Burmain Holdings
AboutPlatformsTechnologyGlobalContact
Get in Touch
AboutPlatformsTechnologyGlobalContactGet in Touch
LEGAL

Privacy Policy

Effective date: 1 January 2025  ·  Last updated: 1 January 2025

Contents

  1. Introduction & Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Legal Basis for Processing
  5. Data Sharing & Third Parties
  6. International Data Transfers
  7. Data Retention
  8. Your Rights
  9. Cookies
  10. Children's Privacy
  11. Security Measures
  12. AI & Automated Processing
  13. Changes to This Policy
  14. Contact Us

1. Introduction & Who We Are

Burmain Holdings operates two legal entities — Burmain Holdings (Pty) Ltd, registered in South Africa, and Burmain Holdings LTD, registered in the United Kingdom. Both entities act as joint data controllers for the burmain.com website and its associated platforms. Together, they are referred to throughout this document as "Burmain Holdings", "we", "us" or "our".

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have in relation to that information. We are committed to handling your data responsibly and transparently, in accordance with applicable data protection legislation in both South Africa and the United Kingdom.

This policy applies to all visitors to burmain.com, users of our platforms — including BovRes, 1os.io, Synopli, Global Urban Solutions, Windsor AI Gaming, and Windsor AI Tutor — and anyone who contacts us by any means, including email, telephone, or through our website contact forms.

If you are located in the European Union or United Kingdom, additional rights apply under the UK GDPR and EU GDPR. See our GDPR Statement for details. If you are located in South Africa, see our POPIA Compliance Statement.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when interacting with us. This includes your name, email address, company name, and job title when you contact us or register for access to one of our platforms. It also includes the content of any messages or enquiries you send us, as well as curriculum vitae and supporting documents when you apply for a position at Burmain Holdings.

2.2 Information Collected Automatically

When you visit burmain.com or use our platforms, certain technical information is collected automatically by our servers and analytics systems. This includes your IP address, browser type and version, device type, operating system, the pages you visit on our site, the source from which you arrived (referral source), the duration of your session, and patterns of clicks and interaction throughout your visit.

2.3 Cookie & Tracking Data

We use cookies and similar tracking technologies on our website and platforms. The types of cookies we use, their purposes, and how you can control them are described in full in our Cookie Policy. Please refer to that document for detailed information about our use of cookies and your options.

2.4 Platform Usage Data

Our AI-native platforms collect data specific to the service being delivered. For BovRes, this includes livestock data, farm management records, and animal health data entered or generated within the platform. For 1os.io, this includes business process data and workflow interaction data. For our educational platforms, including Windsor AI Tutor, this includes learning progress, assessment results, and engagement metrics. For Synopli, this includes query patterns and document interaction data. In all cases, platform data is used solely to deliver and improve the relevant service.

2.5 Communications

We retain records of communications you initiate with us, including emails, support tickets, and submissions via our website contact or enquiry forms. These records are kept to ensure continuity of service and to maintain an accurate history of our interactions with you.

3. How We Use Your Information

We use the personal information we collect for a range of purposes that are necessary to operate our business, deliver our services, and meet our legal obligations. Specifically, we use your information for the following purposes:

  • Responding to your enquiries and providing customer support
  • Delivering and improving our AI-native platforms and their core features
  • Personalising user experience and refining AI model outputs to better serve individual users
  • Sending product updates, newsletters, and marketing communications where you have given your consent to receive them
  • Conducting security monitoring and fraud prevention across our platforms and infrastructure
  • Complying with legal and regulatory obligations applicable in South Africa and the United Kingdom
  • Improving our AI models through anonymised and aggregated usage patterns that do not identify individual users
  • Processing job applications and managing our recruitment pipeline
  • Conducting analytics to understand platform performance, user engagement, and areas for improvement

4. Legal Basis for Processing (GDPR)

Where the UK GDPR or EU GDPR applies to our processing of your personal data, we rely on one or more of the following lawful bases. We identify the most relevant basis for each processing activity and ensure it is appropriate to the nature and purpose of the processing.

Contract (Article 6(1)(b))

We process personal data where it is necessary to perform a contract to which you are a party, or to take steps at your request before entering into a contract. This basis applies primarily when delivering platform services to subscribers and fulfilling agreed service obligations.

Legitimate Interests (Article 6(1)(f))

We process personal data where it is in our legitimate interests to do so and where those interests are not overridden by your rights and freedoms. This basis applies to activities such as security monitoring, fraud prevention, internal analytics, and the improvement of our AI models using aggregated and anonymised data. We conduct a balancing assessment to ensure that your interests are protected.

