How Nealphast Limited collects, uses and protects personal data, in line with the GDPR and the Irish Data Protection Act 2018.
Nealphast Limited (“Nealphast”, “we”, “us”) is a company registered in Ireland. We are the data controller for personal data processed through this website and in the course of our business relationships.
For any privacy matter, or to exercise your data-protection rights, you can contact us at info@nealphast.com. We have not appointed a statutory Data Protection Officer; privacy enquiries are handled by our team at that address.
This policy explains how we collect and use personal data when you visit our website, contact us, or engage us to design, build and operate AI agents. It is written to meet our obligations under the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
When we build and run agents for a client, that client is typically the controller of the personal data processed by the agent, and Nealphast acts as a processor under a separate data processing agreement. This policy concerns our own processing as a controller.
| Category | Examples |
|---|---|
| Contact & enquiry data | Name, work email, company, the message and interest you submit through our contact form or by email |
| Business relationship data | Information exchanged during discovery, proposals, contracts and ongoing delivery |
| Technical & usage data | IP address, browser/device type, pages visited and similar analytics data, collected via cookies where you consent (see our Cookie Policy) |
We do not seek to collect special categories of personal data through this website. Please do not include sensitive personal data in enquiry messages.
Under Article 6 GDPR we rely on one or more of: your consent; the performance of a contract with you; compliance with a legal obligation; and our legitimate interests in operating and growing our business, where these are not overridden by your rights. Where we rely on consent, you may withdraw it at any time.
We share personal data only as necessary, with: service providers who help us run our business (acting as our processors under contract); professional advisers; and authorities where required by law. We do not sell your personal data. The categories of provider we currently rely on are:
We aim to keep personal data within the European Economic Area (EEA). Where a provider processes data outside the EEA, we put in place an appropriate safeguard — typically the European Commission’s Standard Contractual Clauses — and assess the transfer as required by GDPR.
We keep personal data only as long as needed for the purposes above: enquiry data for up to 24 months after our last interaction if we do not enter a business relationship; client records for the duration of the engagement and for the period required by law and our legitimate interests thereafter (for example, statutory accounting retention periods of up to six years under Irish tax law).
Subject to conditions in the GDPR, you have the right to: access your data; have it rectified or erased; restrict or object to processing; data portability; and to withdraw consent. To exercise any right, email info@nealphast.com. You also have the right to lodge a complaint with the Irish Data Protection Commission (dataprotection.ie).
We use appropriate technical and organisational measures — including encryption in transit, access controls and supplier due diligence — to protect personal data. More detail on our engineering and governance controls is on our Security & governance page.
We may update this policy from time to time; the “last updated” date above shows the current version. Questions or requests: info@nealphast.com.