Privacy Statement

1. Information We Collect

We collect various types of information in connection with our business operations and services. The categories of information we collect include:

Personal and Contact Information

• Name, title, and professional role
• Email address, phone number, and business address
• Company name and industry information
• Preferred communication methods

Business and Commercial Information

• Information about your business operations, systems, and processes
• Technical specifications and requirements
• Project objectives and business challenges
• Transaction and service history with Steelclutch Partners
• Correspondence and communications with our team

Technical and Usage Information

• Website usage data and analytics
• IP address, browser type, and device information
• Cookies and similar tracking technologies (see Section 8)
• System access logs when using our platforms or tools

Professional Information

• Professional background and expertise
• Business relationships and affiliations
• Information from business networking platforms (e.g., LinkedIn)

Project-Specific Information

• Data collected during consulting engagements
• Process documentation and workflows
• System integration requirements
• Performance metrics and analytics data

Sources of Information

We collect personal information directly from you and, in some cases, from third parties:

Direct Collection

Most of the information we collect comes directly from you when you:

• Contact us or request information about our services
• Engage us for consulting services
• Visit our website or use our tools
• Attend our events or participate in surveys
• Subscribe to our newsletters or communications

Third-Party Sources

We may also receive personal information from third parties, including:

• Publicly available sources (business websites, professional networking platforms like LinkedIn)
• Business partners and referral sources
• Service providers who assist us in our operations
• Your employer, if you are engaging with us on their behalf

When we collect information from third parties, we take steps to confirm that the data has been lawfully collected and that the third party is authorized to share it with us for our intended purposes.

2. How We Use Your Information

We use the information we collect for specific business purposes. The table below summarizes these purposes, the categories of personal data we use, the legal basis for processing, and who may have access to your information.

Purpose	Categories of Data	Legal Basis
Service Delivery To provide consulting services, including AI implementation, process optimization, automation solutions, and systems integration	Contact information, business information, technical specifications, project data, system access information	Contractual necessity and legitimate interests
Client Communication To respond to inquiries, provide project updates, and maintain ongoing client relationships	Name, email, phone, professional title, company information, correspondence records	Legitimate interests and contractual necessity
Business Operations To manage contracts, process payments, maintain records, and fulfill our business obligations	Contact details, company information, transaction history, contractual documentation	Contractual necessity and legal compliance
Service Improvement To analyze and improve our services, develop new offerings, and enhance client experiences	Usage data, feedback, project outcomes, performance metrics	Legitimate interests
Marketing and Communications To send newsletters, case studies, industry insights, and information about our services	Name, email address, company, job title, interests and preferences	Legitimate interests and consent (where required)
Website and Analytics To understand how our website is used, improve functionality, and ensure security	IP address, browser type, device information, pages visited, interaction data	Legitimate interests
Legal Compliance To comply with applicable laws, regulations, legal processes, and corporate reporting obligations	Data will depend upon specific legal requirement	Legal obligation
Security and Fraud Prevention To protect our systems, detect and prevent security threats, and maintain service integrity	Access logs, IP addresses, security event data, transaction information	Legitimate interests
Research and Analytics To conduct business analytics, market research, and industry benchmarking using deidentified data	Aggregated and deidentified business data, market trends, performance metrics	Legitimate interests

Data Access: Your personal information may be accessed by Steelclutch Partners personnel, our service providers, and in some cases, business partners who assist us in delivering services to you. All such parties are required to protect your information and use it only for authorized purposes.

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

Contractual Necessity

Processing is necessary to perform our consulting services and fulfill our contractual obligations to you or your organization.

Legitimate Interests

We process information based on our legitimate business interests, including:

• Operating and improving our business
• Maintaining client relationships
• Marketing our services to business contacts
• Protecting our systems and preventing fraud
• Conducting business analytics and research

Legal Compliance

Processing is necessary to comply with legal obligations, such as tax laws, regulatory requirements, and court orders.

Consent

Where required by law, we obtain your consent before processing certain types of information, particularly for marketing communications and the use of certain cookies.

4. What We Do NOT Do With Your Data

To build trust and maintain transparency, we want to be clear about what we do NOT do with your personal information:

We Do Not Sell Your Personal Information

Steelclutch Partners does not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not engage in data brokerage or similar activities.

We Do Not Use Deidentified Data to Reidentify You

When we transform personal data into deidentified or anonymized data, we commit to:

• Maintaining that data in deidentified form
• Not attempting to identify or reidentify specific individuals within a deidentified dataset
• Not using deidentified data to associate specific individuals with individual characteristics
• Requiring any third parties who receive deidentified data from us to maintain it in deidentified form

We Do Not Make Automated Decisions That Significantly Affect You

Steelclutch Partners does not use automated decision-making to make decisions that have legal impact on you or that significantly affect your rights and freedoms without human oversight. All automated processing activities are conducted with appropriate human supervision and review.

We Do Not Collect Data From Children

We do not knowingly collect or maintain personal information from individuals under the age of 18. Our services are designed for business and professional use only.

We Do Not Share Your Data Beyond What's Disclosed

We only share your information as explicitly described in Section 5 of this Privacy Notice. We do not engage in hidden data sharing or undisclosed transfers.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

Service Providers and Subcontractors

We may engage trusted third-party service providers to assist with our business operations, including:

• Cloud hosting and data storage providers
• Email and communication platforms
• Analytics and marketing tools
• Payment processors
• Professional advisors (legal, accounting, consulting)

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

Business Partners

With your consent, we may share information with technology partners, implementation partners, or other collaborators involved in delivering services to you.