Consent (Article 6(1)(a))

Where we send marketing communications or deploy non-essential cookies, we do so only on the basis of your freely given, specific, informed, and unambiguous consent. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. To withdraw consent, please contact us at hello@burmain.com or use the unsubscribe link in any marketing email.

Legal Obligation (Article 6(1)(c))

We process personal data where we are required to do so in order to comply with a legal obligation imposed on us under applicable law, including South African legislation such as the Protection of Personal Information Act (POPIA) and UK legislation including the Companies Act and tax regulations.

5. Data Sharing & Third Parties

We do not share your personal data with third parties except in the circumstances described below. Where we do share data, we ensure that appropriate safeguards and contractual protections are in place.

5.1 Cloud Infrastructure Providers

We host our platforms and website on infrastructure provided by reputable cloud providers, including Amazon Web Services (AWS) and Google Cloud. All such providers operate under data processing agreements with Burmain Holdings that include appropriate technical and organisational safeguards for the protection of personal data.

5.2 Analytics Providers

We use third-party analytics tools including Google Analytics and Hotjar to understand how visitors interact with our website and platforms. These tools collect anonymised usage data and are governed by their respective privacy policies. We configure these tools to minimise the collection of personally identifiable information wherever possible.

5.3 Communication Tools

We use email delivery providers to send transactional communications — such as account notifications and service alerts — as well as marketing communications to users who have consented. These providers process your email address and message content solely on our behalf and in accordance with our instructions.

5.4 Professional Advisors

We may share personal data with our lawyers, accountants, auditors, and other professional advisors where necessary for the conduct of our business. All such advisors are bound by professional and contractual confidentiality obligations.

5.5 Legal Requirements

We may disclose personal data where required to do so by applicable law, by a court order, or by a regulatory or government authority with jurisdiction over our activities. We will, where permitted, notify affected individuals of any such disclosure.

5.6 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of Burmain Holdings' assets, your personal data may be transferred to the successor or acquiring entity. We will ensure that any such transfer is subject to appropriate data protection commitments and that affected users are notified in advance where practicable.

We do not sell, rent or trade your personal information to any third party for their own marketing purposes.

6. International Data Transfers

As a dual-jurisdiction business operating in both South Africa and the United Kingdom, personal data is shared between our two entities in the ordinary course of our operations. Such transfers are carried out under appropriate legal mechanisms, including the UK-South Africa data sharing framework and, where required, Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO).

Our use of cloud infrastructure providers such as AWS and Google Cloud may involve the processing of personal data on servers located in the United States and across the European Union. Where data is transferred outside the UK or South Africa, we ensure such transfers are protected by appropriate safeguards, including SCCs and adequacy decisions made by relevant authorities. We regularly review these mechanisms to ensure they remain current and effective.

If you would like further details about the specific safeguards in place for international transfers of your personal data, you are welcome to contact us by emailing hello@burmain.com. We will respond within a reasonable timeframe with relevant information.

7. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply to the main categories of personal data we hold:

  • Account data: retained for the duration of your account plus 3 years after account closure
  • Contact form enquiries: 2 years from the date of the original enquiry
  • Job applications: 6 months from the date of application if unsuccessful; 5 years from the date of employment commencement if you are hired
  • Platform usage data: 3 years from the date of last active use, after which data is anonymised rather than deleted
  • Financial transaction records: 7 years from the date of the transaction, as required by law
  • Marketing consent records: retained until consent is withdrawn, plus 1 year thereafter as evidence of historical consent
  • Security logs: 90 days on a rolling basis
  • Cookies: retention periods vary by cookie type — please refer to our Cookie Policy for full details

8. Your Rights

Depending on your jurisdiction and applicable law, you may have certain rights regarding the personal information we hold about you. We are committed to respecting and upholding these rights. The specific rights available to you may vary based on where you are located and the legal framework that applies to your data.

Rights under UK & EU GDPR

  • Right of Access (Article 15) — request a copy of all personal data we hold about you.
  • Right to Rectification (Article 16) — correct inaccurate or incomplete data.
  • Right to Erasure (Article 17) — request deletion subject to legal retention requirements.
  • Right to Restriction (Article 18) — limit how we process your data in certain circumstances.
  • Right to Data Portability (Article 20) — receive your data in a machine-readable format.
  • Right to Object (Article 21) — object to processing based on legitimate interests or for direct marketing.
  • Rights relating to Automated Decision-Making (Article 22) — not to be subject to decisions made solely by automated means with significant effects.

