Effective date: 1 January 2025 · Last updated: 1 January 2025
Burmain Holdings operates two legal entities — Burmain Holdings (Pty) Ltd, registered in South Africa, and Burmain Holdings LTD, registered in the United Kingdom. Both entities act as joint data controllers for the burmain.com website and its associated platforms. Together, they are referred to throughout this document as "Burmain Holdings", "we", "us" or "our".
This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have in relation to that information. We are committed to handling your data responsibly and transparently, in accordance with applicable data protection legislation in both South Africa and the United Kingdom.
This policy applies to all visitors to burmain.com, users of our platforms — including BovRes, 1os.io, Synopli, Global Urban Solutions, Windsor AI Gaming, and Windsor AI Tutor — and anyone who contacts us by any means, including email, telephone, or through our website contact forms.
If you are located in the European Union or United Kingdom, additional rights apply under the UK GDPR and EU GDPR. See our GDPR Statement for details. If you are located in South Africa, see our POPIA Compliance Statement.
We collect personal information that you voluntarily provide when interacting with us. This includes your name, email address, company name, and job title when you contact us or register for access to one of our platforms. It also includes the content of any messages or enquiries you send us, as well as curriculum vitae and supporting documents when you apply for a position at Burmain Holdings.
When you visit burmain.com or use our platforms, certain technical information is collected automatically by our servers and analytics systems. This includes your IP address, browser type and version, device type, operating system, the pages you visit on our site, the source from which you arrived (referral source), the duration of your session, and patterns of clicks and interaction throughout your visit.
We use cookies and similar tracking technologies on our website and platforms. The types of cookies we use, their purposes, and how you can control them are described in full in our Cookie Policy. Please refer to that document for detailed information about our use of cookies and your options.
Our AI-native platforms collect data specific to the service being delivered. For BovRes, this includes livestock data, farm management records, and animal health data entered or generated within the platform. For 1os.io, this includes business process data and workflow interaction data. For our educational platforms, including Windsor AI Tutor, this includes learning progress, assessment results, and engagement metrics. For Synopli, this includes query patterns and document interaction data. In all cases, platform data is used solely to deliver and improve the relevant service.
We retain records of communications you initiate with us, including emails, support tickets, and submissions via our website contact or enquiry forms. These records are kept to ensure continuity of service and to maintain an accurate history of our interactions with you.
We use the personal information we collect for a range of purposes that are necessary to operate our business, deliver our services, and meet our legal obligations. Specifically, we use your information for the following purposes:
Where the UK GDPR or EU GDPR applies to our processing of your personal data, we rely on one or more of the following lawful bases. We identify the most relevant basis for each processing activity and ensure it is appropriate to the nature and purpose of the processing.
We process personal data where it is necessary to perform a contract to which you are a party, or to take steps at your request before entering into a contract. This basis applies primarily when delivering platform services to subscribers and fulfilling agreed service obligations.
We process personal data where it is in our legitimate interests to do so and where those interests are not overridden by your rights and freedoms. This basis applies to activities such as security monitoring, fraud prevention, internal analytics, and the improvement of our AI models using aggregated and anonymised data. We conduct a balancing assessment to ensure that your interests are protected.
Where we send marketing communications or deploy non-essential cookies, we do so only on the basis of your freely given, specific, informed, and unambiguous consent. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. To withdraw consent, please contact us at hello@burmain.com or use the unsubscribe link in any marketing email.
We process personal data where we are required to do so in order to comply with a legal obligation imposed on us under applicable law, including South African legislation such as the Protection of Personal Information Act (POPIA) and UK legislation including the Companies Act and tax regulations.
We do not share your personal data with third parties except in the circumstances described below. Where we do share data, we ensure that appropriate safeguards and contractual protections are in place.
We host our platforms and website on infrastructure provided by reputable cloud providers, including Amazon Web Services (AWS) and Google Cloud. All such providers operate under data processing agreements with Burmain Holdings that include appropriate technical and organisational safeguards for the protection of personal data.
We use third-party analytics tools including Google Analytics and Hotjar to understand how visitors interact with our website and platforms. These tools collect anonymised usage data and are governed by their respective privacy policies. We configure these tools to minimise the collection of personally identifiable information wherever possible.
We use email delivery providers to send transactional communications — such as account notifications and service alerts — as well as marketing communications to users who have consented. These providers process your email address and message content solely on our behalf and in accordance with our instructions.
We may share personal data with our lawyers, accountants, auditors, and other professional advisors where necessary for the conduct of our business. All such advisors are bound by professional and contractual confidentiality obligations.
We may disclose personal data where required to do so by applicable law, by a court order, or by a regulatory or government authority with jurisdiction over our activities. We will, where permitted, notify affected individuals of any such disclosure.