Legal Requirements

We may disclose information when required by law, such as:

• In response to court orders, subpoenas, or other legal processes
• To comply with regulatory requirements
• To protect our legal rights and interests
• To prevent fraud or security threats

Business Transactions

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to confidentiality obligations.

6. Data Security

We take the security of your information seriously and implement appropriate technical and organizational measures to protect it, including:

Technical Safeguards

• Encryption of data in transit and at rest
• Secure access controls and authentication
• Regular security assessments and vulnerability testing
• Firewalls and intrusion detection systems
• Secure backup and disaster recovery procedures

Organizational Safeguards

• Confidentiality agreements with employees and contractors
• Access restrictions based on need-to-know principles
• Regular security training and awareness programs
• Incident response and breach notification procedures
• Third-party security audits and compliance reviews

While we strive to protect your information, no security measures are completely foolproof. We cannot guarantee absolute security, but we continuously work to maintain and improve our security practices in line with industry standards.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.

Retention Criteria

• Active Relationships: We retain information throughout the duration of our business relationship and for a reasonable period afterward to maintain records and provide support
• Legal Requirements: We retain certain information to comply with legal, accounting, and regulatory obligations (typically 7-10 years for business records)
• Legitimate Business Purposes: We may retain information for purposes such as resolving disputes, enforcing agreements, and maintaining business records

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention and destruction policies.

8. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information:

Access and Portability

• Request access to the personal information we hold about you
• Receive a copy of your information in a structured, commonly used format
• Request transmission of your data to another service provider

Correction and Deletion

• Request correction of inaccurate or incomplete information
• Request deletion of your information (subject to legal retention requirements)

Objection and Restriction

• Object to processing based on legitimate interests
• Request restriction of processing in certain circumstances
• Opt out of marketing communications at any time

Withdraw Consent

• Withdraw consent for processing based on consent (without affecting prior lawful processing)

Marketing Communications

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in our emails
• Contacting us directly at: unsubscribe@steelclutchpartners.com
• Updating your communication preferences through your account settings (if applicable)

California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information we have collected about you
• Right to know whether we sell or share your personal information (we do not)
• Right to request deletion of your personal information
• Right to opt out of the sale of personal information (not applicable as we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights
• Right to correct inaccurate personal information
• Right to limit the use of your sensitive personal information

We do not use or disclose sensitive personal information for purposes other than those specified in the CCPA regulations, and we do not sell personal information of minors under 16 years of age.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and understand how our site is used.

Types of Cookies We Use

Essential Cookies

These cookies are necessary for the website to function and cannot be disabled. They include authentication, security, and basic functionality cookies.

Analytics Cookies

We use analytics tools (such as Google Analytics) to understand how visitors use our website. This helps us improve our site and services. These cookies collect information such as pages visited, time spent on the site, and navigation paths.

Marketing Cookies

With your consent, we may use cookies to deliver relevant marketing content and measure the effectiveness of our campaigns.

Managing Cookie Preferences

You can manage your cookie preferences through:

• Your browser settings (most browsers allow you to refuse or accept cookies)
• Our cookie consent banner when you first visit our site
• Third-party opt-out tools for analytics and advertising cookies

Please note that disabling certain cookies may affect the functionality of our website.

10. International Data Transfers

Steelclutch Partners may transfer and process your information in countries other than your country of residence. When we transfer information internationally, we ensure appropriate safeguards are in place to protect your information, including:

• Standard contractual clauses approved by relevant authorities
• Adequacy decisions recognizing equivalent data protection standards
• Certification frameworks such as the EU-U.S. Data Privacy Framework (where applicable)
• Other legally approved transfer mechanisms

By using our services, you acknowledge that your information may be transferred to and processed in the United States or other countries where our service providers operate.

11. Third-Party Links and Services

Our website and communications may contain links to third-party websites, applications, or services. This Privacy Statement does not apply to those third-party services, and we are not responsible for their privacy practices.

We recommend reviewing the privacy policies of any third-party services you access through our site or communications. These may include:

• Social media platforms
• Professional networking sites
• Technology partners and integration platforms
• Industry resources and publications

12. Children's Privacy

Our services are designed for business and professional use. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

If you believe we have collected information from a minor, please contact us immediately using the information in Section 14.

13. AI and Automated Processing

As a consulting firm specializing in AI-driven business transformation, we may use artificial intelligence and automated processing in delivering our services and managing our operations.

How We Use AI

• Analyzing business processes and identifying optimization opportunities
• Generating insights and recommendations for our clients
• Automating routine tasks and workflows
• Enhancing data analysis and reporting capabilities

Your Rights Regarding Automated Decisions

Steelclutch Partners does not use automated decision-making to make decisions that have legal effects on you or similarly significantly affect you without appropriate human oversight. Where we use automated processing:

• All automated decisions are subject to human review and supervision
• You have the right to request human review of an automated decision
• You can express your point of view regarding the decision
• You can challenge the decision
• You can request an explanation of the logic involved

AI in Client Projects

When implementing AI solutions for clients, we follow privacy-by-design principles and ensure that:

• Data minimization practices are applied
• Appropriate consent and legal bases are established
• Transparency measures are implemented
• Human oversight mechanisms are maintained where appropriate

14. Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

• Update the "Effective Date" at the top of this statement
• Notify you via email or through our website (for significant changes)
• Provide a reasonable period for you to review the changes before they take effect

We encourage you to review this Privacy Statement periodically to stay informed about how we protect your information. Your continued use of our services after changes are posted constitutes your acceptance of the updated statement.