1. Our Commitment to Your Privacy

2. The Information We Collect

We collect and process the following data:

• Personal Identification Information: Name, email, phone number, and job title.
• Business Information: Data provided during Activation Audits, including process maps, tech-stack details, and documentation of operational friction.
• Technical Data: IP addresses and browsing behaviour via cookies.

3. Legal Basis for Processing

We process your data under the following legal bases:

• Contract: To deliver the services you have hired us for.
• Legitimate Interests: To conduct industry research into the "Activation Gap," improve our consulting frameworks, and engage in B2B networking.
• Legal Obligation: To meet tax or regulatory requirements.

4. How We Use Your Information

• Service Delivery: Managing the distinct needs of Nomad RevFlow (Vendors), Nomad ChangeFlow (Firms), and Nomad Video (Production).
• AI-Assisted Analysis: We use secure AI tools to transcribe and synthesise meeting notes during our Activation Audits. These tools are configured to ensure data is not used to train public models.
• Anonymised Benchmarking: We may aggregate data to create industry reports. No individual or firm will be identifiable in these reports.

5. Data Retention

We hold personal data for as long as necessary to provide our services. Typically, this is the duration of our engagement plus 6 years for legal and tax purposes. Raw video footage and meeting recordings from audits are retained for 12 months following project completion unless otherwise agreed in writing.

6. Data Sharing and Transfers

We do not sell your data. We share data only with:

• Subcontractors: Professional partners (e.g., specialist editors or analysts) bound by strict confidentiality.
• Software Providers: Tools such as our CRM, accounting software, and secure cloud storage.
• International Transfers: Some service providers process data outside the UK (e.g., Google Workspace). We ensure these transfers comply with UK GDPR via standard contractual clauses or the UK Extension to the EU-US Data Privacy Framework.

7. Your Rights

Under UK law, you have the right to access, correct, or delete your personal data. You may also object to processing or request data portability. To exercise these rights, contact leigh@nomadflow.co.uk.

8. Intellectual Property

This policy is limited to data privacy. Ownership of deliverables and the Activation Audit methodology is defined in your specific Statement of Work (SOW).

9. Contact Us

1. Scope of Processing

The Processor will handle data only to perform the services defined in the Statement of Work. This includes:

• Transcribing meeting recordings for audit analysis.
• Reviewing user onboarding journeys and CRM data snippets.
• Creating instructional or commercial video assets.

2. Use of Artificial Intelligence

The Processor uses AI tools (e.g., Google Gemini, Fathom, or Otter.ai) to assist in data synthesis. The Processor warrants that:

• All AI tools used are "Closed System" enterprise versions.
• Zero-Retention Policy: Data processed through these tools is not used by the provider to train foundational AI models.
• Input data is encrypted both in transit and at rest.

3. Sub-Processors

The Processor may engage third-party sub-processors (e.g., freelance video editors or junior analysts). All sub-processors are subject to written agreements providing the same level of data protection as set out in this Addendum.

4. Technical and Organisational Measures

The Processor maintains industry-standard security measures, including:

• Multi-Factor Authentication (MFA) on all business accounts.
• Encrypted cloud storage for all client deliverables.
• Regular deletion cycles for raw meeting footage.

5. Data Breach Notification

The Processor will notify the Client without undue delay (and within 48 hours) upon becoming aware of any personal data breach.

6. Termination

Upon termination of the services, the Processor will, at the Client's request, delete or return all personal data, except where retention is required by UK law.