Rights under POPIA (South Africa)

  • Right to access personal information we hold about you.
  • Right to have personal information corrected or deleted where it is inaccurate, irrelevant, excessive, out of date, or obtained unlawfully.
  • Right to object to the processing of personal information in certain circumstances.
  • Right to lodge a complaint with the Information Regulator of South Africa.

How to Exercise Your Rights

To exercise any of the rights described above, please email us at hello@burmain.com (South Africa) or uk@burmain.com (United Kingdom) with the subject line "Data Rights Request". We will respond to your request within 30 days of receipt. In order to protect your personal information, we may need to verify your identity before processing your request.

9. Cookies

We use cookies and similar tracking technologies on our website and platforms. For full details of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy. You can withdraw cookie consent at any time via the cookie preference centre accessible from any page footer.

10. Children's Privacy

Our platforms and website are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

The Windsor AI Tutor and Windsor AI Gaming platforms, which may be used in educational settings by minors, operate under institutional agreements with schools and educational institutions that provide appropriate consent frameworks. If you believe a child under 13 has provided us with personal information without appropriate consent, please contact hello@burmain.com immediately and we will take steps to delete such information.

11. Security Measures

Technical measures: We implement robust technical security controls to protect your personal information, including encryption of data in transit and at rest using AES-256 and TLS 1.3, strict access controls and role-based permissions, multi-factor authentication for all internal systems, and regular security audits and penetration testing conducted by independent third parties.

Organisational measures: We maintain comprehensive organisational security practices, including mandatory staff training on data protection and information security, data access granted on a strict need-to-know basis, documented incident response procedures, and thorough vendor due diligence to ensure our third-party partners meet equivalent security standards.

Breach notification: In the event of a personal data breach, we will notify affected data subjects and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33 and POPIA Section 22. We will provide full details of the nature of the breach, the categories and approximate number of individuals affected, and the measures taken or proposed to address the breach.

While we implement industry-leading security measures, no system is completely secure. Please use strong, unique passwords and contact us immediately if you suspect unauthorised access to your account.

12. AI & Automated Processing

Burmain builds AI-native platforms — transparency about how AI processes personal data is a core commitment. Our AI systems process personal data to deliver personalised platform experiences, generate insights, and improve model accuracy over time. We use anonymised and aggregated data where possible for model training, and we apply privacy-by-design principles across all our AI development processes.

We do not make solely automated decisions that produce legal or similarly significant effects without human oversight, in compliance with GDPR Article 22. Where our AI platforms generate recommendations or insights — whether in financial analysis, educational support, urban planning, or other domains — these outputs are advisory in nature. Users retain full decision-making authority and are not bound by any AI-generated recommendation.

You have the right to request human review of any automated output that affects you. If you believe an automated process has produced an outcome that is inaccurate, unfair, or otherwise affects your interests, please contact us at hello@burmain.com or uk@burmain.com and we will arrange for a human review of the relevant output.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where appropriate, by sending you an email notification or displaying a prominent notice on our website.

We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of our platforms after any changes have been made constitutes your acceptance of the updated policy. If you do not agree to any material changes, you should discontinue use of our platforms and contact us to request deletion of your personal data.

14. Contact Us & Data Protection

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact us using the details below.

South Africa — Data Controller

Burmain Holdings (Pty) Ltd
Email: hello@burmain.com
POPIA Information Officer: Available on request
Supervisory Authority: Information Regulator of South Africa — inforeg.org.za

United Kingdom — Data Controller

Burmain Holdings LTD
Email: uk@burmain.com
Data Protection enquiries: uk@burmain.com
Supervisory Authority: Information Commissioner's Office (ICO) — ico.org.uk

Making a Complaint

If you are unhappy with how we have handled your personal information, we ask that you contact us first so that we have the opportunity to resolve the matter. If you are not satisfied with our response, you have the right to lodge a complaint with your relevant supervisory authority — the Information Regulator of South Africa if you are in South Africa, or the Information Commissioner's Office (ICO) if you are in the United Kingdom or EU.

Burmain Holdings

Shaping Tomorrow's Intelligence.
AI-native platforms that redefine industries.

Platforms

  • BovRes
  • 1os.io
  • Global Urban Solutions
  • Synopli
  • Windsor AI Gaming
  • Windsor AI Tutor

Company

  • About Burmain
  • Careers
  • Investors
  • Press & Media
  • Partnerships

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • POPIA Compliance
  • GDPR Statement

© 2025 Burmain Holdings (Pty) Ltd & Burmain Holdings LTD. All rights reserved.

Registered in South Africa & United Kingdom  ·  burmain.com