy decision or

appropriate safeguards apply . For example, the UK and EU both recognize each other’s laws as providing adequate protection. We rely on EU/UK Standard Contractual Clauses or other approved safeguards for transfers to countries like the USA. We assess and document safeguards to ensure your data is protected.

Place

The Data is processed at the Owner’s operating offices, cloud servers in Europe, USA and in any other places where the parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own.

Data Retention

We keep your personal data only as long as necessary. We retain data for the duration needed to fulfill the purposes above and to comply with legal obligations (for example, business and tax records may be kept up to 6 years). When the data is no longer needed, we will securely delete or anonymize it.

Your Rights Under GDPR/UK GDPR

You have several rights regarding your personal data:

– Right of Access: You can request a copy of the personal data we hold about you.

– Right to Rectification: You can request correction of any inaccurate or incomplete data.

– Right to Erasure (“Right to be Forgotten”): You can request deletion of your data when there is no legal reason for us to retain it. Under GDPR, you have the right to obtain erasure “without undue delay” in certain circumstances.

– Right to Restrict Processing: You can ask us to limit how we use your data (e.g., during dispute of accuracy).

– Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

– Right to Object: You can object to processing based on legitimate interests or for direct marketing. If you object to marketing, we will stop sending marketing communications.

To exercise any of these rights, please contact us. We will verify your identity and respond within one month, as required by law. You will not be charged a fee for exercising your rights.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the CCPA/CPRA grants you additional rights:

– Right to Know: You can request details about the categories of personal information we have collected, and the categories of sources, purposes, and third parties with whom we share it. For the 12-month period prior to your request, we will provide the categories of personal data collected (identifiers, professional and commercial information, internet data, etc.) and why we collected it.

– Right to Delete: You can request deletion of your personal information, subject to exceptions.

– Right to Opt-Out of Sale: We do not sell your personal information. Therefore, the right to opt-out of sale does not apply.

– Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny you services, charge different rates, or alter the quality of our services for exercising your rights.

To submit a request under the CCPA, California residents can contact us via the contact details provided in this policy or on our website. We may verify your request by matching personal identifiers. We will respond within the legally required time frame (typically 45 days, with one possible 45-day extension).

Changes to this Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top reflects the current version. We recommend you review this page periodically. Significant changes will be noted on our website.

Contact Information

If you have any questions about this Privacy Policy or how we process your personal data, please contact us via email info@brain-source.com or the contact details provided on our website.

If you have any questions about this policy or our privacy practices, please contact us at Brain Source International Corporation Limited, 63-66 Hatton Gardens, Fifth Floor, Suite 23, London, EC1N 8LE, UK, or info@brain-source.com or via the contact details provided on our website. If you are in the UK or EU and believe your rights have been violated, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.

If you are dissatisfied with how we handle any privacy complaints, if you do not receive timely acknowledgement of your complaint, or your complaint is not satisfactorily addressed you may file a complaint with the UK Information Commissioner’s Office or your local data protection authority.