In the event of a merger, acquisition, restructuring, or sale of all or part of Burmain Holdings' assets, your personal data may be transferred to the successor or acquiring entity. We will ensure that any such transfer is subject to appropriate data protection commitments and that affected users are notified in advance where practicable.
We do not sell, rent or trade your personal information to any third party for their own marketing purposes.
As a dual-jurisdiction business operating in both South Africa and the United Kingdom, personal data is shared between our two entities in the ordinary course of our operations. Such transfers are carried out under appropriate legal mechanisms, including the UK-South Africa data sharing framework and, where required, Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO).
Our use of cloud infrastructure providers such as AWS and Google Cloud may involve the processing of personal data on servers located in the United States and across the European Union. Where data is transferred outside the UK or South Africa, we ensure such transfers are protected by appropriate safeguards, including SCCs and adequacy decisions made by relevant authorities. We regularly review these mechanisms to ensure they remain current and effective.
If you would like further details about the specific safeguards in place for international transfers of your personal data, you are welcome to contact us by emailing hello@burmain.com. We will respond within a reasonable timeframe with relevant information.
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply to the main categories of personal data we hold:
Depending on your jurisdiction and applicable law, you may have certain rights regarding the personal information we hold about you. We are committed to respecting and upholding these rights. The specific rights available to you may vary based on where you are located and the legal framework that applies to your data.
To exercise any of the rights described above, please email us at hello@burmain.com (South Africa) or uk@burmain.com (United Kingdom) with the subject line "Data Rights Request". We will respond to your request within 30 days of receipt. In order to protect your personal information, we may need to verify your identity before processing your request.
We use cookies and similar tracking technologies on our website and platforms. For full details of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy. You can withdraw cookie consent at any time via the cookie preference centre accessible from any page footer.
Our platforms and website are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.
The Windsor AI Tutor and Windsor AI Gaming platforms, which may be used in educational settings by minors, operate under institutional agreements with schools and educational institutions that provide appropriate consent frameworks. If you believe a child under 13 has provided us with personal information without appropriate consent, please contact hello@burmain.com immediately and we will take steps to delete such information.
Technical measures: We implement robust technical security controls to protect your personal information, including encryption of data in transit and at rest using AES-256 and TLS 1.3, strict access controls and role-based permissions, multi-factor authentication for all internal systems, and regular security audits and penetration testing conducted by independent third parties.
Organisational measures: We maintain comprehensive organisational security practices, including mandatory staff training on data protection and information security, data access granted on a strict need-to-know basis, documented incident response procedures, and thorough vendor due diligence to ensure our third-party partners meet equivalent security standards.
Breach notification: In the event of a personal data breach, we will notify affected data subjects and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33 and POPIA Section 22. We will provide full details of the nature of the breach, the categories and approximate number of individuals affected, and the measures taken or proposed to address the breach.
While we implement industry-leading security measures, no system is completely secure. Please use strong, unique passwords and contact us immediately if you suspect unauthorised access to your account.
Burmain builds AI-native platforms — transparency about how AI processes personal data is a core commitment. Our AI systems process personal data to deliver personalised platform experiences, generate insights, and improve model accuracy over time. We use anonymised and aggregated data where possible for model training, and we apply privacy-by-design principles across all our AI development processes.
We do not make solely automated decisions that produce legal or similarly significant effects without human oversight, in compliance with GDPR Article 22. Where our AI platforms generate recommendations or insights — whether in financial analysis, educational support, urban planning, or other domains — these outputs are advisory in nature. Users retain full decision-making authority and are not bound by any AI-generated recommendation.
You have the right to request human review of any automated output that affects you. If you believe an automated process has produced an outcome that is inaccurate, unfair, or otherwise affects your interests, please contact us at hello@burmain.com or uk@burmain.com and we will arrange for a human review of the relevant output.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where appropriate, by sending you an email notification or displaying a prominent notice on our website.
We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of our platforms after any changes have been made constitutes your acceptance of the updated policy. If you do not agree to any material changes, you should discontinue use of our platforms and contact us to request deletion of your personal data.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact us using the details below.
Burmain Holdings (Pty) Ltd
Email: hello@burmain.com
POPIA Information Officer: Available on request
Supervisory Authority: Information Regulator of South Africa — inforeg.org.za
Burmain Holdings LTD
Email: uk@burmain.com
Data Protection enquiries: uk@burmain.com
Supervisory Authority: Information Commissioner's Office (ICO) — ico.org.uk
If you are unhappy with how we have handled your personal information, we ask that you contact us first so that we have the opportunity to resolve the matter. If you are not satisfied with our response, you have the right to lodge a complaint with your relevant supervisory authority — the Information Regulator of South Africa if you are in South Africa, or the Information Commissioner's Office (ICO) if you are in the United Kingdom or EU.